Chapter 3 Application and Network Attacks
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| Programs that provide additional functionality to Web browsers. | Add-ons
🗑
|
||||
| Part of the TCP/IP protocol for determining the MAC address based on the IP address. | Address Resolution Protocol (ARP)
🗑
|
||||
| An attack that corrupts the ARP cache. | ARP poisoning
🗑
|
||||
| Files that are coupled to e-mail messages. | Attachments
🗑
|
||||
| An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. | Buffer overflow
🗑
|
||||
| An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data. | Client-side attack
🗑
|
||||
| A file on a local computer in which a server stores user-specific information. | Cookie
🗑
|
||||
| Injecting and executing commands to execute on a server. | Command injection
🗑
|
||||
| An attack that injects scripts into a Web application server to direct attacks at clients. | Cross-site scripting (XSS)
🗑
|
||||
| An attack that attempts to prevent a system from performing its normal functions. | Denial of service (DoS)
🗑
|
||||
| An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories. | Directory traversal
🗑
|
||||
| An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests. | Distributed denial of service (DDoS)
🗑
|
||||
| An attack that substitutes DNS addresses so that the computer is automatically redirected to another device. | DNS poisoning
🗑
|
||||
| A hierarchical name system for matching computer names and numbers. | Domain Name System (DNS)
🗑
|
||||
| A cookie that is created from the Web site that currently is being viewed. | First-party cookie
🗑
|
||||
| A cookie named after the Adobe Flash player. Also known as local shared objects (LSOs). | Flash cookie
🗑
|
||||
| A list of the mappings of names to computer numbers. | Host table
🗑
|
||||
| Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted. | HTTP header
🗑
|
||||
| Modifying HTTP headers to create an attack. | HTTP header manipulation
🗑
|
||||
| A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes. | Persistent cookie (tracking cookie)
🗑
|
||||
| A utility that sends an ICMP echo request message to a host. | Ping
🗑
|
||||
| An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets. | Ping flood
🗑
|
||||
| An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining. | Privilege escalation
🗑
|
||||
| An attack that makes a copy of the transmission before sending it to the recipient. | Replay
🗑
|
||||
| A cookie that is only used when a browser is visiting a server using a secure connection. | Secure cookie
🗑
|
||||
| A cookie that is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting a Web site. | Session cookie
🗑
|
||||
| An attack in which an attacker attempts to impersonate the user by using his session token. | Session hijacking
🗑
|
||||
| A form of verification used when accessing a secure Web application. | Session token
🗑
|
||||
| An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target. | Smurf attack
🗑
|
||||
| Impersonating another computer or device. | Spoofing
🗑
|
||||
| An attack that targets SQL servers by injecting commands to be manipulated by the database. | SQL injection
🗑
|
||||
| An attack that takes advantage of the procedures for initiating a TCP session. | SYN flood attack
🗑
|
||||
| A cookie that was created by a third party that is different from the primary Web site. | Third-party cookies
🗑
|
||||
| An attack involving using a third party to gain access rights. | Transitive access
🗑
|
||||
| A markup language that is designed to carry data instead of indicating how to display it. | XML (Extensible Markup Language)
🗑
|
||||
| An attack that injects XML tags and data into a database. | XML injection
🗑
|
||||
| Attacks that exploit previously unknown vulnerabilities, so victims have no time to prepare or defend against the attacks. | Zero day attacks
🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
1592245141
Popular Computers sets