186 Chapter 8 ■ Software Development Security (Domain 8)
- What type of attack is demonstrated in the following C programming language example?
int myarray[10];
myarray[10] = 8;
A. Mismatched data types
B. Overflow
C. SQL injection
D. Covert channel - Which one of the following database issues occurs when one transaction writes a value to the
database that overwrites a value that was needed by transactions with earlier precedence?
A. Dirty read
B. Incorrect summary
C. Lost update
D. SQL injection - Which one of the following is the most effective control against session hijacking attacks?
A. TLS
B. Complex session cookies
C. SSL
D. Expiring cookies frequently - Faith is looking at the /etc/passwd file on a system configured to use shadowed passwords.
When she examines a line in the file for a user with interactive login permissions, what
should she expect to see in the password field?
A. Plaintext password
B. Hashed password
C. x
D. * - What type of vulnerability does a TOCTOU attack target?
A. Lack of input validation
B. Race condition
C. Injection flaw
D. Lack of encryption - While evaluating a potential security incident, Harry comes across a log entry from a web
server request showing that a user entered the following input into a form field:
CARROT’&1=1;--
What type of attack was attempted?
A. Buffer overflow
B. Cross-site scripting