CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. The screenshot collection of discovered vulnerabilities is one of the easiest methods used in order to facilitate or provide for ______
A) Lessons to be learned from the engagement
B) Normalization of data from a penetration test
C) Positive attestation of findings
D) Client acceptance of findings
2. From the following, at which attack can the vulnerability exist either in the web application code or the web server software itself?
A) Directory Traversal
B) Remote File Inclusion
C) Redirects
D) Privilege Escalation
3. The list of users or groups authorized to access, execute or modify particular files on the server and for the other access rights is called?
A) Cookie Manipulation
B) Access Control Lists
C) Document Object Model
D) Privilege Escalation
4. Which one of the following is a software development practice of embedding data directly into the source code of a program or other executable objects?
A) Error Handling
B) Hard Coding
C) Heap Spraying
D) Stack Smashing
5. In a written penetration test report, which component is meant to provide a high-level overview of finding without getting too wrapped up in the technical details?
A) Methodology
B) Executive Summary
C) Conclusion
D) Ratings of Risk
A) Lessons to be learned from the engagement
B) Normalization of data from a penetration test
C) Positive attestation of findings
D) Client acceptance of findings
2. From the following, at which attack can the vulnerability exist either in the web application code or the web server software itself?
A) Directory Traversal
B) Remote File Inclusion
C) Redirects
D) Privilege Escalation
3. The list of users or groups authorized to access, execute or modify particular files on the server and for the other access rights is called?
A) Cookie Manipulation
B) Access Control Lists
C) Document Object Model
D) Privilege Escalation
4. Which one of the following is a software development practice of embedding data directly into the source code of a program or other executable objects?
A) Error Handling
B) Hard Coding
C) Heap Spraying
D) Stack Smashing
5. In a written penetration test report, which component is meant to provide a high-level overview of finding without getting too wrapped up in the technical details?
A) Methodology
B) Executive Summary
C) Conclusion
D) Ratings of Risk
1. Right Answer: C
Explanation: The use of shared local administrator credentials and passwords being stored in plaintext makes lateral movement easier for adversaries, obfuscating their activities and leading to conflicts regarding who is responsible for actions under a given username. These findings are best mitigated, respectively, by the use of local account password randomization and by the encryption of passwords when they are at rest and in transit.
2. Right Answer: A
Explanation: Screenshots provide evidence that can grossly simplify the matter of providing attestation of findings discovered during the course of a penetration test. Providing an affidavit or other document having the discovered findings is one thing, but hard evidence always speaks louder than words.
3. Right Answer: B
Explanation: Directory traversal is an HTTP attack in which the access of restricted directories is allowed, and the commands are executed outside the root directory of the web server-s commands. This vulnerability can exist either in the web application code or the web server software itself.
4. Right Answer: B
Explanation: Web server-s administrator uses access control list of users or groups authorized to access, execute or modify particular files on the server and for the other access rights.
5. Right Answer: B
Explanation: Hard coding is the software development practice of embedding data directly into the source code of a program or other executable object, as opposed to obtaining the data from external sources or generating it at run-time.
Explanation: The use of shared local administrator credentials and passwords being stored in plaintext makes lateral movement easier for adversaries, obfuscating their activities and leading to conflicts regarding who is responsible for actions under a given username. These findings are best mitigated, respectively, by the use of local account password randomization and by the encryption of passwords when they are at rest and in transit.
2. Right Answer: A
Explanation: Screenshots provide evidence that can grossly simplify the matter of providing attestation of findings discovered during the course of a penetration test. Providing an affidavit or other document having the discovered findings is one thing, but hard evidence always speaks louder than words.
3. Right Answer: B
Explanation: Directory traversal is an HTTP attack in which the access of restricted directories is allowed, and the commands are executed outside the root directory of the web server-s commands. This vulnerability can exist either in the web application code or the web server software itself.
4. Right Answer: B
Explanation: Web server-s administrator uses access control list of users or groups authorized to access, execute or modify particular files on the server and for the other access rights.
5. Right Answer: B
Explanation: Hard coding is the software development practice of embedding data directly into the source code of a program or other executable object, as opposed to obtaining the data from external sources or generating it at run-time.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
