CYBR271 Exam Questions with Correct Answers

CYBR271 Exam Questions with Correct Answers S.T.R.I.D.E - Answer--Spoofing -Tampering -Repudiation -Information disclosure -Denial of Service -Elevation of Privilege Cross-Site Scripting (XSS) - Answer-A client-side code injection attack where an attacker can execute malicious script in a users browser and uses a vulnerable website as a delivery mechanism to deliver the script. Two types of XSS - Answer--Non-Persistent (Reflected) XSS -Persistent (Stored) XSS Non-Persistent (Reflected) Cross-Site Scripting (XSS) - Answer-Malicious code is executed by the victims browser and isn't stored anywhere, but is returned as the response HTML that the server sends. The victim is tricked into sending the malicious code to the web application which is then reflected to the users browser where the XSS payload is executed. Persistent (Stored) Cross-Site Scripting (XSS) - Answer-The attacker sends malicious code as user input to the website which is stored on the web server for later use. This payload is served to the victim when they load the page which this code is injected into. Damage XSS can cause - Answer--Information disclosure/theft -Web defacing -Spoofing requests Two countermeasures of XSS - Answer--Filter approach -Encoding approach The filter approach, in terms of XSS countermeasures - Answer-A countermeasure in which certain tags and keywords like javascript are filtered out to prevent malicious code being executed The encoding approach, in terms of XSS countermeasures - Answer-A countermeasure in which common symbols used in scripts are encoded when they're stored. For example, '' is encoded to '&lt'. This effectively removes the ability for scripts to run but doesn't change the way that users view the data. Penetration testing - Answer-Finding vulnerabilities that an attacker could exploit Security testing - Answer-Evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls. (OWASP) Buffer-Overflow attack - Answer-An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. The 5 steps for generating variations of the the same attack - Answer-Decompose Application Identify the component interfaces Rank the component interfaces Ascertain the data structures used by interfaces Build Tests