CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
Comptia Pentest+ 2023 Questions and answer - Part 35
1. According to the URL explained in above question, what is the attacker-s possible intention with the second URL, as per the preceding scenario?
A) Creation of a new user on the underlying host having the username Steve and read-only access to the /tmp directory
B) Creation of a new user on the system-s database having administrative privileges under the username Steve
C) Creation of a new web app account having the username Attacker and administrative privileges
D) Creation of a new web app account having the username Steve and read-only permission
2. According to the preceding scenario, what are the vulnerabilities or attacks that have been chained together leading to the creation of the attacker-s account? (Choose two)(Select 2answers)
A) Code Injection
B) CSRF
C) Directory Traversal
D) Insecure Direct Object Reference
3. When computing system is forced to perform two or more operations simultaneously, it is called _____________.
A) A Back-end Service
B) Race Condition
C) File Inclusion
D) Session Fixation
4. From the following, which intrusion takes the advantage of programming errors or design flaws granting the attacker elevated access to the network?
A) Code Injection
B) Privilege Escalation
C) Unsecure SUDO
D) Cross-site Request Forgery
5. Which one of the following is not an anonymizer for mobile?
A) Orbot
B) Psiphon
C) Net Shed
D) Open Door
A) Creation of a new user on the underlying host having the username Steve and read-only access to the /tmp directory
B) Creation of a new user on the system-s database having administrative privileges under the username Steve
C) Creation of a new web app account having the username Attacker and administrative privileges
D) Creation of a new web app account having the username Steve and read-only permission
2. According to the preceding scenario, what are the vulnerabilities or attacks that have been chained together leading to the creation of the attacker-s account? (Choose two)(Select 2answers)
A) Code Injection
B) CSRF
C) Directory Traversal
D) Insecure Direct Object Reference
3. When computing system is forced to perform two or more operations simultaneously, it is called _____________.
A) A Back-end Service
B) Race Condition
C) File Inclusion
D) Session Fixation
4. From the following, which intrusion takes the advantage of programming errors or design flaws granting the attacker elevated access to the network?
A) Code Injection
B) Privilege Escalation
C) Unsecure SUDO
D) Cross-site Request Forgery
5. Which one of the following is not an anonymizer for mobile?
A) Orbot
B) Psiphon
C) Net Shed
D) Open Door
1. Right Answer: C
Explanation: Account creation, the name Steve, and a context of read-only is specifically referenced in the URL. The creation of a new web application for a user named Steve with read-only permissions is the most likely intended purpose of this URL among the given options.
2. Right Answer: B,D
Explanation: According to the differences between the first link and its suspected functions; the maliciously created link and the likely goals of a malicious attacker, a new web app account with the username -Attacker and administrative privileges are intended to be created by an attacker-crafted link.
3. Right Answer: B
Explanation: An example of insecure direct object reference is the URL manipulation vulnerability and to trick an authorized user into executing unintended operations by the use of a maliciously crafted URL sent in a phishing campaign is an example of CSRF (Cross-Site Request Forgery).
4. Right Answer: B
Explanation: Computing system is forced to perform two or more operations simultaneously; this condition is called race condition as the system was designed to handle tasks in a specific sequence.
5. Right Answer: C
Explanation: Privilege Escalation is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
Explanation: Account creation, the name Steve, and a context of read-only is specifically referenced in the URL. The creation of a new web application for a user named Steve with read-only permissions is the most likely intended purpose of this URL among the given options.
2. Right Answer: B,D
Explanation: According to the differences between the first link and its suspected functions; the maliciously created link and the likely goals of a malicious attacker, a new web app account with the username -Attacker and administrative privileges are intended to be created by an attacker-crafted link.
3. Right Answer: B
Explanation: An example of insecure direct object reference is the URL manipulation vulnerability and to trick an authorized user into executing unintended operations by the use of a maliciously crafted URL sent in a phishing campaign is an example of CSRF (Cross-Site Request Forgery).
4. Right Answer: B
Explanation: Computing system is forced to perform two or more operations simultaneously; this condition is called race condition as the system was designed to handle tasks in a specific sequence.
5. Right Answer: C
Explanation: Privilege Escalation is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications.
Tags:
comptia it exams it certification exams it certifications 2023 comptia exam comptia certification comptia questions comptia a+ comptia exam prep comptia 2023 compti prep materials comptia practice exams questions and answers practice tests test question test comptia a+ comptia a+ 1001 comptioa a+ 1002 comptia casp comptia cloud comptia cysa comptia it fundamentals comptia linux comptia network+ comptia security+ linux essentials0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment