What is a fundamental cause of CSRF vulnerability?

Browser's inability to distinguish request origins

What is the role of a security classification label in Mandatory Access Control (MAC)?

To assign permissions to objects

To enable owner-based permissions

What type of XSS attack involves the direct storage of malicious data on a target server?

Cross-Site Request Forgery (CSRF)

What happens if the secret token in a request is invalid?

The request is denied by the server

The request is flagged for manual review

The session is immediately terminated

The user is logged out of their account

What is the primary disadvantage of Discretionary Access Control (DAC)?

Risk of accidental misconfiguration by owners

What is the primary function of the Address Resolution Protocol (ARP)?

To discover the link layer (MAC) address given an IP address

To encrypt network packets for secure communication

To establish a TCP connection between devices

To determine the latency between two network nodes

What is the purpose of disabling CSRF countermeasures in the Elgg application for this lab?

To allow successful CSRF attacks for demonstration

To evaluate secure implementation

To simplify server-side operations

To test cross-site authentication

What is the purpose of cookies in web applications?

Storing user preferences and session information

Transferring files between servers

What is a common outcome of an XSS attack?

Execution of server-side scripts

What type of attack involves spoofing ARP messages?

MITM (Man-In-The-Middle) attack

What is the primary focus of access control?

Preventing unauthorized access to resources

Which command is used to drop all incoming packets matching a rule in iptables?

iptables -t filter -A INPUT <rule> -j DROP

iptables -t filter -A INPUT <rule> -j ACCEPT

iptables -t filter -A OUTPUT <rule> -j DROP

iptables -t nat -A INPUT <rule> -j DROP

What happens when ARP cache poisoning occurs?

MAC addresses are mapped incorrectly

The network interface disconnects

What is the primary difference between CSRF and XSS attacks?

CSRF attacks exploit the trust a site has in a user's browser, while XSS attacks exploit the trust a user has in a site.

CSRF attacks are executed on the server-side, whereas XSS attacks are executed on the client-side.

CSRF attacks require user interaction, while XSS attacks do not.

CSRF targets session tokens, while XSS targets cookies.

What role does JavaScript play in forging POST requests?

It enables form submissions automatically without user action

It encrypts the requests sent to the server

It verifies the server's responses

It blocks malicious content from being executed

What is the purpose of a gratuitous ARP packet?

To update outdated information in all ARP caches on the network

To encrypt data during transmission

To request a MAC address from a target device

To establish a secure connection between two hosts

What is the primary disadvantage of Role-Based Access Control (RBAC)?

Limited flexibility for dynamic access requirements

Complexity in management and implementation

Vulnerability to insider threats

Over-reliance on user roles for permissions

What is the primary purpose of the ARP cache?

To store resolved MAC addresses for reuse

What is the primary role of the Network Interface Card (NIC)?

To provide a link between a computer and the network

Which of the following best describes the function of the `elgg.security.token` variables in a web application?

To dynamically assign CSRF tokens in JavaScript

To execute server-side authentication

To validate user sessions on third-party sites

What is the risk of using the Referer header for CSRF prevention?

It can be easily modified by attackers

It is not included in all HTTP requests

Which of the following is an example of Role-Based Access Control (RBAC)?

Permissions assigned based on a job function

A user explicitly allowing access to a file

Firewall rules blocking traffic

Labeling files with security levels

What is the purpose of the `-m conntrack` option in `iptables`?

To track packet connection states

What is the primary advantage of using SameSite cookies for web security?

They prevent cross-site request forgery attacks

They allow cookies to be sent with all requests

What is the main function of ARP in a computer network?

To discover the link layer (MAC) address given an IP address

To encrypt network packets for secure communication

To establish a TCP connection between devices

To determine the latency between two network nodes

What is the primary disadvantage of Mandatory Access Control (MAC)?

It can be overly restrictive and limit user flexibility

It is easier to implement than other access control models

It provides more freedom for users to set their own permissions

It requires less administrative overhead than DAC

SNS_Final

Quiz

•

Computers

•

University

•

Practice Problem

•

Medium

nguye phong

Used 1+ times

FREE Resource

Enhancing webpage aesthetics

Blocking advertisements

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

200 questions

Foundations of Computational Science test 01

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

20 questions

CompTIA Network+ - Ports and Protocols

Quiz

•

University

SNS_Final

200 questions

What does HTTP stand for?

Which technology enables full-duplex communication between browser and server?

What is the main difference between GET and POST requests?

What is the purpose of the Same-Origin Policy?

What is the primary purpose of a secret token in CSRF defense?

What is the primary purpose of the SameSite cookie property?

What is the main function of cookies in web applications?

What does CORS stand for?

What is a fundamental cause of CSRF vulnerability?

What technique is used to embed JavaScript securely into a webpage?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers