Exam SY0-501 All QuestionsBrowse all questions from this exam
Go to Exam
Question 794

DRAG DROP -

An attack has occurred against a company.

INSTRUCTIONS -

You have been tasked to do the following:

Identify the type of attack that is occurring on the network by clicking on the attacker's tablet and reviewing the output. (Answer Area 1)

Identify which compensating controls should be implemented on the assets, in order to reduce the effectiveness of future attacks by dragging them to the correct server. (Answer area 2)

All objects will be used, but not all placeholders may be filled. Objects may only be used once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Select and Place:

    Correct Answer:

Discussion
that_guy

Answers in Area 2 seem good to me. But I am not sure about Answer in Area 1 while we only have info of user, cookie-id and login-time From CompTIA StudentGuide SQL INJECTION/XML INJECTION As the name suggests, an SQL injection attack attempts to insert an SQL query as part of user input. The attack can either exploit poor input validation or unpatched vulnerabilities in the database application. If successful, this could allow the attacker to extract or insert information into the database or execute arbitrary code on the remote system using the same privileges as the database application. XML injection is fundamentally the same thing but targeted against web services using XML data formats, rather than SQL So I think Session Hijacking/XSS is more relating to the situation than SQL INJECTION/XML INJECTION.

that_guy

Checking further: https://support.google.com/campaignmanager/answer/2839090?hl=en Cookies are tiny text files that are stored on a user's browser. Most cookies contain a unique identifier called a cookie ID: a string of characters that websites and servers associate with the browser on which the cookie is stored. This allows websites and servers to distinguish the browser from other browsers that store different cookies, and to recognize each browser by its unique cookie ID.

that_guy

Session hijacking is an attack where a user session is taken over by an attacker. A session starts when you log into a service, for example your banking application, and ends when you log out. The attack relies on the attacker’s knowledge of your session cookie, so it is also called cookie hijacking or cookie side-jacking. Attackers have many options for session hijacking, depending on the attack vector and the attacker's position. The first broad category are attacks focused on intercepting cookies: - Cross-site scripting (XSS): This is probably the most dangerous and widespread method of web session hijacking. By exploiting server or application vulnerabilities, attackers can inject client-side scripts (typically JavaScript) into web pages, causing your browser to execute arbitrary code when it loads a compromised page. If the server doesn't set the HttpOnly attribute in session cookies, injected scripts can gain access to your session key, providing attackers with the necessary information for session hijacking.

that_guy

So attacker may use XSS for session hijacking which make the answer acceptable ? (true to be told, I am trying to fit answer with the situation for the test, cant make this kind of conclusion in real case)

Awawa

I just passed my exam few minutes ago. This qu. came. All i can say is this is an awesome site! I had about 10mins to review this Qu. here before starting the exam but i got so much clarity that im happy that i did. Great work guys!

AbdullahMohammad251

The scenario above is more aligned with session highjacking than Cross-site scripting. Session hijacking (stealing) can be done in many methods including XSS, man-in-the-middle attack, and packet sniffing. The question didn't specify a malicious code was injected into the site and then sent to the victim so we can't say it's a cross-site attack. A web server is protected by a WAF (web application firewall) - A database is protected by record-level access control (which restricts access to records in a database to certain users) - Application Source Code is hardened using code review and input validation to ensure the code is well-written and complies with code standards and best practices. - CRM server contains sensitive information that would negatively impact the organization if it gets compromised this includes customer data, communication history, credit card information, contracts, etc. We can protect this information from being compromised by implementing URL filtering to restrict staff from accessing malicious websites.

AbdullahMohammad251

Revisiting the question: URL filtering should be implemented on the web server. We are leaving the CRM server with none of the above objects.

AbdullahMohammad251

Final answer: Session hijacking CRM server ----> none of the above (BLANK) Database----> Record-level access control (to control access to individual records) Web server ---> URL filtering (to prevent the web server from accessing malicious websites) & WAF (to inspect incoming and outgoing HTTP traffic) App source code -----> input validation (to prevent injection attacks) & Code review (following best practices to protect against vulnerabilities)

DW05

Can somebody post the PBQs please!

madaraamaterasu

The answers seem correct