ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 66 discussion

Actual exam question from CompTIA's PT0-001
Question #: 66
Topic #: 1
[All PT0-001 Questions]

HOTSPOT -
Instructions:
Given the following attack signatures, determine the attack type, and then identify the associated remediation to prevent the attack in the future.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
You are a security analyst tasked with hardening a web server.
You have been given a list of HTTP payloads that were flagged as malicious.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
by mar7865p123 at May 4, 2021, 3:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mar7865p123
Highly Voted 4 years, 2 months ago
there are incorrect answers here I think the right answers is: 1. DOM XSS - Input Sanitization (<> ...) 2. Sql Injection Stacked - Parameterized Queries 3. Reflected XSS - Input sanitization (<> ...) 4. Local File Inclusion - sandbox req 5. Command Injection - sandbox req 6. SQLi union - paramtrized queries 7. SQLi error - paramtrized queries 8. Remote File Inclusion - sandbox 9. Command Injection - input saniti $ 10. URL redirect - prevent external calls
upvoted 16 times
tester27
4 years ago
i think 5 is command injection - input san (last) because of the apostrophe
upvoted 1 times
...
miabe
2 years, 12 months ago
found this useful: https://pediaa.com/what-is-the-difference-between-dom-based-xss-and-reflected-xss/
upvoted 1 times
...
...
versun
Highly Voted 4 years ago
The correct answer is: 1. Reflected XSS - Input sanitization (<> ...) 2. Sql Injection Stacked - Parameterized Queries 3. DOM XSS - Input Sanitization (<> ...) 4. Local File Inclusion - sandbox req 5. Command Injection - sandbox req 6. SQLi union - paramtrized queries 7. SQLi error - paramtrized queries 8. Remote File Inclusion - sandbox 9. Command Injection - input saniti $ 10. URL redirect - prevent external calls
upvoted 13 times
smalltech
3 years, 11 months ago
i think this is the right order
upvoted 1 times
...
versun
4 years ago
I checked all
upvoted 1 times
versun
4 years ago
DOM-based Cross Site Scripting https://owasp.org/www-community/attacks/DOM_Based_XSS https://portswigger.net/web-security/cross-site-scripting/dom-based
upvoted 1 times
...
versun
4 years ago
Command Injection https://owasp.org/www-community/attacks/Command_Injection
upvoted 1 times
...
versun
4 years ago
SQL Injection https://medium.com/@hninja049/example-of-a-error-based-sql-injection-dce72530271c https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ https://perspectiverisk.com/mssql-practical-injection-cheat-sheet/ https://owasp.org/www-community/attacks/Blind_SQL_Injection https://portswigger.net/web-security/sql-injection/cheat-sheet https://portswigger.net/web-security/sql-injection/blind
upvoted 1 times
...
...
x0hmei
4 years ago
Wrong check the comptia material it clearly says it's the other
upvoted 2 times
versun
4 years ago
Hi, Could you give some ref?
upvoted 2 times
...
versun
4 years ago
about 1 and 3. Thanks
upvoted 2 times
...
...
Cock
3 years, 4 months ago
I agree with you. The first one should be reflected XSS.
upvoted 1 times
...
...
bieecop
Most Recent 1 year, 7 months ago
1. #inner-tab" Reflected Cross Site Scripting Input Sanitization ", ', <, :, >, - 2. item=widge;waitfor SQL Injection (Stacked) Parameterized Queries 3. item=widget%20union SQL Injection (Union) Parameterized Queries 4. search=Bob DOM-based Cross Site Scripting Input Sanitization ", ', <, :, >, - 5. widget'+conver SQL Injection (Error) Parameterized Queries 6. www.exe'ping Command Injection Input Sanitization ", ', <, :, >, - 7. malicious-site URL Redirect Prevent External calls 8. fetc%2fpasswd Local File Inclusion Input Sanitization ..., \ ,/ , sandbox requests 9.lookup Command Injection Input Sanitization ; :, $,{,}(,), 10. logFile=http Remote File Inclusion Input Sanitization ..., \ ,/ , sandbox requests
upvoted 1 times
...
bieecop
1 year, 7 months ago
1. Reflected Cross Site Scripting Input Sanitization ", ', <, :, >, - 2. SQL Injection (Stacked) Parameterized Queries 3. SQL Injection (Union) Parameterized Queries 4. DOM-based Cross Site Scripting Input Sanitization ", ', <, :, >, - 5. SQL Injection (Error) Parameterized Queries 6. Command Injection Input Sanitization ", ', <, :, >, - 7. URL Redirect Prevent External calls 8. Local File Inclusion Input Sanitization ..., \ ,/ , sandbox requests 9. Command Injection Input Sanitization ; :, $,{,}(,), 10. logFile=http Remote File Inclusion Input Sanitization ..., \ ,/ , sandbox requests
upvoted 1 times
...
Cock
3 years, 4 months ago
It was on the exam
upvoted 5 times
...
lmaoidk123
3 years, 8 months ago
This exact question was on the exam!
upvoted 1 times
DrChats
3 years, 7 months ago
did u pass
upvoted 1 times
...
...
Moytra
3 years, 8 months ago
For SQL injection the BEST remediation will always be parameterized Queries . For command injection it will be input sanitization for XSS it will always be input sanitization with <,> due to the nature of XSS commands that involve <>. SO redir=http:%2f%2fwww.malicious-site.com this is a URL redirect and the remediation is preventing external calls 100% Sure. On this lookup=$(whoami) this is command injection and the remediation is input sanitization ",$,(.),(.). The one with the $. 100% sure on this one too item=widget'+ convert(int, @@version)+' This is SQL injection error based the error comes from the converting of the integer in the brackets which forces an error. As you know INT is a type for data in SQL . As i said for SQL the BEST solution is parameterized queries. 100% sure on this. You can type the command in google and it will show up as an example , took a lot of google searching but it's there. item=widget%20union ........ The union is a dead giveaway so, SQL injection (union) Remediation is Parameterized Queries
upvoted 3 times
...
cvMikazuki
3 years, 8 months ago
ikot versun. tp yg 1 ngan 3 tu teka je DOM. Cohort 1-2021
upvoted 1 times
...
DrChats
4 years ago
1. DOM - Input Sanitization (last) 2. Sql Injection Stacked - Parameterized Queries 3. Reflected - Input sanitization(last) 4. LFI - sandbox req 5. CI - sandbox req 6. union - para query 7. SQL error - param que 8. RFI - sandbox 9. CI - input saniti $ 10. URL redirect - prevent external calls
upvoted 2 times
versun
3 years, 11 months ago
1 and 3 are wrong. You can search DVWA lab. It's have DOM and Reflected XSS demo
upvoted 1 times
...
...
DrChats
4 years ago
x0hmei , so wot da heck is right order,
upvoted 1 times
...
DrChats
4 years ago
Anyone sure of the RIGHT order, im LOST
upvoted 1 times
...
x0hmei
4 years ago
no half those are wrong
upvoted 1 times
bintionn
3 years, 10 months ago
you commented wrong but you didn't give the solution? Like seriously
upvoted 1 times
...
DrChats
4 years ago
if half r wrong, wheres your right order
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel