1. One way to verify if a system is attacked by a brute-force attack is to periodically check the log files.

1. True
2. False

2. Content spoofing tactics often include which of the following?

1. Spam e-mail links
2. Forum links
3. Chatroom links
4. Aand C only
5. All of the above

1. How do XSS attacks differ from CSRE attacks?
2. Which of the following attacks involve the use of CR and LF characters? (Select two.)

1. HTTP request smuggling
2. HTTP response smuggling
3. HTTP request splitting
4. HTTP response splitting

5. A common path traversal attack uses which syntax sequence to attempt to locate restricted areas on a server?

A. --/

B.*.*

C. CR

D. LF

6. During a session fixation attack, in which ways can an attacker obtain a valid session identifier? (Select three.)

1. Prediction
2. Capture
3. Fixation
4. Spoofing.

7.Which attack allows the attacker to access, read, delete, and modify information held within a database and even take control of the server

on which the database is operating?

8.Which of the following are actual XML-related attacks? (Select two.)

1. XML attribute blowup
2. XML internal entities
3. XML entity expression
4. XML injection

9. Which of the following are Web site weaknesses discussed in this chapter?

(Select three.)

1. OS commanding
2. Improper file system permissions
3. Insufficient authentication
4. Fingerprinting
5. Server misconfiguration

10. Applications hardening is the process of securing applications in use on a network.

1. True
2. False

11. To avoid improper input handling, which approaches can you use when handling user input? (Select three.)

1. Stripping
2. Sanitization
3. Rejecting known bad input
4. Accepting only known good input

12. Which of the following is a strategy for reducing the risk of data leakage?

1. Sanitization
2. Strong firewall controls
3. Authorization
4. Encryption