New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CFA-001 Exam - Topic 1 Question 74 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 74
Topic #: 1
[All CFA-001 Questions]

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.

Identify the attack referred.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Louvenia at Dec 12, 2023, 01:11 PM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Talia
3 months ago
Wow, I didn't know it could be that easy to access sensitive files!
upvoted 0 times
...
Ulysses
3 months ago
I thought file injection was more common, but this makes sense.
upvoted 0 times
...
Alberto
3 months ago
Wait, are we sure it's not SQL Injection?
upvoted 0 times
...
Lorean
4 months ago
Agreed, those dot-dot-slash sequences are a giveaway!
upvoted 0 times
...
Kendra
4 months ago
That's definitely a directory traversal attack.
upvoted 0 times
...
Myra
4 months ago
I’m a bit confused. I thought SQL injection was more about manipulating database queries, but I guess there could be some overlap? Still, directory traversal feels more accurate here.
upvoted 0 times
...
Rodrigo
4 months ago
I recall something similar from our last practice exam. Directory traversal was definitely mentioned there, so I’m leaning towards that being the correct answer.
upvoted 0 times
...
Sang
4 months ago
I'm not entirely sure, but I feel like it could also relate to file injection. We did some practice questions on that, but this one seems more specific.
upvoted 0 times
...
Dahlia
5 months ago
I think this is about directory traversal, right? I remember studying how attackers use those dot-dot-slash sequences to access restricted files.
upvoted 0 times
...
Evan
5 months ago
I've seen this type of attack before. The key is the "../" sequence in the URL, which allows an attacker to access files outside the intended directory. Definitely going with directory traversal for this one.
upvoted 0 times
...
Lanie
5 months ago
I'm a bit unsure about this one. The question mentions file manipulation, but the options include SQL injection and XSS as well. I'll need to think this through carefully before selecting an answer.
upvoted 0 times
...
Maile
5 months ago
Okay, this one seems straightforward. The URL structure with the "../" suggests a directory traversal attack, so I'll go with option A.
upvoted 0 times
...
Louisa
5 months ago
Hmm, the question mentions "dot-dot-slash" sequences, so I'm pretty sure the answer is directory traversal. I just need to double-check the options to be sure.
upvoted 0 times
...
Kayleigh
5 months ago
This looks like a classic directory traversal attack. I'll carefully analyze the URL structure and look for the "../" sequences to identify the correct answer.
upvoted 0 times
...
Basilia
5 months ago
Okay, I think I've got a strategy here. I'd first look for any employees who are being paid more than their approved wages, then check the entrance logs to see if there are any employees who are being paid but not showing up to work.
upvoted 0 times
...
Rozella
5 months ago
Okay, I remember learning about cgroups in my Linux class. I believe they do provide a way to limit a container's access to CPU, memory, and other host resources. I'll mark that as the answer.
upvoted 0 times
...
Lashanda
9 months ago
Wow, someone really needs to clean up their URL. '/etc/passwd'? That's just asking for trouble!
upvoted 0 times
Vonda
8 months ago
B) SQL Injection
upvoted 0 times
...
Dong
8 months ago
Yeah, that's definitely a directory traversal attack.
upvoted 0 times
...
Jerry
8 months ago
A) Directory traversal
upvoted 0 times
...
...
Felicia
10 months ago
File injection, eh? That's a creative guess, but I think the 'dot-dot-slash' clue gives it away as a directory traversal attack.
upvoted 0 times
Adelina
8 months ago
Exactly, the 'dot-dot-slash' is a common technique used in directory traversal attacks.
upvoted 0 times
...
Raina
8 months ago
A) Directory traversal
upvoted 0 times
...
Leigha
9 months ago
You're right, the 'dot-dot-slash' clue is a giveaway for directory traversal.
upvoted 0 times
...
Azalee
9 months ago
B) SQL Injection
upvoted 0 times
...
Tien
9 months ago
You're right, it's a directory traversal attack.
upvoted 0 times
...
Norah
10 months ago
A) Directory traversal
upvoted 0 times
...
Kaycee
10 months ago
A) Directory traversal
upvoted 0 times
...
...
Amina
10 months ago
XSS? Come on, this is all about accessing sensitive files, not injecting code into a webpage.
upvoted 0 times
...
Mitzie
10 months ago
Haha, nice try with the SQL injection option, but this is clearly about navigating the file system, not the database.
upvoted 0 times
Ethan
10 months ago
B) SQL Injection
upvoted 0 times
...
Ethan
10 months ago
A) Directory traversal
upvoted 0 times
...
Victor
10 months ago
B) SQL Injection
upvoted 0 times
...
Victor
10 months ago
A) Directory traversal
upvoted 0 times
...
...
Devorah
11 months ago
I'm not sure, but I think it could also be File injection.
upvoted 0 times
...
Celestina
11 months ago
Definitely directory traversal! Those dot-dot-slash sequences are a classic giveaway.
upvoted 0 times
Caitlin
9 months ago
It's a common technique to access unauthorized files.
upvoted 0 times
...
Stefan
10 months ago
A) Directory traversal
upvoted 0 times
...
Loreta
10 months ago
Yes, attackers use those sequences to navigate through directories.
upvoted 0 times
...
Nakisha
10 months ago
A) Directory traversal
upvoted 0 times
...
...
Nana
11 months ago
I agree with Tommy, because the example given involves manipulating file paths.
upvoted 0 times
...
Tommy
11 months ago
I think the attack referred is Directory traversal.
upvoted 0 times
...

Save Cancel