1_3_10 Section 1 – Attacks, Threats, and Vulnerabilities - 1.3 – Application Attacks - Other Application Attacks

Questions and Answers

What type of memory vulnerability often results in the system crashing or the application failing?

• Memory leak (correct)
• Stack overflow
• Buffer underflow
• Pointer arithmetic

What happens when an application continues to use more and more memory without releasing it back to the system?

• The application crashes (correct)
• The application becomes more secure
• The system allocates more memory
• The system becomes faster

What does a null pointer dereference cause an application to do?

• Crash (correct)
• Speed up
• Freeze
• Become more efficient

How can an attacker create a denial of service attack by exploiting memory vulnerabilities?

By causing a memory leak (D)

What happens when an application points to a null section of memory where no data exists?

It crashes (C)

Which action does not lead to memory exhaustion and system crash?

Memory deallocation (C)

What type of attack allows attackers to read from different parts of a server where they should not have access?

Directory traversal attack (D)

In an integer overflow attack, what happens when a large number is placed into a smaller section of memory?

The extra space overflows into another area of memory (B)

Why should application developers avoid storing information into smaller areas of memory?

To prevent memory overflows (B)

What is a common way attackers manipulate memory to cause a denial of service?

Overflowing memory buffers (A)

What potential danger might arise if error messages provide excessive system information?

Security risk for attackers (B)

How can directory traversal attacks impact a server's security?

Allow unauthorized access to server areas (A)

Why do attackers find integer overflows advantageous in manipulating systems?

To gain an advantage in system manipulation (C)

How might misconfigurations on web servers lead to security vulnerabilities?

By providing unauthorized access to server files (D)

What is the main concern with showing excessive information in error messages?

Providing attackers with system details (D)

What could happen if a large number is placed into a smaller memory section during an integer overflow?

The extra data spills over into other memory areas (A)

What type of attack is considered when an attacker manipulates the application programming interface of an application?

API attack (D)

What may happen if very specific input is entered into a field in an application?

Access to an entire database (D)

What is a zip bomb?

A compressed file that drastically increases in size when uncompressed (D)

In what scenario might DHCP starvation occur?

When flooding a network with IP address requests (A)

What is the goal of a denial of service attack?

To render a service or application inaccessible (B)

What role do application developers play in relation to user input?

Ensuring input is not malicious or compromising system security (C)

How can an attacker cause a denial of service through API manipulation?

By overwhelming the application's resources (B)

What is the main concern for application developers regarding user input?

Ensuring input integrity and preventing system vulnerabilities (A)

What makes a zip bomb particularly dangerous?

It expands to an extremely large file size when uncompressed (B)

What impact would a zip bomb have on a traditional computer?

Quickly consume all available storage space (C)

What type of attack occurs when an attacker sends many Mac addresses to flood a network with IP address requests?

Resource exhaustion (B)

How does an API-based application typically differ from a traditional browser-based application in terms of communication with the server?

API apps send many API requests to the server, while browser apps mainly use GET commands. (A)

What security risk arises from an attacker successfully manipulating an application's programming interface?

Denial of service (B)

How can a zip bomb be described based on the provided information?

A small file with large decompression size (D)

What makes a DHCP starvation attack particularly effective in using up IP addresses?

Sending multiple Mac addresses to make it seem like many devices are requesting IPs (C)

What is the primary concern for application developers regarding data input by users?

Preventing malicious input that could bypass security measures (A)

In what scenario might an error message revealing excessive system information pose a security risk?

Providing detailed system logs to users (C)

What distinguishes resource exhaustion as a denial of service attack from other types of attacks?

'DHCP starvations' depleting available resources (A)

How could an attacker exploit a null pointer dereference vulnerability to disrupt an application?

'Null pointer dereference' causing a system crash (B)

How does a network-based resource exhaustion attack differ from resource exhaustion on a single device?

It affects multiple systems by flooding network resources unlike single device attacks. (C)

What is a common technique used by attackers to manipulate memory in order to cause a denial of service?

Integer overflow (A)

Why should application developers avoid storing information into smaller sections of memory?

To prevent integer overflow vulnerabilities (A)

What vulnerability might allow attackers to browse outside the scope of a web server's file system?

Directory traversal attack (A)

What type of attack occurs when a large number is placed into a smaller section of memory, resulting in the overflow of data into unintended areas?

Integer overflow (B)

How might misconfigurations on web servers lead to security vulnerabilities?

By facilitating directory traversal attacks (C)

What danger arises from error messages displaying excessive system information?

Revealing underlying system details to attackers (B)

What happens if an attacker successfully performs a directory traversal attack on a web server?

Access to unauthorized server areas is granted (C)

How do attackers manipulate memory to facilitate a denial of service?

Triggering an overflow of data in memory (C)

What is the main concern associated with the display of excessive information in error messages?

Revealing too much system information (D)

What potential threat do integer overflows pose to systems?

Cause system instability and denial of service (B)

What type of memory vulnerability results in the system crashing or the application failing?

Memory leak (B)

What could an attacker achieve by causing a memory leak in an application?

Cause a denial of service (B)

What is the term used when an application points to a null section of memory where no data exists?

Null pointer dereference (C)

Which scenario might lead to a denial of service attack by exploiting memory vulnerabilities?

Memory exhaustion through a leak (B)

What could happen if an attacker makes an application point to a null memory section?

Cause the application to crash (D)

In what way does a memory leak differ from normal memory usage in applications?

Memory is never returned to the system (D)

Flashcards are hidden until you start studying