Edit

Common attack targets — Quiz

Common attack targets

1. A penetration tester finds a web application that allows them to access another user's account by manipulating a URL parameter like ?user_id=123 to ?user_id=124. This is most directly an example of which modern vulnerability category? (Choose one answer) a) Security Misconfiguration b) Insecure Direct Object References c) Buffer Overflow d) Missing Encryption

2. Which framework is primarily used to classify the root cause or type of a software vulnerability (e.g., the specific flaw in the code)? (Choose one answer) a) OWASP Top 10 b) Common Weakness Enumeration (CWE) c) Common Vulnerabilities and Exposures (CVE) d) MITRE ATT&CK

3. During an assessment, a penetration tester uses a scanner that identifies an unpatched version of Apache Struts on a server. The scanner reports a specific identifier like "CVE-2017-5638". This identifier is most useful to the tester because it: (Choose one answer) a) Describes the general attack pattern for all web application flaws b) Points to a known, specific vulnerability in a specific product for potential exploitation c) Provides a high-level list of the most critical web application risks d) Classifies the underlying programming error that caused the flaw

4. A penetration tester uses the Hydra tool in a security assessment. What is the primary function of this tool in the context of the vulnerability toolkit? (Choose one answer) a) Exploitation: Brute-forcing credentials b) Detection: Scanning for open ports c) Mitigation: Enforcing password policies d) Detection: Analyzing source code for flaws

5. The National Vulnerability Database (NVD) adds critical information to raw CVE records that is essential for vulnerability prioritization. What is the most important enrichment it provides for this purpose? (Choose one answer) a) Links to marketing pages for the affected vendor b) Common Vulnerability Scoring System (CVSS) severity scores c) A list of unrelated historical vulnerabilities d) The physical location of vulnerable servers

PreviousKernel flaws and buffer overflowsNextSetting up a cybersecurity lab

Last updated