Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CompTIA Security+ Review Questions and Answers - Network Security Fundamentals Chapter 05, Exams of Computer Security

The answers to various review questions related to comptia security+ network security fundamentals chapter 05. Topics covered include man-in-the-middle (mitb) attacks, dns poisoning, privilege escalation, web application attacks, sql injection, and various types of security risks associated with extensions, plug-ins, and add-ons. The document also clarifies the differences between dos and ddos attacks, xss and xdd attacks, and various types of attacks such as url hijacking, malvertising, and session tokens.

Typology: Exams

2023/2024

Available from 03/24/2024

star_score_grades
star_score_grades 🇺🇸

3.6

(19)

1.7K documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CompTIA Security+ Guide to Network
Security Fundamentals - Chapter 05 –
Review Question and Answers
Which attack intercepts communications between a web browser and the underlying
computer? - Answer>>MITB
Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she
would need to protect? - Answer>>Host table and external DNS server
Newton is concerned that attackers could be exploiting a vulnerability in software to gain access
to resources that the user normally would be restricted from accessing. What type of attack is
he worried about? - Answer>>Privilege escalation
Which of the following adds new functionality to the web browser so that users can play music,
view videos, or display special graphical images within the browser?
Extensions
Scripts
Plug-ins
Add-ons - Answer>>Plug-ins
An attacker who manipulates the maximum size of an integer type would be performing what
kind of attack? - Answer>>Integer overflow
What kind of attack is performed by an attacker who takes advantage of the inadvertent and
unauthorized access built through three succeeding systems that all trust one another? -
Answer>>Privilege escalation
pf3

Partial preview of the text

Download CompTIA Security+ Review Questions and Answers - Network Security Fundamentals Chapter 05 and more Exams Computer Security in PDF only on Docsity!

CompTIA Security+ Guide to Network

Security Fundamentals - Chapter 05 –

Review Question and Answers

Which attack intercepts communications between a web browser and the underlying computer? - Answer>>MITB Olivia was asked to protect the system from a DNS poisoning attack. What are the locations she would need to protect? - Answer>>Host table and external DNS server Newton is concerned that attackers could be exploiting a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. What type of attack is he worried about? - Answer>>Privilege escalation Which of the following adds new functionality to the web browser so that users can play music, view videos, or display special graphical images within the browser? Extensions Scripts Plug-ins Add-ons - Answer>>Plug-ins An attacker who manipulates the maximum size of an integer type would be performing what kind of attack? - Answer>>Integer overflow What kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another? - Answer>>Privilege escalation

Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks? · The complex nature of TCP/IP allows for too many ping sweeps to be blocked. · Web application attacks use web browsers that cannot be controlled on a local computer. · Network security devices cannot prevent attacks from web resources. · Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks. - Answer>>Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of web application attacks. What is the difference between a DoS and a DDoS attack? - Answer>>DoS attacks use fewer computers than DDoS attacks John was explaining about an attack that accepts user input without validating it and uses that input in a response. What type of attack was he describing? - Answer>>XSS Which attack uses the user's web browser settings to impersonate that user? - Answer>>XDD What is the basis of an SQL injection attack? - Answer>>To insert SQL statements through unfiltered user input Which action cannot be performed through a successful SQL injection attack? · Discover the names of different fields in a table · Reformat the web application server's hard drive · Display a list of customer telephone numbers · Erase a database table - Answer>>Reformat the web application server's hard drive