CMIT312 - Week 4 Quiz

Which of the following functions can used to defend against buffer overflows? (Select all that apply.)

A vulnerability in older versions of Internet Explorer is that the _________URL handler provides redirects for URLs.

What protective steps are recommended if you use Safari's AutoFill feature to auto-fill certain types of forms?

In a(n) ________________ attack, malicious code is stored permanently in a target server.

This tool automatically scans a computer, looking for cookies created by Internet Explorer, Mozilla Firefox, and Netscape Navigator, and then displays the data stored in each cookie. It can also delete, back up, and restore cookies.

After data is input via HTTP or SSL, it is evaluated by some server-side logic and, if the credentials are valid, a __________________ is given to the client to be reused on subsequent visits.

This vulnerability, discovered in Opera 9.23 and fixed in a later version of Opera, can cause arbitrary code to be executed.

__________________ attacks allow the attacker to bypass authentication, query or manipulate data in a database, and execute the attack from the web browser address bar, from the application fields, or through queries and searches.

A ________________ password attack uses every possible combination of letters, numbers, and symbols to attempt to guess a password.

In this type of attack, the attacker exploits a web application to send malicious JavaScript code to end users.

__________________ authentication should not be considered for any particularly rigorous definition of secure. Although the password is stored on the server in encrypted format, it is passed from the client to the server in plain text across the network.

enabled, allows remembering passwords in Firefox?

Which of the following components, when

In Internet Explorer, where can users manage cookies for specific sites?

Digest authentication is considered an improvement over ________________ because it does not transmit passwords in clear text.

Which of the following controls allows the user to disable Run ActiveX controls and plug-ins in Internet Explorer?

In a(n) ________________ attack, the attacker specifies that the TCP Push control flag is set, forcing every packet into the web server’s memory, causing the attack to be delivered piece by piece, and avoiding detection.

This type of attack takes advantage of a web application's reliance on hidden or fixed fields, such as a hidden tag in a form or a parameter in a URL.

__________________ is the most common method used on the Internet to authenticate a message sender or encrypt a message.

_____________________ is called manipulating query strings, but any data (like cookies and form fields) should be considered. When a user makes selections on an HTML page, they are typically stored as form-field values and sent to the application as an HTTP request (GET or POST). Despite GUI selections, users can choose to send whatever parameter values they choose by constructing a URL request string of their choosing.

Most web browsers will cache __________________ credentials and automatically send them to all pages in the realm, whether or not SSL is used.

Week 4 Quiz