Review Questions 307
- XSS is typically targeted toward which of the following?
A. Web applications
B. E-mail clients
C. Web browsers
D. Users- A man-in-the-browser attack is typically enabled by using which mechanism?
A. Virus
B. Worms
C. Logic bombs
D. Trojans- A man-in-the-middle attack is an attack where the attacking party does which of the
following?
A. Infects the client system
B. Infects the server system
C. Insert themselves into an active session
D. Insert themselves into a web application - A session hijack can happen with which of the following?
A. Networks and applications
B. Networks and physical devices
C. Browsers and applications
D. Cookies and devices- A session hijack can be initiated from all of the following except which one?
A. E-mails
B. Browsers
C. Web applications
D. Cookies and devices- Session hijacking can do all of the following except which one?
A. Take over an authenticated session
B. Be used to steal cookies
C. Take over a session
D. Place a cookie on a server