CYBR271 Exam Questions with Correct Answers

CYBR271 Exam Questions with Correct Answers S.T.R.I.D.E - Answer--Spoofing -Tampering -Repudiation -Information disclosure -Denial of Service -Elevation of Privilege Cross-Site Scripting (XSS) - Answer-A client-side code injection attack where an attacker can execute malicious script in a users browser and uses a vulnerable website as a delivery mechanism to deliver the script. Two types of XSS - Answer--Non-Persistent (Reflected) XSS -Persistent (Stored) XSS Non-Persistent (Reflected) Cross-Site Scripting (XSS) - Answer-Malicious code is executed by the victims browser and isn't stored anywhere, but is returned as the response HTML that the server sends. The victim is tricked into sending the malicious code to the web application which is then reflected to the users browser where the XSS payload is executed. Persistent (Stored) Cross-Site Scripting (XSS) - Answer-The attacker sends malicious code as user input to the website which is stored on the web server for later use. This payload is served to the victim when they load the page which this code is injected into. Damage XSS can cause - Answer--Information disclosure/theft -Web defacing -Spoofing requests Two countermeasures of XSS - Answer--Filter approach -Encoding approach The filter approach, in terms of XSS countermeasures - Answer-A countermeasure in which certain tags and keywords like javascript are filtered out to prevent malicious code being executed