Question 1 of 6
An attacker enters
admin' -- into a login form's username field with any value in the password field. How does this input bypass authentication?Question 2 of 6
An attacker attempts a buffer overflow but supplies random data without knowing the target application's memory layout. What is the most likely outcome?
Question 3 of 6
CVE-2023-29336 is a vulnerability in the Win32k kernel driver. An attacker who already has a low-privilege user shell on an affected machine exploits it. What does this exploitation achieve?
Question 4 of 6
A web application processes fund transfers. A logged-in user clicks a link in a phishing email; the link causes their browser to silently submit a transfer to the attacker's account. The server processes it as legitimate. Which defense would have most directly prevented this outcome?
Question 5 of 6
A web server access log contains the entry:
GET /view.php?page=../../../etc/passwd HTTP/1.1" 200. What does this entry indicate?Question 6 of 6
Why do parameterized queries prevent SQL injection architecturally, while input escaping and WAF filters are only considered secondary controls?
Matching β Application Attack Types
Match each term on the left to its correct description on the right.
1. SQL Injection
2. Buffer Overflow
3. CSRF
4. Directory Traversal