SecQuiz -04

SYN flood

ICMP flood

Reflection attack

DNS poisoning

Bandwidth limitations

The DNS lookup process

Vulnerable/Open TCP connections

Authentication protocols

Deny-lists

Stateful inspection

Allow-lists

Protocol matching

To enhance server-side security

To allow cross-origin resource sharing

To isolate documents from different origins

To encrypt JavaScript files

Secure

Expires

HttpOnly

Domain

Reflected XSS requires user input; Persistent XSS does not

Persistent XSS is more dangerous than Reflected XSS

Persistent XSS stores payloads on the server; Reflected XSS does not

Reflected XSS cannot steal cookies, but Persistent XSS can

It blocks all JavaScript execution

It prevents loading of untrusted scripts

It sanitizes user inputs

It replaces the Same-Origin Policy

They exploit user session cookies

They require the user to click malicious links

They always involve JavaScript payloads

They manipulate the browser cache

Referrer headers are not sent in POST requests

Attackers can forge referrer headers

Browsers may strip referrer headers

It cannot validate HTTPS requests

It prevents loading of inline scripts

It disables nonce-based scripts

It allows trusted scripts to create other scripts

It allows only HTTPS requests