CompTIA Security+ 2.3 Threats, Attacks, and Vulnerabilities – Vulnerabilities

Posted by:

|

On:

|

Vulnerabilities

1 / 25

Which vulnerability occurs when an application fails to properly validate file uploads, potentially allowing malicious files to be stored and executed on the server?

2 / 25

Which vulnerability occurs when an application uses components with known vulnerabilities?

3 / 25

Which vulnerability occurs when an application uses weak or predictable pseudo-random number generators for security-critical operations?

4 / 25

Which of the following describes a vulnerability where sensitive data is transmitted or stored without proper encryption?

5 / 25

Which of the following describes a vulnerability where an attacker can manipulate serialized objects to perform malicious actions?

6 / 25

Which of the following describes a vulnerability where an attacker can make a server-side application make unintended requests to other systems?

7 / 25

Which vulnerability occurs when an application allows user-supplied input to be executed as part of a command or query?

8 / 25

Which vulnerability occurs when an application fails to properly implement security controls for mobile devices, potentially exposing sensitive data or functionality?

9 / 25

Which vulnerability occurs when an application fails to properly handle errors, potentially revealing sensitive information to attackers?

10 / 25

Which vulnerability occurs when an application fails to properly implement or enforce the Same-Origin Policy, potentially allowing unauthorized access to sensitive data?

11 / 25

What type of vulnerability occurs when a program writes data beyond the bounds of allocated memory?

12 / 25

Which vulnerability occurs when an application processes XML input without properly validating against malicious content?

13 / 25

Which vulnerability occurs when an application fails to properly implement security controls, leaving it open to various attacks?

14 / 25

Which of the following vulnerabilities allows an attacker to execute arbitrary SQL commands on a database through application input?

15 / 25

Which vulnerability occurs when an application incorrectly validates or fails to validate input data?

16 / 25

Which vulnerability occurs when an application uses weak or easily guessable session identifiers?

17 / 25

Which vulnerability occurs when an application fails to properly implement authentication mechanisms, allowing attackers to compromise passwords, keys, or session tokens?

18 / 25

Which vulnerability occurs when an application fails to properly implement time-of-check to time-of-use (TOCTOU) protections, potentially allowing race conditions?

19 / 25

Which vulnerability occurs when an application includes remote content into a web page without proper validation?

20 / 25

Which vulnerability occurs when an application uses weak or outdated cryptographic algorithms, potentially exposing sensitive data?

21 / 25

Which vulnerability allows an attacker to access files and directories stored outside the web root folder?

22 / 25

Which vulnerability occurs when an application fails to properly validate SSL/TLS certificates, potentially allowing man-in-the-middle attacks?

23 / 25

Which of the following vulnerabilities allows an attacker to trick a user into performing an unintended action on a trusted website?

24 / 25

Which vulnerability occurs when an application allows users to access or manipulate objects directly by reference?

25 / 25

Which vulnerability occurs when an application fails to properly restrict access to resources based on the user’s role or privileges?

Your score is

Exit