Which of the following types of attacks can be done by either convincing the users to click on an HTML page the attacker has constructed or insert arbitrary HTML in a target website that the users visit?
a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. Input validation error
Answer: B
The key element to understanding XSRF is that attackers are betting that users have a validated login cookie for the website already stored in their browsers. All they need to do is get the browsers to make a request to the website on their behalf. This can be done by either convincing the users to click on an HTML page the attacker has constructed or inserting arbitrary HTML in a target website that the users visit. Answer A is incorrect because a buffer overflow is a direct result of poor or incorrect input validation or mishandled exceptions. Answer C is incorrect because Cross-Site Scripting (XSS) vulnerabilities can be used to hijack the user's session or to cause the user accessing malware-tainted Site A to unknowingly attack Site B on behalf of the attacker who planted code on Site A. Answer D is incorrect because input validation errors are a result of improper field checking in the code.
Learn More :
Threats and Vulnerabilities
- Which of the following types of attacks is executed by placing malicious executable code on a website?
- Which of the following is an attack in which the end user executes unwanted actions on a web application while he is currently authenticated?
- Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?
- A user has downloaded trial software and subsequently downloads a key generator in order to unlock the trial software. The user's antivirus detection software now alerts the user that the system is infected. Which one of the following best describes the type of malware infecting the system?
- _______ describes the potential that a weakness in hardware, software, process, or people will be identified and taken advantage of.
- A collection of compromised computers running software installed by a Trojan horse or a worm is referred to as which of the following?
- You're the administrator for a large bottling company. At the end of each month, you routinely view all logs and look for discrepancies. This month, your email system error log reports a large number of unsuccessful attempts to log on. It's apparent that the email server is being targeted. Which type of attack is most likely occurring?
- You're working late one night, and you notice that the hard disk on your new computer is very active even though you aren't doing anything on the computer and it isn't connected to the Internet. What is the most likely suspect?
- A user reports that he is receiving an error indicating that his TCP/IP address is already in use when he turns on his computer. A static IP address has been assigned to this user's computer, and you're certain this address was not inadvertently assigned to another computer. Which type of attack is most likely underway?
- Your system log files report an ongoing attempt to gain access to a single account. This attempt has been unsuccessful to this point. What type of attack are you most likely experiencing?
- Internal users are reporting repeated attempts to infect their systems as reported to them by pop-up messages from their virus-scanning software. According to the pop-up messages, the virus seems to be the same in every case. What is the most likely culprit?
- Your system has been acting strangely since you downloaded a file from a colleague. Upon examining your antivirus software, you notice that the virus definition file is missing. Which type of virus probably infected your system?
- A mobile user calls you from the road and informs you that his laptop is exhibiting erratic behavior. He reports that there were no problems until he downloaded a tic-tac-toe program from a site that he had never visited before. Which of the following terms describes a program that enters a system disguised in another program?
- What kind of virus could attach itself to the boot sector of your disk to avoid detection and report false information about file sizes?
- You're explaining the basics of security to upper management in an attempt to obtain an increase in the networking budget. One of the members of the management team mentions that they've heard of a threat from a virus that attempts to mask itself by hiding code from antivirus software. What type of virus is he referring to?
- Your system has just stopped responding to keyboard commands. You noticed that this occurred when a spreadsheet was open and you dialed in to the Internet. Which kind of attack has probably occurred?
- Which type of attack denies authorized users access to network resources?
- A user calls you in a panic. He is receiving emails from people indicating that he is inadvertently sending viruses to them. Over 200 such emails have arrived today. Which type of attack has most likely occurred?
- A smurf attack attempts to use a broadcast ping on a network; the return address of the ping may be a valid system in your network. Which protocol does a smurf attack use to conduct the attack?
- A server on your network will no longer accept connections using TCP. The server indicates that it has exceeded its session limit. Which type of attack is probably occurring?
- A junior administrator comes to you in a panic. After looking at the log files, he has become convinced that an attacker is attempting to use an IP address to replace another system in the network to gain access. Which type of attack is this?
- You've discovered that an expired certificate is being used repeatedly to gain logon privileges. Which type of attack is this most likely to be?
- An administrator at a sister company calls to report a new threat that is making the rounds. According to him, the latest danger is an attack that attempts to intervene in a communications session by inserting a computer between the two systems that are communicating. Which of the following types of attacks does this constitute?
- An alert signals you that a server in your network has a program running on it that bypasses authorization. Which type of attack has occurred?