Security Concepts
Question 1
Explanation
Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message.
Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on.
For example the code below is written in hex:
<a href=javascript:alert('XSS')>Click Here</a>
is equivalent to:
<a href=javascript:alert('XSS')>Click Here</a>
Note: In the format “&#xhhhh“, hhhh is the code point in hexadecimal form.
Question 2
Question 4
Explanation
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine.
Question 5
Question 6
Explanation
Ping of Death (PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.
A correctly-formed ping packet is typically 56 bytes in size, or 64 bytes when the ICMP header is considered, and 84 including Internet Protocol version 4 header. However, any IPv4 packet (including pings) may be as large as 65,535 bytes. Some computer systems were never designed to properly handle a ping packet larger than the maximum packet size because it violates the Internet Protocol documented
Like other large but well-formed packets, a ping of death is fragmented into groups of 8 octets before transmission. However, when the target computer reassembles the malformed packet, a buffer overflow can occur, causing a system crash and potentially allowing the injection of malicious code.
Question 7
Explanation
Understand how your framework prevents XSS and where it has gaps. There will be times where you need to do something outside the protection provided by your framework. This is where Output Encoding and HTML Sanitization are critical -> Answer B is correct.
For XSS attacks to be successful, an attacker needs to insert and execute malicious content in a webpage. Each variable in a web application needs to be protected. Ensuring that all variables go through validation and are then escaped or sanitized is known as perfect injection resistance. Any variable that does not go through this process is a potential weakness. Frameworks make it easy to ensure variables are correctly validated and escaped or sanitised.
However, frameworks aren’t perfect and security gaps still exist in popular frameworks like React and Angular. Output Encoding and HTML Sanitization help address those gaps -> Answer D is correct.
Question 8
Explanation
In deceptive phishing, fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.
Spear phishing is carefully designed to get a single recipient to respond. Criminals select an individual target within an organization, using social media and other public information – and craft a fake email tailored for that person.
Question 9
Explanation
A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.
Buffer overflow is a vulnerability in low level codes of C and C++. An attacker can cause the program to crash, make data corrupt, steal some private information or run his/her own code. It basically means to access any buffer outside of it’s alloted memory space. This happens quite frequently in the case of arrays.
Question 10
Explanation
TAXII (Trusted Automated Exchange of Indicator Information) is a standard that provides a transport mechanism (data exchange) of cyber threat intelligence information in STIX (Structured Threat Information eXpression) format. In other words, TAXII servers can be used to author and exchange STIX documents among participants.
STIX (Structured Threat Information eXpression) is a standardized language which has been developed in a collaborative way in order to represent structured information about cyber threats. It has been developed so it can be shared, stored, and otherwise used in a consistent manner that facilitates automation and human assisted analysis.
Question 11
Explanation
The Trusted Automated eXchangeof Indicator Information (TAXII) specifies mechanisms for exchanging structured cyber threat information between parties over the network.
TAXII exists to provide specific capabilities to those interested in sharing structured cyber threat information. TAXII Capabilities are the highest level at which TAXII actions can be described. There are three capabilities that this version of TAXII supports: push messaging, pull messaging, and discovery.
Discovery does, however, allow for the automated exchange of information about which TAXII Capabilities a Producer might support and the technical mechanisms they employ in doing so -> Therefore the best alternative word for “Discovery” is “Exchange”.
Reference: https://docs.oasis-open.org/cti/taxii/v1.1.1/taxii-v1.1.1-part1-overview.html
whare are these questions please any one who can tell me
@micheale questions are in the premium part
All the questions available on premium part
i dont understand please i need help
@micheale you have to buy the premium mermbership to see the questions.
Anonymous…………….i cant get dollar to buy the premium membership …please can you help me by sharing these questions please ………
Where can I find the questions of these explanations?
Can anyone share them with me?
Hey guys, who has the latest dump, planning to take the SCOR Cert by the end of this month
you guys think that this questions will help me to pass the sec+ test? and why?
is there a lab in this exam ?
please how do i get the question
You have to pay for the premium membership to get access to questions. It’s only $19 geez!
Q11. Which two capabilities does TAXII support? (Choose two)
I suggest Pull and Exchange are the two best answers.
TAXII is kind of like client server or a publish and subscribe model to exchange the CTI cyber threat Information that the STIX file contains. If there is binding it seems to be in the Stix because it combines the vulnerability and the attack vector. Bind is to secure 2 things together like an IP address to an interface.
My 2 cents ~cheers
Q8 is A and B¿?
agree with @Amammal A and B seems like the best answers.
@ michealeSeptember 4th, 2020
1. If you can’t afford to pay the $19.99 for Premium, then how in the world can you pay $400 for the test?
2.If you don’t know how to purchase the premium at the top of the page ” i dont understand please i need help” then their is no way you will be able to pass the test, unless someone else takes it for you.
Just sayin’ man.
Hi GUYS please can someone help for study materials at nasadotconnoratGMail.CoM
can some one please advice how to sign up and pay for premium membership ?
Can some ple please help me how do pay to become premium member, i am not seeing option in my system.
I would like to subscribe and prepare for 350-701 exam
Q11. Which two capabilities does TAXII support? (Choose two)
Pull and Exchange should be the answer.
I don’t know how and why binding should be the answer, please share with me if binding is mentioned in any documentation.
Definition – TAXII (Trusted Automated Exchange of Indicator Information) is a standard that provides a transport mechanism (data exchange)..
@PleaseFixThisQuestion: Yes, thanks for your detection, we updated Q11!
Where is the self-study/tutorial materials for 350-701?
Would someone pls with premium access mail me the questions: i s d r a m#l i v e.c o m
So when it will be stable to give the exams again?
Would someone pls email the new questions to jhthello at hotmail dot com? Thanks
can anyone tell me if it is better to go for the SCORE exam or the two Concentration exams in order to recertificate my CCNP ?
Why is it A and B and not Band D
Utilize Libraries and Sanitization Engines for better HTML Hygiene
For apps that utilize markup, libraries are available that can parse and clean HTML formatted text. Create an HTML sanitization engine that validates untrusted HTML input.
https://spanning.com/blog/cross-site-scripting-web-based-application-security-part-3/
for Q2
Here the answer is A. While in a book for ( Todd Lammle) the answer is C which I think the correct answer.
I hope the site admin can confirm
Hi,
Does anyone have an updated testing.
Thank !
What about Q3?
Hi guys,
Do you know where I can find similar website for Citrix?
thank you,
For Q3 isn’t E correct?
Block SQL code execution in the web application database login
In Q7, I think it should be B & D.
@AB @Q3
The correct answer for Q-3 is AB
https://en.wikipedia.org/wiki/SQL_injection
@PP @Admin
Q-7 ABD all three are correct but BD suits better
Passed the exam recently, only have one new question “what is not a server based application” did not remember the options, the rest of everything is from here, and 4 DnD are all available here.
Premium is only for SCOR, did not see anything for Concentration exams
Where is the questions for this page? I only see the answers.
HI,
i can’t finde the number of questions.
can someone please tell me How many questions are in dump ?
Which two behavioral patterns characterize a ping of death attack? (Choose two)
A. The attack is fragmented into groups of 16 octets before transmission.
B. The attack is fragmented into groups of 8 octets before transmission.
C. Short synchronized bursts of traffic are used to disrupt TCP connections.
D. Malformed packets are used to crash systems.
E. Publicly accessible DNS servers are typically used to execute the attack
Which two preventive measures are used to control cross-site scripting? (Choose two)
A. Enable client-side scripts on a per-domain basis.
B. Incorporate contextual output encoding/escaping.
C. Disable cookie inspection in the HTML inspection engine.
D. Run untrusted HTML input through an HTML sanitization engine.
E. Same Site cookie attribute should not be used.