Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CFA-001 Exam - Topic 1 Question 74 Discussion

Actual exam question for GAQM's CFA-001 exam
Question #: 74
Topic #: 1
[All CFA-001 Questions]

Attackers can manipulate variables that reference files with "dot-dot-slash (./)" sequences and their variations such as http://www.juggyDoy.corn/GET/process.php./././././././././etc/passwd.

Identify the attack referred.

Show Suggested Answer Hide Answer
Suggested Answer: B

by Louvenia at Dec 12, 2023, 01:11 PM

Limited Time Offer

25%

Off

Get Premium CFA-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Talia
5 months ago
Wow, I didn't know it could be that easy to access sensitive files!
upvoted 0 times
...
Ulysses
6 months ago
I thought file injection was more common, but this makes sense.
upvoted 0 times
...
Alberto
6 months ago
Wait, are we sure it's not SQL Injection?
upvoted 0 times
...
Lorean
6 months ago
Agreed, those dot-dot-slash sequences are a giveaway!
upvoted 0 times
...
Kendra
6 months ago
That's definitely a directory traversal attack.
upvoted 0 times
...
Myra
7 months ago
I’m a bit confused. I thought SQL injection was more about manipulating database queries, but I guess there could be some overlap? Still, directory traversal feels more accurate here.
upvoted 0 times
...
Rodrigo
7 months ago
I recall something similar from our last practice exam. Directory traversal was definitely mentioned there, so I’m leaning towards that being the correct answer.
upvoted 0 times
...
Sang
7 months ago
I'm not entirely sure, but I feel like it could also relate to file injection. We did some practice questions on that, but this one seems more specific.
upvoted 0 times
...
Dahlia
7 months ago
I think this is about directory traversal, right? I remember studying how attackers use those dot-dot-slash sequences to access restricted files.
upvoted 0 times
...
Evan
7 months ago
I've seen this type of attack before. The key is the "../" sequence in the URL, which allows an attacker to access files outside the intended directory. Definitely going with directory traversal for this one.
upvoted 0 times
...
Lanie
7 months ago
I'm a bit unsure about this one. The question mentions file manipulation, but the options include SQL injection and XSS as well. I'll need to think this through carefully before selecting an answer.
upvoted 0 times
...
Maile
7 months ago
Okay, this one seems straightforward. The URL structure with the "../" suggests a directory traversal attack, so I'll go with option A.
upvoted 0 times
...
Louisa
7 months ago
Hmm, the question mentions "dot-dot-slash" sequences, so I'm pretty sure the answer is directory traversal. I just need to double-check the options to be sure.
upvoted 0 times
...
Kayleigh
7 months ago
This looks like a classic directory traversal attack. I'll carefully analyze the URL structure and look for the "../" sequences to identify the correct answer.
upvoted 0 times
...
Basilia
7 months ago
Okay, I think I've got a strategy here. I'd first look for any employees who are being paid more than their approved wages, then check the entrance logs to see if there are any employees who are being paid but not showing up to work.
upvoted 0 times
...
Rozella
7 months ago
Okay, I remember learning about cgroups in my Linux class. I believe they do provide a way to limit a container's access to CPU, memory, and other host resources. I'll mark that as the answer.
upvoted 0 times
...
Lashanda
1 year ago
Wow, someone really needs to clean up their URL. '/etc/passwd'? That's just asking for trouble!
upvoted 0 times
Vonda
10 months ago
B) SQL Injection
upvoted 0 times
...
Dong
11 months ago
Yeah, that's definitely a directory traversal attack.
upvoted 0 times
...
Jerry
11 months ago
A) Directory traversal
upvoted 0 times
...
...
Felicia
1 year ago
File injection, eh? That's a creative guess, but I think the 'dot-dot-slash' clue gives it away as a directory traversal attack.
upvoted 0 times
Adelina
11 months ago
Exactly, the 'dot-dot-slash' is a common technique used in directory traversal attacks.
upvoted 0 times
...
Raina
11 months ago
A) Directory traversal
upvoted 0 times
...
Leigha
12 months ago
You're right, the 'dot-dot-slash' clue is a giveaway for directory traversal.
upvoted 0 times
...
Azalee
12 months ago
B) SQL Injection
upvoted 0 times
...
Tien
12 months ago
You're right, it's a directory traversal attack.
upvoted 0 times
...
Norah
1 year ago
A) Directory traversal
upvoted 0 times
...
Kaycee
1 year ago
A) Directory traversal
upvoted 0 times
...
...
Amina
1 year ago
XSS? Come on, this is all about accessing sensitive files, not injecting code into a webpage.
upvoted 0 times
...
Mitzie
1 year ago
Haha, nice try with the SQL injection option, but this is clearly about navigating the file system, not the database.
upvoted 0 times
Ethan
1 year ago
B) SQL Injection
upvoted 0 times
...
Ethan
1 year ago
A) Directory traversal
upvoted 0 times
...
Victor
1 year ago
B) SQL Injection
upvoted 0 times
...
Victor
1 year ago
A) Directory traversal
upvoted 0 times
...
...
Devorah
1 year ago
I'm not sure, but I think it could also be File injection.
upvoted 0 times
...
Celestina
1 year ago
Definitely directory traversal! Those dot-dot-slash sequences are a classic giveaway.
upvoted 0 times
Caitlin
12 months ago
It's a common technique to access unauthorized files.
upvoted 0 times
...
Stefan
1 year ago
A) Directory traversal
upvoted 0 times
...
Loreta
1 year ago
Yes, attackers use those sequences to navigate through directories.
upvoted 0 times
...
Nakisha
1 year ago
A) Directory traversal
upvoted 0 times
...
...
Nana
1 year ago
I agree with Tommy, because the example given involves manipulating file paths.
upvoted 0 times
...
Tommy
1 year ago
I think the attack referred is Directory traversal.
upvoted 0 times
...

Save Cancel