Review Questions
1. Entering Password::blah’ or 1=1- into a web form in order to get a password is an
example of what type of attack?
A. Buffer overflow
B. Heap-based overflow
C. Stack-based overflow
D. SQL injection
2. Replacing NOP instructions with other code in a buffer overflow mutation serves what
purpose?
A. Bypassing an IDS
B. Overwriting the return pointer
C. Advancing the return pointer
D. Bypassing a firewall
3. Which of the following is used to store dynamically allocated variables?
A. Heap overflow
B. Stack overflow
C. Heap
D. Stack
4. What is the first step in a SQL injection attack?
A. Enter arbitrary commands at a user prompt.
B. Locate a user input field on a web page.
C. Locate the return pointer.
D. Enter a series of NOP instructions.
5. What command is used to retrieve information from a SQL database?
A. INSERT
B. GET
C. SET
D. SELECT
6. Which of the following is a countermeasure for buffer overflows?
A. Not using single quotes
B. Securing all login pages with SSL
C. Bounds checking
D. User validation
7. What does NOP stand for?
A. No Operation
B. Network Operation Protocol
C. No Once Prompt
D. Network Operation
8. What information does a hacker need to launch a buffer overflow attack?
A. A hacker needs to be familiar with the memory address space and techniques of buffer
overflows in order to launch a buffer overflow attack.
B. A hacker needs to understand the differences between heaps and stacks.
C. A hacker must be able to identify a target vulnerable to a buffer overflow attack.
D. A hacker must be able to perform a port scan looking for vulnerable memory stacks.
9. Why are many programs vulnerable to SQL injection and buffer overflow attacks?
A. The programs are written quickly and use poor programming techniques.
B. These are inherent flaws in any program.
C. The users have not applied the correct service packs.
D. The programmers are using the wrong programming language.
10. Which command would a hacker enter in a web form field to obtain a directory listing?
A. Blah’;exec master..xp_cmdshell “dir *.*”--
B. Blah’;exec_cmdshell “dir c:\*.* /s >c:\directory.txt”--
C. Blah’;exec master..xp_cmdshell “dir c:\*.* /s >c:\directory.txt”--
D. Blah’;exec cmdshell “dir c:\*.* “--
11. What are two types of buffer overflow attacks?
A. Heap and stack
B. Heap and overflow
C. Stack and memory allocation
D. Injection and heap
12. Variables that are gathered from a user input field in a web application for later execution
by the web application are known as .
A. Delayed execution
B. Dynamic strings
C. Static variables
D. Automatic functions
13. What is one purpose of SQL injection attacks?
A. To create heap-based buffer overflows
B. To create stack-based buffer overflows
C. To perform NOP execution
D. To identify vulnerable parameters
14. Which application will help identify whether a website is vulnerable to SQL injection
attacks?
A. BlackWidow
B. Metasploit
C. Scrawlr
D. SQL Block
15. A countermeasure to buffer overflows is to use the programming language
because it is not susceptible to buffer overflow attacks.
A. Java
B. Netscape
C. Oracle
D. ASP
16. You are a programmer analyzing the code of an application running on your organization’s
servers. There are an excessive number of fgets () commands. These are C++ functions
that do not perform bounds checking. What kind of attack is this program susceptible to?
A. Buffer overflow
B. Denial of service
C. SQL injection
D. Password cracking
17. Which of the following are countermeasures to SQL injection attacks? (Choose two.)
A. Rejecting known bad input
B. Sanitizing and validating input field
C. Performing user validation
D. Ensuring all user input is a variable
18. An ethical hacker is performing a penetration test on a web application. The hacker finds
a user input field on a web form and enters a single quotation mark. The website responds
with a server error. What does the error indicate?
A. The web application is susceptible to SQL injection attacks.
B. The web application is not susceptible to SQL injection attacks.
C. The server is experiencing a denial of service.
D. The web application has crashed.
19. SQL statements that vary from execution to execution are known as ______________
strings.
A. Variable
B. Dynamic
C. Application-based
D. Static
20. When is a No Operation (NOP) instruction added to a string?
A. After the malicious code is executed
B. Before the malicious code is executed
C. At exactly the same time the malicious code is executed
D. During the time the malicious code is executed
Answers to Review Questions
1. D. Use of a single quote indicates a SQL injection attack.
2. A. The purpose of mutating a buffer overflow by replacing NOP instructions is to bypass an IDS.
3. C. A heap is using to store dynamic variables.
4. B. The first step in a SQL injection attack is to locate a user input field on a web page using
a web browser.
5. D. The command to retrieve information from a SQL database is SELECT.
6. C. Performing bounds checking is a countermeasure for buffer overflow attacks.
7. A. NOP is an acronym for No Operation.
8. C. All a hacker needs to be able to do to launch a buffer overflow attack is to identify a
target system. A hacker can run a prewritten exploit to launch a buffer overflow.
9. A. Programs can be exploited because they’re written quickly and poorly.
10. C. The command Blah’;exec master..xp_cmdshell “dir c:\*.* /s >c:\directory
.txt”-- obtains a directory listing utilizing SQL injection.
11. A. Heap and stack are the two types of buffer overflows.
12. B. Dynamic strings are user input fields stored for later execution by the application.
13. D. One purpose of attacking a SQL database–based application is to identify user input
parameters susceptible to SQL injection attacks.
14. C. HP’s Scrawlr will scan a web URL to determine if the site is vulnerable to SQL injection
attacks.
15. A. A recommended countermeasure to buffer overflow attacks is to use Java-based applica-
tions, which are not susceptible to buffer overflow attacks.
16. A. Applications that do not perform bounds checking on user input fields are susceptible to
buffer overflow attacks.
17. A, B. Rejecting known bad input and sanitizing and validating user input prior to sending
the command to the SQL database is a countermeasure to SQL injection attacks.
18. A. A server error in response to a single quotation mark in a web application user input
field indicates the application is not sanitizing the user data and is therefore susceptible to
SQL injection attacks.
19. B. Dynamic strings are built on the fly from user input and will vary each time the command
is executed.
20. B. A NOP instruction is added to a string just before the malicious code is to be executed.