Ethical Hacking

¡Supera tus tareas y exámenes ahora con Quizwiz!

In one of the following method an attacker attempts to replicate error free navigation by inputting simple input - Determining the database engine type - Type mismatch - Parameter tampering - Determining a SELECT query structure

- Determining a SELECT query structure

Which of the following attacks can take place due to flaws such as insecure cryptographic storage and information leakage? - SQL injection - Shell injection - Sensitive data exposure - Command injection

- Sensitive data exposure

Which of the following is a communication standard that is also known as WiMAX and is designed to provide multiple physical layer (PHY) and MAC options? - 802.11g - 802.16 - 802.11n - 802.15.1

802.16

Which of the following techniques is NOT a best practice for securing webhooks? - Use rate limiting on webhook calls in the web server - Use threaded requests to send multiple requests simultaneously - Avoid validating the X-OP-Timestamp within the threshold of the current time - Ensure that event processing is idempotent

Avoid validating the X-OP-Timestamp within the threshold of the current time

Which of the following tools is employed by a pen tester to find vulnerabilities in an organization's web server and evaluate its security posture by using the same techniques as those currently employed by cybercriminals? - Netcraft - NetVizor - CORE Impact - Pupy

CORE Impact

Which of the following involves injection of malicious html code through a web application? - LDAP injection - Shell injection - SQL injection - Command injection

Command injection

Identify the reason why Web Applications are vulnerable to SQL injection attacks. - Tests the content of string variables and accepts only expected values. - Error messages reveal important information - Avoid constructing dynamic SQL with concatenated input values - Reject entries that contain binary data, escape sequences, and comment characters.

Error messages reveal important information

Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications? - Hash stealing - Fuzz testing - Session hijacking - Sandboxing

Fuzz testing

Which of the following methods carries the requested data to the webserver as a part of the message body? - Cold fusion - IBM DB2 - HTTP POST - HTTP GET

HTTP POST

If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? - Broadcast ping - Traceroute - Hping - TCP ping

Hping

In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results? - Inferential SQL injection - Out-of-band SQL injection - In-band SQL injection - Blind SQL injection

In-band SQL injection

Which of the following is a built-in tool of Burp Suite that is used for inspecting and modifying traffic between a browser and target application? - Sequencer tool - Application-aware - Intruder tool - Intercepting proxy

Intercepting proxy

Which of the following protocols uses the port number 88/TCP and can verify the identity of a user or host connected to a network? - Kerberos - Finger - NTP - TFTP

Kerberos

Which of the following tools helps attackers identify networks by passively collecting packets and detecting standard named networks, hidden networks, and the presence of non-beaconing networks via data traffic? - Kismet - L0phtCrack - Netcraft - Robber

Kismet

Which of the following operating systems can be identified when scan results show a TTL value of 64 and TCP window size of 5840? - Linux (Kernel 2.4 and 2.6) - Solaris 7 - iOS 12.4 - Windows XP

Linux (Kernel 2.4 and 2.6)

Which of the following tools does an attacker use to perform SQL injection exploitation through techniques such as union and blind SQL exploitation and bypass certain IPS/IDS rules with generic filters? - Mole - Astra - Weevely - China Chopper

Mole

hich of the following web services is a repository that contains a collection of user-submitted notes or messages on various subjects and topics? - Online reputation services - People search services - NNTP Usenet newsgroups - Business profile sites

NNTP Usenet newsgroups

Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? - RADIUS - PEAP - LEAP - CCMP

PEAP

Which of the following technologies belongs to the application layer and is used to generate dynamic web content? - Apache - Linux - MySQL - PHP

PHP

Which of the following features in FOCA allows an attacker to find more servers in the same segment of a determined address? - DNS search - IP resolution - Web search - PTR scanning

PTR scanning

Which of the following attacks is possible when an attacker executes .bat or .cmd files and changes the values by superimposing one or more operating-system commands through the request? - WS-address spoofing - XML injection attack - Parsing attack - SOAPAction spoofing

Parsing attack

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? - Passive information gathering - Information reporting - Vulnerability assessment - Active information gatherin

Passive information gathering

In which of the following attacks does an attacker inject an additional malicious query into an original query to make the DBMS execute multiple SQL queries? - System stored procedure - Illegal/logically incorrect query - Tautology - Piggybacked query

Piggybacked query

In which of the following attacks does an attacker inject an additional malicious query to the original query? - Tautology - In-line comment - Piggybacked query - UNION SQL injection

Piggybacked query

In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested? - None of the above - Generation-based - Protocol-based - Mutation-based

Protocol-based

Which of the following is the result obtained after the SQL query "SELECT * From User_Data Where Email_ID

Return data mode

Which of the following DNS record types indicates the authority for a domain of the target DNS server? - SRV - PTR - SOA - CNAME

SOA

Which of the following built-in tools of Burp Suite is used for testing the randomness of session tokens? - Application-aware spider - Sequencer tool -Intruder tool - Intercepting proxy

Sequencer tool

Which of the following does not provide cryptographic integrity protection? - WPA2 - WPA - WEP - TKIP

WEP

Which of the following techniques is NOT a countermeasure for securing files and directories on a web server? - Eliminate sensitive configuration information within the byte code - Disable the serving of directory listings - Eliminate unnecessary files within.jar files - Map virtual directories between two different servers or over a network

Map virtual directories between two different servers or over a network

Which of the following techniques is NOT a countermeasure for securing files and directories on a web server? - Map virtual directories between two different servers or over a network - Disable the serving of directory listings - Eliminate unnecessary files within.jar files - Eliminate sensitive configuration information within the byte code

Map virtual directories between two different servers or over a network

Which of the following is a DNS interrogation tool that allows an attacker to retrieve information about the location and type of servers related to the target web infrastructure? - Halberd - Vega - WAFW00F - Professional Toolset

Professional Tool-set

In which of the following database technologies is the SQL query [ Select * from sycat.coloumns where tabname='table name'] used for column enumeration. - MySQL - MSSQL - DB2 - Oracle

DB2

Which of the following is used to detect bugs and irregularities in web applications? - Mutation-based fuzz testing - Protocol-based fuzz testing - Generation-based fuzz testing - Source code review

Source code review

Which of the following types of DNS records points to a host's IP address? - TXT - A - HINFO - NS

A

Which of the following tools is used to build rules that aim to detect SQL injection attacks? - Super Scan - Snort - Nmap - Masscan

Snort

An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following Hping commands he/she needs to use to gather the required information? - hping3 -S <Target IP> -p 80 --tcp-timestamp - hping3 -F -P -U 10.0.0.25 -p 80 - hping3 <Target IP> -Q -p 139 -s - hping3 -A <Target IP> -p 80

hping3 <Target IP> -Q -p 139 -s

Which of the following is the Google dork that helps an attacker find the configuration pages for online VoIP devices? - intitle:"Sipura.SPA.Configuration" -.pdf - intitle:"SPA504G Configuration" - inurl:/voice/advanced/ - intitle:Linksys SPA configurationintitle:"Login Page" intext:"Phone Adapter Configuration Utility"

intitle:"Sipura.SPA.Configuration" -.pdf

Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? - intitle:"D-Link VoIP Router" "Welcome" - inurl:"NetworkConfiguration" cisco - inurl:/voice/advanced/ - intitle:Linksys SPA configuration - inurl:"ccmuser/logon.asp"

inurl:"NetworkConfiguration" cisco

In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections. - Boolean exploitation - Tautology - Time delay - System-stored procedure

- Boolean exploitation - Time delay

WPA2 uses AES for wireless data encryption at which of the following encryption levels? - 128 bit and TKIP - 128 bit and CCMP - 128 bit and CRC - 64 bit and CCMP

28 bit and CCMP

Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? - 802.11i - 802.11e - 802.11d - 802.11n

802.11i

Which of the following tools provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology? - IBM Security AppScan - Hping2 / Hping3 - SoftPerfect network scanner - Acunetix web vulnerability scanner

Acunetix web vulnerability scanner

In which of the following is the original data signal multiplied with a pseudo random noise spreading code? - Direct-sequence Spread Spectrum (DSSS) - Orthogonal Frequency-division Multiplexing (OFDM) - Frequency-hopping Spread Spectrum (FHSS) - Multiple input, multiple output-orthogonal frequency-division multiplexing (MIMO-OFDM)

Direct-sequence Spread Spectrum (DSSS)

Which of the following is NOT an objectives of network scanning? - Discover the services running - Discover usernames and passwords - Discover the network's live hosts - Discover the services running

Discover usernames and passwords

Which of the following should NOT be followed when securing an organization from footprinting attacks? - Educating employees to use pseudonyms on blogs, groups, and forums - Enabling the geo-tagging functionality on cameras - Ensuring that critical information is not revealed in press releases, annual reports, product catalogs, and so on. - Opting for privacy services on the Whois lookup database

Enabling the geo-tagging functionality on cameras

There is a WEP encrypted wireless AP with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. Which of the following steps need to be performed by the attacker for generating fake authentication? - Set the wireless interface to monitor mode - Ensure association of source MAC address with the AP - Capture the IVs - Use cracking tools

Ensure association of source MAC address with the AP

You are doing research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks, or SQL injection techniques? - site:Wikipedia.org intitle:"SQL Injection" - allinurl: Wikipedia.org intitle:"SQL Injection" - SQL injection site:Wikipedia.org - site:Wikipedia.org related:"SQL Injection"

SQL injection site:Wikipedia.org

Which of the following is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))? - Association - Access point - Hotspot - SSID

SSID

Which of the following is to be used to keep certain default wireless messages from broadcasting the ID to everyone? - Bluejacking - Bluesmacking - MAC Spoofing - SSID Cloaking

SSID Cloaking

During a wireless penetration test, a tester detects an AP using the WPA2 encryption. Which of the following attacks should be used to obtain the key? - The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard. - The tester must capture the WPA2 authentication handshake and then crack it. - The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key. - The tester must use the tool inSSIDer to crack it using the ESSID of the network.

The tester must capture the WPA2 authentication handshake and then crack it.

Which of the following btlejack commands allows an attacker to sniff new Bluetooth low-energy connections? - btlejack -c any - btlejack -f 0x129f3244 -j - btlejack -s - btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s

btlejack -c any

Which of the following TCP communication flags confirms the receipt of a transmission and identifies the next expected sequence number? - SYN flag - RST flag - ACK flag - FIN flag

ACK flag

Which of the following cryptographic algorithms is used by CCMP? - DES - TKIP - AES - RC4

AES

In which of the following attacks does an attacker saturate an API with a massive volume of traffic from multiple infected computers or botnets to delay the API services to legitimate users? - Invalid input attack - Credential stuffing attack - Fuzzing - API DDoS attack

API DDoS attack

Which of the following is used to connect wireless devices to a wireless/wired network? - Association - Bandwidth - Access point (AP) - Hotspot

Access point (AP)

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? - Active - Reflective - Passive - Distributive

Active

Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests? - Document root - Virtual document tree - Server root - Web proxy

Document root

If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking attacks, what would you do to avoid the attacks? - Delete Cookies - Enable Remote Management - Harden browser permission rules - Configure Application certification rules

Harden browser permission rules

In which of the following scanning techniques does an attacker send a spoofed source address to a computer to determine the available services? - Inverse TCP flag scan - ACK flag probe scan - IDLE/IPID header scan - TCP Maimon scan

IDLE/IPID header scan

An attacker wants to exploit a webpage. From which of the following points does he start his attack process? - Identify server-side functionality - Map the attack surface - Identify entry points for user input - Identify server-side technologies

Identify entry points for user input

Which of the following countermeasures should be followed to defend against DNS hijacking? - Do not safeguard the registrant account information - Use the default router password included in the factory settings - Download audio and video codecs and other downloaders from untrusted websites - Include DNS hijacking into incident response and business continuity planning

Include DNS hijacking into incident response and business continuity planning

In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? - Mutation-based - None of the above - Generation-based - Protocol-based

Mutation-based

Which of the following web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads? - RESTful API - XML RPC - JSON RPC - SOAP API

SOAP API

Which of the following web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads? - XML-RPC - SOAP API - RESTful API - JSON-RPC

SOAP API

Which of the following attacks allows an attacker to inject malicious content, modify the user´s online experience, and obtain unauthorized information? - Cross-site request forgery - Session prediction - Session poisoning - Session brute-forcing

Session poisoning

In which of the following footprinting threats does an attacker collect information directly and indirectly through persuasion without using any intrusion methods? - Business loss - Corporate espionage - System and network attack - Social engineering

Social engineering

Which of the following API hacking techniques does not target the API or machine code and instead tricks users into divulging their credentials to perform further attacks? - Session replay attack - Social engineering - User spoofing - Reverse engineering

Social engineering

hich of the following countermeasures prevents buffer overruns? - Keep untrusted data separate from commands and queries. - Use the most restrictive SQL account types for applications. - Test the size and data type of the input and enforce appropriate limits. - Apply the least privilege rule to run the applications that access the DBMS.

Test the size and data type of the input and enforce appropriate limits

Which of the following conditions must be given to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application? - The victim user must open a malicious link with an Internet Explorer prior to version 8. - The session cookies generated by the application do not have the HttpOnly flag set. - The victim user must open a malicious link with Firefox prior to version 3. - The web application should not use random tokens.

The web application should not use random tokens.

In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? - In-line comments - UNION SQL injection - Tautology - Piggybacked query

UNION SQL injection

Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? - WPA2 - WEP - TKIP - WPA

WPA2

In one of the following defensive techniques, only the list of entities such as data type, range, size, and value that have been approved for secured access are accepted. Which is this technique? - Whitelist validation - Output encoding - Enforcing least privileges - Blacklist validation

Whitelist validation

Which of the following networks is used for very long-distance communication? - Wi-Fi - Bluetooth - ZigBee - WiMax

WiMax

Which of the following Google search queries allows an attacker to identify the FTP servers of the target organization and identify sensitive directories on FTP? - intext:pure-ftpd.confintitle:index of - type:mil inurl:ftp ext:pdf | ps - inurl:"ftp://www." "Index of /" - inurl:github.com intext:.ftpconfig -issues

type:mil inurl:ftp ext:pdf | ps

Which of the following utilities is used by Recon-Dog to detect technologies existing in the target system? - shodan.io - Whois lookup - findsubdomains.com - wappalyzer.com

wappalyzer.com

In which of the following attacks does an attacker load the target website inside a low-opacity iframe? - DNS rebinding attack - RC4 NOMORE attack - Clickjacking attack - JavaScript hijacking

- Clickjacking attack

If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it? - Security misconfiguration - Broken access control - Insufficient logging and monitoring - Sensitive data exposure

- Insufficient logging and monitoring

Which of the following countermeasures should be followed for the secure update and patch management of web servers? - Apply all updates, regardless of their type, on an "as-needed" basis - Use the default configurations that web servers are dispatched with - Never use virtual patches in the organization Enable all unused script extension mappings

Apply all updates, regardless of their type, on an "as-needed" basis

Which of the following is a timing attack performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced? - Cache storage timing attack - Cross-site timing attack - Browser-based timing attack - Direct timing attack

Direct timing attack

Which of the following HTTP service port numbers is used for connecting to a remote network server system? - Port 384 - Port 81 - Port 80 - Port 88

Port 384

Which of the following Google dorks is used by an attacker to find Cisco VPN client passwords? - "Config" intitle:"Index of" intext:vpn - filetype:pcf vpn OR Group - "[main]" "enc_GroupPwd=" ext:txt - filetype:pcf "cisco" "GroupPwd"

"[main]" "enc_GroupPwd=" ext:txt

William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances? - Right square bracket - Semicolon - Double quote - Single quote

- Double quote - Single quote

To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks. - Keep untrusted data separate from commands and queries. - Apply input validation only on the client-side. - Ensure that the Web configuration files for each application do not contain sensitive information. - Avoid constructing dynamic SQL with concatenated Input values.

- Keep untrusted data separate from commands and queries. - Ensure that the Web configuration files for each application do not contain sensitive information. - Avoid constructing dynamic SQL with concatenated Input values.

A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money? - The tester needs to perform dynamic code analysis as it uncovers bugs in the software system. - The tester needs to perform static code analysis as it covers the executable file of the code. - The tester needs to perform dynamic code analysis as it finds and fixes the defects. - The tester needs to perform static code analysis as it covers the structural and statement coverage testing.

- The tester needs to perform static code analysis as it covers the structural and statement coverage testing.

Which of the following wireless standards uses modulation schemes such as GFSK, π/4-DPSK, and 8DPSK and a frequency of 2.4 GHz with data transfer rates in the range of 25-50 Mbps? - 802.11g - 802.15.1 (Bluetooth) - 802.11a - 802.16 (WiMAX)

802.15.1 (Bluetooth)

Which of the following is a type of access-control attack in which an attacker uses any USB adapter or wireless card and connects a host to an unsecured client to attack a specific client or to avoid AP security? - Ad hoc association - Promiscuous client - Client mis-association - Unauthorized association

Ad hoc association

Which of the following countermeasures should be followed to protect web applications against broken authentication and session management attacks? - Apply pass phrasing with at least five random words - Never use SSL for all authenticated parts of the application - Submit session data as part of GET and POST - Do not check weak passwords against a list of the top bad passwords

Apply pass phrasing with at least five random words

Which of the following activities of an organization on social networking sites helps an attacker footprint or collect information regarding the type of business handled by the organization? - Promotion of products - User surveys - Background checks to hire employees - User support

Background checks to hire employees

Which of the following terms describes the amount of information that may be broadcast over a connection? - BSSID - Bandwidth - ISM band - Hotspot

Bandwidth

Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? - Banner grabbing - Port scanning - Source routing - IP address decoy

Banner grabbing

In which of the following attacks does an attacker pose a true or false question to an database to determine whether an application is vulnerable to SQL injection? - Error-based SQL injection - Union SQL injection - In-Band SQL injection - Blind SQL injection

Blind SQL injection

In which of the following techniques does an attacker use logical requests such as AND/OR to bypass a firewall? - Normalization method - CRLF technique - HPF technique - Blind SQL injection

Blind SQL injection

Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit? - In-band SQL injection - Error-based SQL injection - UNION SQL injection - Blind SQL injection

Blind SQL injection

An attacker collects the make and model of target Bluetooth-enabled devices analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices. - Blue Printing - BlueSniff - MAC Spoofing Attack - Bluebugging

Blue Printing

_________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version. - Bluejacking - BluePrinting - Bluebugging - BlueSniff

BluePrinting

Which of the following terms is used to describe an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it? - Bluejacking - Bluesnarfing - Bluebugging - Bluesmacking

Bluebugging

Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim's device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing? - Bluebugging - Bluesnarfing - Bluesmacking - Bluejacking

Bluesmacking

An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective? - Netcraft - Nessus - Burp suite - Hydra

Burp suite

Which of the following is not a patch management tool? - GFI LanGuard - Software vulnerability manager - Burp suite - Symantec client management suite

Burp suite

Steve, an attacker, wants to track the most shared content that belongs to the target organization. For this purpose, he used an advanced social search engine that displayed shared activity across all major social networks including Twitter, Facebook, LinkedIn, Google Plus, and Pinterest. What is the tool employed by Steve in the above scenario? - Robber - Vindicate - BuzzSumo - Wireshark

BuzzSumo

Which of the following techniques is used by an attacker to connect a fake account on the provider with a victim's account on the client side? - Attack on "Connect" request - CSRF on authorization response - Attack on "redirect_uri" - Access token reusage

CSRF on authorization response

Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code? - Packet analysis - Code analysis - Traffic analysis - Data analysis

Code analysis

Which of the following types of API vulnerabilities occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials? - Code injections - Business logic flaws - Improper use of CORS - Sharing resources via unsigned URLs

Code injections

Which of the following types of API vulnerabilities occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials? - Improper use of CORS - Code injections - Business logic flaws - Sharing resources via unsigned URLs

Code injections

Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network? - WiFish Finder - BlueScan - WiFiFoFum - CommView for WiFi

CommView for WiFi

In which of the following SQL injection attacks does an attacker deface a web page, insert malicious content into web pages, or alter the contents of a database? - Compromised data integrity - Authorization bypass - Remote code execution - Compromised availability of data

Compromised data integrity

You are performing a port scan with Nmap. You are in a hurry and conducting the scans at the fastest possible speed. What type of scan should you run to get very reliable results? - XMAS scan - Connect scan - Stealth scan - Fragmented packet scan

Connect scan

Which of the following is a wireless security layer where per frame/packet authentication provides protection against MITM attacks and prevents an attacker from sniffing data when two genuine users communicate with each other? - Wireless signal security - Device security - Connection security - End-user protection

Connection security

What type of information is gathered by an attacker through Whois database analysis and tracerouting? - Usernames, passwords, and so on - Background of the organization - DNS records and related information - Publicly available email addresses

DNS records and related information

Which of the following practices makes web applications vulnerable to SQL injection attacks? - Database server running OS commands - Firewalling the SQL server - Implementing consistent coding standards - Minimizing privileges

Database server running OS commands

Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? - Disable open relay feature - Display false banners - Disable the DNS zone transfers to the untrusted hosts - Restrict anonymous access through RestrictNullSessAccess parameter from the Windows registry

Display false banners

Steven, a wireless network administrator, has just finished setting up his company's wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company's wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do? - WEP Key Cracking - Eavesdropping - Masquerading - Evil twin AP

Eavesdropping

Which of the following types of techniques is used to prevent IP spoofing by blocking outgoing packets with a source address that is not inside? - Access-control lists - Random initial sequence numbers - Ingress filtering - Egress filtering

Egress filtering

Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? - Web updates monitoring tools - Email tracking tools - Metadata extraction tools - Website mirroring tools

Email tracking tools

Which of the following is the best practice to follow to secure a system or network against port scanning? - Do not configure firewall and IDS rules to detect and block probes - Ensure that firewall and routers do not block source routing techniques - Ensure that the versions of services running on the ports are non-vulnerable - Allow unwanted services running on the ports and update the service versions

Ensure that the versions of services running on the ports are non-vulnerable

Which of the following best practices should be followed to prevent web-shell installation? - Activate directory browsing in the web server - Establish a reverse proxy service for retrieving resources - Do not use escapeshellarg() or escapeshellcmd() - Enable all PHP functions such as exec(), shell_exec(), show_source(), proc_open(), passthru(), and pcntl_exec()

Establish a reverse proxy service for retrieving resources

Fill in the blank. Posing as an authorized AP by beaconing the WLAN's service set identifier (SSID) to lure users is known as __________. - Masquerading - Man-in-the-Middle Attack - Honeypot AP - Evil Twin AP

Evil Twin AP

John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company's Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do? - WEP Cracking - Evil Twin AP - War Driving - KRACK Attack

Evil Twin AP

Which of the following deep and dark web searching tools helps an attacker obtain information about official government or federal databases and navigate anonymously without being traced? - ExoneraTor - Whitepages - Been Verified - Spokeo

ExoneraTor

Which of the following footprinting techniques allows an attacker to gather information passively about the target without direct interaction? - Performing social engineering - Extracting information using Internet archives - Extracting DNS information - Performing traceroute analysis

Extracting information using Internet archives

Which of the following TCP communication flags is set to "1" to announce that no more transmissions will be sent to the remote system and the connection established by the SYN flag is terminated? - RST flag - FIN flag - SYN flag - ACK flag

FIN flag

A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? - Performing traceroute analysis - Finding the top-level domains (TLDs) and sub-domains of a target through web services - Querying published name servers of the target - Performing social engineering

Finding the top-level domains (TLDs) and sub-domains of a target through web services

Which of the following scanning tools is a mobile app for Android and iOS that provides complete network information, such as the IP address, MAC address, device vendor, and ISP location? - Netcraft - Maltego - Fing - Nmap

Fing

In which of the following attacks does an attacker repeatedly send some random input to a target API to generate error messages that reveal critical information? - Login/credential stuffing attack - Malicious input attack - Invalid input attack - Fuzzing

Fuzzing

Robert, a penetration tester, is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that the web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes? - Stored Procedure Injection - Alternate Encodings - Fuzzing Testing - Out of Band Exploitation

Fuzzing Testing

Which of the following footprinting techniques allows an attacker to gather information about a target with direct interaction? - Gathering infrastructure details of the target organization through job sites - Gathering website information using web spidering and mirroring tools - Gathering financial information about the target through financial services - Gathering information using groups, forums, blogs, and NNTP Usenet newsgroups

Gathering website information using web spidering and mirroring tools

Which of the following ping methods is effective in identifying active hosts similar to the ICMP timestamp ping, specifically when the administrator blocks the conventional ICMP ECHO ping? - ICMP address mask ping scan - ICMP ECHO ping sweep - ICMP ECHO ping scan - UDP ping scan

ICMP address mask ping scan

An Attacker injects the folllowing SQL inquiry: blah' AND=1( Select Count(*) FROM MY TABLE;-- what is the intention of the attacker? - Identifying the table name - Updating table - Deleting a table - Adding new records

Identifying the table name

Which of the following countermeasures should be followed to protect web applications against broken access control? - Implement a session timeout mechanism - Never limit file permissions to authorized users - Never remove session tokens on the server side on user logout - Implement client-side caching mechanisms

Implement a session timeout mechanism

Which of the following tools is used for gathering email account information from different public sources and checking whether an email was leaked using the haveibeenpwned.com API? - Octoparse - Infoga - Professional Toolset - Metagoofil

Infoga

Shea is a licensed penetration tester. She is working with a client to test their new e-commerce website for SQL injection. After signing the NDA and agreeing on the rules of engagement (RoE), she starts by examining and listing all the input fields on the website. She tries to insert a string value in the CVV2 textbox, where a three-digit number is expected, and she ends up with the below error message. Identify in which stage of the SQL injection methodology is Shea right now. - Information gathering and SQL injection vulnerability detection - Exploit second-order SQL injection - Perform blind SQL injection - Launch SQL injection attacks

Information gathering and SQL injection vulnerability detection.

Which of the following API security risks can be prevented by performing input validation, implementing a parameterized interface for processing inbound API requests, and limiting the number of records returned? - Excessive data exposure - Injection - Mass assignment - Security misconfiguration

Injection

Which of the following attack techniques is used by an attacker to send forged control, management, or data frames over a wireless network to misdirect wireless devices and perform other types of attacks such as DoS? - Confidentiality attack - Integrity attack - Authentication attack - Availability attack

Integrity attack

Which of the following countermeasure should be used to prevent a ping sweep? - Limiting ICMP traffic with access-control lists (ACLs) to the ISP's specific IP addresses - Disabling the firewall - Avoiding the use of DMZ and disallowing commands such as ICMP ECHO_REPLY, HOST UNREACHABLE, and TIME EXCEEDED in DMZ - Allowing connection with any host performing more than 10 ICMP ECHO requests

Limiting ICMP traffic with access-control lists (ACLs) to the ISP's specific IP addresses

Which of the following tools is used by an attacker to create rogue APs and perform sniffing and MITM attacks? - Skyhook - MANA Toolkit - Gobuster - Halberd

MANA Toolkit

Which of the following technologies is an air interface for 4G and 5G broadband wireless communications? - DSSS - MIMO-OFDM - OFDM - FHSS

MIMO-OFDM

hich of the following database management systems contains the system table called "MsysObjects"? - MySQL - Oracle - MSSQL - MS Access

MS Access

Which of the following DNS record type helps in DNS footprinting to determine a domain's mail server? - CNAME - NS - A - MX

MX

In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? - Mutation-based - None of the above - Protocol-based -Generation-based

Mutation-based

Which of the following tools is a web-application security scanner that searches for vulnerabilities to attacks such as clickjacking, SQL injection, and XSS? - Vindicate - Immunity Debugger - Mimikatz - N-Stalker X

N-Stalker X

Which of the following open-source tools would be the best choice to scan a network for potential targets? - Cain & Abel - hashcat - John the Ripper - NMAP

NMAP

Which of the following parameters enable NMAP's operating system detection feature? - NMAP -sC - NMAP -oS - NMAP -O - NMAP -sV

NMAP -O

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? - NMAP -PN -O -sS -p 1-1024 192.168.0/8 - NMAP -P0 -A -sT -p0-65535 192.168.0/16 - NMAP -PN -A -O -sS 192.168.2.0/24 - NMAP -P0 -A -O -p1-65535 192.168.0/24

NMAP -PN -A -O -sS 192.168.2.0/24

Which tool would be used to collect wireless packet data? - Nessus - John the Ripper - Netcat - NetStumbler

NetStumbler

Which statement is TRUE regarding network firewalls in preventing web application attacks? - Network firewalls can prevent attacks because they can detect malicious HTTP traffic - Network firewalls cannot prevent attacks because they are too complex to configure - Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened - Network firewalls cannot prevent attacks if they are properly configured.

Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened

Smith, a professional hacker, has targeted an organization. He employed some footprinting tools to scan through all the domains, subdomains, reachable IP addresses, DNS records, and Whois records to perform further attacks. What is the type of information Smith has extracted through the footprinting attempt? - Company's product information - Physical security information - Policy information - Network information

Network information

Which of the following API vulnerabilities allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting? - RBAC privilege escalation - Enumerated resources - No ABAC validation - Business logic flaws

No ABAC validation

Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? - SDP - LMP - OBEX - L2CAP

OBEX

Which of the following functions can be used by an attacker to link a target SQL server's database to the attacker's own machine and retrieve data from the target SQL server database? - LOAD_FILE() - CONVERT() - INTO OUTFILE() - OPENROWSET()

OPENROWSET()

Which of the following attacks allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection? - Network access attack - Cookie snooping - Obfuscation application - Authentication hijacking

Obfuscation application

Which type of antenna is used in wireless communication? - Omnidirectional - Bidirectional - Parabolic - Unidirectional

Omnidirectional

A- Sleep() B- Benchmark() C- mysqlquery() D- Addclashes() - Option B - Option C - Option D - Option A

Option A

Which of the following operators is used for String concentration in an oracle database? A- ''I I' B- ""&"" C- ''+'' D- contact(,) - Option D - Option B - Option C - Option A

Option A

Which of the following DB2 queries allows an attacker to perform column enumeration on a target database? - Option D - Option C - Option B - Option A

Option B

Which of the following SQL injection queries is used by an attacker to extract table column names? - Option A - Option D - Option B - Option C

Option B

Which of the following commands has to be disabled to prevent exploitation at the OS level? - Option C - Option B - Option A - Option D

Option B

Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Snort can be used to detect SQL injection attacks. Identify the correct Snort rule to detect SQL injection attacks. - Option D - Option A - Option C - Option B

Option D

Which of the following MSSQL queries allows an attacker to perform column enumeration on a target database? - Option A - Option D - Option B - Option C

Option D

Which of the following SQL queries is an example of a heavy query used in SQL injection? - Option A - Option C - Option D - Option B

Option D

Which of the following is a Snort rule that is used to detect and block an SQL injection attack? - Option B - Option D - Option C - Option A

Option D

Which of the following queries is used to create a database account in Microsoft SQL Server? - Option D - Option C - Option B - Option A

Option D

In one of the following attacks, an attacker uses different communication channels to perform the attack and obtain results. It is difficult to perform as the attacker needs to communicate with a database server and determine the server features used by a web application. Which is this attack? - In-band SQL injection - Union SQL injection - Out-of-band SQL injection - End-of-line comment

Out-of-band SQL injection

Which of the following is considered as a repair job to a programming problem? - Assessment - Penetration test - Patch - Vulnerability

Patch

Which of the following types of scanning involves the process of checking the services running on a target computer by sending a sequence of messages to break in? - Network scanning - Vulnerability scanning - Port scanning - Banner grabbing

Port scanning

Which of the following IDS/firewall evasion techniques helps an attacker increase their Internet anonymity? - Proxy chaining - Source routing - Source port manipulation - IP address decoy

Proxy chaining

Passive reconnaissance involves collecting information through which of the following? - Social engineering - Email tracking - Traceroute analysis - Publicly accessible sources

Publicly accessible sources

What information is gathered about the victim using email tracking tools? - Recipient's IP address, geolocation, proxy detection, operating system, and browser information - Username of the clients, operating systems, email addresses, and list of software - Information on an organization's web pages since their creation - Targeted contact data, extracts the URL and meta tag for website promotion

Recipient's IP address, geolocation, proxy detection, operating system, and browser information

Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting - Results matching "accounting" in domain target.com but not on the site Marketing.target.com - Results matching all words in the query - Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting - Results for matches on target.com and Marketing.target.com that include the word "accounting"

Results matching "accounting" in domain target.com but not on the site Marketing.target.com

A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php script is vulnerable to - SQL injection - LDAP injection - command injection - directory traversal

SQL injection

Which of the following scanning techniques is used by an attacker to check whether a machine is vulnerable to UPnP exploits? - SCTP INIT scanning - UDP scanning - SSDP scanning - List scanning

SSDP scanning

Andrew, a professional penetration tester, was hired by ABC Security, Inc., a small IT-based firm in the United States to conduct a test of the company's wireless network. During the information-gathering process, Andrew discovers that the company is using the 802.11 g wireless standard. Using the NetSurveyor Wi-Fi network discovery tool, Andrew starts gathering information about wireless APs. After trying several times, he is not able to detect a single AP. What do you think is the reason behind this? - SSID broadcast feature must be disabled, so APs cannot be detected. - MAC address filtering feature must be disabled on APs or router. - Andrew must be doing something wrong, as there is no reason for him to not detect access points. - NetSurveyor does not work against 802.11g.

SSID broadcast feature must be disabled, so APs cannot be detected

Which of the following protocols provides transport-level security for API messages to ensure confidentiality through encryption and integrity through signature? - SSL - FTP - NTP - IMAP

SSL

Which of the following tools is a network scanner for iPhone and iPad that is used to scan LAN, Wi-Fi networks, websites, open ports, and network devices and can support several networking protocols? - Scany - Whonix - Psiphon - Tails

Scany

Which of the following parameters defines the level of access to an application to redirect a user agent to the authorization server? - State - Scope - Response_type - Redirect_uri

Scope

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? - Sean should use email tracking tools - Sean should use WayBackMachine in Archive.org - Sean should use website mirroring tools - Sean should use Sublist3r tool

Sean should use Sublist3r tool

What is the output returned by search engines when extracting critical details about a target from the Internet? - Advanced search operators - Operating systems, location of web servers, users, and passwords - Search engine results pages ("SERPs") - Open ports and services

Search engine results pages ("SERPs")

Which of the following countermeasures should be followed to defend against watering-hole attacks? - Enable third-party content such as advertising services, which track user activities - Never run the web browser in a virtual environment - Secure the DNS server to prevent attackers from redirecting the user to a new location - Use browser plug-ins that allow HTTP redirects

Secure the DNS server to prevent attackers from redirecting the user to a new location

In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client? - WPA encryption - Shared key authentication process - WEP encryption - Open-system authentication process

Shared key authentication process

Which of the following activities of a user on social networking sites helps an attacker footprint or collect the identity of the user's family members, the user's interests, and related information? - Creating events - Maintaining the profile - Sharing photos and videos - Playing games and joining groups

Sharing photos and videos

Robert, an attacker, targeted a high-level executive of an organization and wanted to obtain information about the executive on the Internet. He employed a tool through which he discovered the target user on various social networking sites, along with the complete URL. What is the tool used by Robert in the above scenario? - Sublist3r - Sherlock - OpUtils - BeRoot

Sherlock

Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: Secretly observes the target to gain critical information Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. - Phishing - Shoulder surfing - Dumpster diving - Tailgating

Shoulder surfing

Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? - Smith should use online services such as netcraft.com to find the company's internal URLs - Smith should use WayBackMachine in Archive.org to find the company's internal URLs - Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs- - Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs

Smith should use online services such as netcraft.com to find the company's internal URLs

Which of the following is the direct approach technique that serves as the primary source for attackers to gather competitive intelligence? - Search engines, Internet, and online databases - Social media postings - Social engineering - Support threads and reviews

Social engineering

In website footprinting, which of the following information is acquired by the attacker when they examine the cookies set by the server? - Software in use and its behavior - Comments present in the source code - Contact details of the web developer or admin - File-system structure and script type

Software in use and its behavior

Which of the following is used to detect bugs and irregularities in web applications? - Source code review - Generation-based fuzz testing - Protocol-based fuzz testing - Mutation-based fuzz testing

Source code review

In one of the following features of the RESTful API, the client end stores the state of the session, and the server is restricted to save data during request processing. Which is this feature? - Code on demand - Cacheable - Stateless - Uniform interface

Stateless

A security engineer is attempting to perform scanning on acompany's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.**. What type of scan is this? - Stealth scan - Intense scan - Comprehensive scan - Quick scan

Stealth scan

Which of the following scans detects when a port is open after completing the three-way handshake, establishes a full connection, and closes the connection by sending an RST packet? - ACK flag probe scan - IDLE/IPID header scan - Stealth scan - TCP connect scan

TCP connect scan

Which of the following is the active banner grabbing technique used by an attacker to determine the OS running on a remote target system? - TCP sequence ability test - Sniffing of network traffic - Banner grabbing from page extensions - Banner grabbing from error messages

TCP sequence ability test

Which of the following Encryption technique is used in WPA? - DES - RSA - TKIP - AES

TKIP

In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true? - Tautology - End-of-line comment - Illegal/logically incorrect query - UNION SQL injection

Tautology

Which of the following practices helps developers defend against SQL injection attacks? - Always construct dynamic SQL with concatenated input values - Build Transact-SQL statements directly from user input - Test the content of string variables and accept only expected values - Allow entries that contain binary data, escape sequences, and comment characters

Test the content of string variables and accept only expected values

Which of the following countermeasures prevents buffer overruns? - Test the size and data type of the input and enforce appropriate limits. - Apply the least privilege rule to run the applications that access the DBMS. - Keep untrusted data separate from commands and queries. - Use the most restrictive SQL account types for applications.

Test the size and data type of the input and enforce appropriate limits.

If your web application sets any cookie with a secure attribute, what does this mean? - The cookie cannot be accessed by JavaScript - Cookies will be sent cross-domain - The client will send the cookie only over an HTTPS connection - The cookie will not be sent cross-domain

The client will send the cookie only over an HTTPS connection

Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.John Stevens is in charge of information security at Bank of Timbuktu. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank's customers had been changed! However, money hasn't been removed from the bank; instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:Attempted login of unknown user: johnmAttempted login of unknown user: susaRAttempted login of unknown user: sencatAttempted login of unknown user: pete";Attempted login of unknown user: ' or 1=1-Attempted login of unknown user: '; drop table logins-Login of user jason, sessionID= 0x75627578626F6F6BLogin of user daniel, sessionID= 0x98627579539E13BELogin of user rebecca, sessionID= 0x9062757944CCB811Login of user mike, sessionID= 0x9062757935FB5C64Transfer Funds user jasonPay Bill user mikeLogout of user mikeWhat kind of attack did the Hacker attempt to carry out at the bank? - The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs. - The hacker attempted session hijacking, in which the hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID, and took over Jason's session. - The hacker used a generator module to pass results to the webserver and exploited web application CGI vulnerability. - Brute force attack in which the hacker attempted guessing login IDs and passwords from password-cracking tools.

The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs.

A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 - The host is likely a Linux machine. - The host is likely a Windows machine. - The host is likely a router. - The host is likely a printer.

The host is likely a printer.

What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability? - The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection. - The vulnerable application does not display errors with information about the injection results to the attacker. - A successful attack does not show an error message to the administrator of the affected application. - The request to the webserver is not visible to the administrator of the vulnerable application.

The vulnerable application does not display errors with information about the injection results to the attacker.

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? - Fingerprinting to identify which operating systems are running on the network - Timing options to slow the speed that the port scan is conducted - ICMP ping sweep to determine which hosts on the network are not available - Traceroute to control the path of the packets sent during the scan

Timing options to slow the speed that the port scan is conducted

Which of the following search engine tools helps an attacker use an image as a search query and track the original source and details of images, such as photographs, profile pictures, and memes? - Mention - TinEye - Intelius - Sublist3r

TinEye

Which of the following tools are useful in extracting information about the geographical location of routers, servers, and IP devices in a network? - Traceroute tools - Email tracking tools - Website mirroring tools - Web spidering tools

Traceroute tools

In LAN-to-LAN Wireless Network, the APs provide wireless connectivity to local computers, and computers on different networks that can be interconnected? - True - False

True

SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. - False - True

True

Which of the following issues can be detected when testers send long strings of junk data, similar to strings for detecting buffer overruns that throw SQL errors on a page? - SQL injection - Truncation - SQL modification - Input sanitization

Truncation

InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? - Trying to attempt social engineering by eavesdropping - Trying to attempt social engineering using phishing - Trying to attempt social engineering by shoulder surfing - Trying to attempt social engineering by dumpster diving

Trying to attempt social engineering by dumpster diving

Which of the following practices is NOT a preventive measure against KRACK attacks? - Avoid using public Wi-Fi networks - Always enable the HTTPS Everywhere extension - Enable two-factor authentication - Turn off auto-updates for all wireless devices

Turn off auto-updates for all wireless devices

While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? - The firewall is dropping the packets. - UDP port is open. - The host does not respond to ICMP packets. - UDP port is closed.

UDP port is closed.

Which of the following countermeasures is used to avoid banner grabbing attacks? - Enable the details of the vendor and version in the banners - Never display false banners to mislead or deceive attackers - Turn on unnecessary services on the network host to limit information disclosure - Use ServerMask tools to disable or change banner information

Use ServerMask tools to disable or change banner information

Which of the following countermeasures should be followed to protect web applications from command injection attacks? - Use modular shell disassociation from the kernel - Never use parameterized SQL queries - Never use language-specific libraries

Use modular shell disassociation from the kernel

An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to login as "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker? - Brute-forcing - Man-in-the-middle - Username enumeration - Phishing

Username enumeration

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input? - Validate web content input with scanning tools - Validate web content input for extraneous queries - Validate web content input for query strings - Validate web content input for type, length, and range

Validate web content input for type, length, and range

Q 175 - Variations - Declare variables - Case variation - Null byte

Variations

Which of the following consists of 40/104 bit Encryption Key Length? - WEP - RSA - WPA - WPA2

WEP

Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? - Traceroute tools - Metadata extraction tools - WHOIS lookup tools - Web spidering tools

WHOIS lookup tools

Donald works as a network administrator with ABCSecurity, Inc., a small IT based firm in San Francisco. He was asked to set up a wireless network in the company premises which provides strong encryption to protect the wireless network against attacks. After doing some research, Donald decided to use a wireless security protocol which has the following features: Provides stronger data protection and network access control Uses AES encryption algorithm for strong wireless encryption Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) Which of the following wireless security protocol did Donald decide to use? - TKIP - WEP - WPA - WPA2

WPA2

Which of the following encryption methods has KRACK vulnerabilities that make it susceptible to packet sniffing, connection hijacking, malware injection, and decryption attacks? - WEP - WPA2 - EAP - WPA

WPA2

Which of the following Wi-Fi security protocols uses GCMP-256 for encryption and HMAC-SHA-384 for authentication? - CCMP - PEAP - WPA3 - WEP

WPA3

Which of the following Wi-Fi security protocols uses GCMP-256 for encryption and HMAC-SHA-384 for authentication? - WPA3 - WEP - CCMP - PEAP

WPA3

Which of the following security standards contains the Dragonblood vulnerabilities that help attackers recover keys, downgrade security mechanisms, and launch various information-theft attacks? - WPA3 - WPA2 - WEP - WPA

WPA3

Which of the following metadata formats does the SOAP API use to reveal a large amount of technical information such as paths, parameters, and message formats? - Swagger - WSDL/XML-Schema - I/O Docs - API-Blueprint

WSDL/XML-Schema

In which of the following technique, an attacker draws symbols in public places to advertise open Wi-Fi networks? - WarWalking - WarFlying - WarDriving - WarChalking

WarChalking

In which of the following techniques does an attacker draw symbols in public places to advertise open Wi-Fi networks? - Warflying - Wardriving - Warwalking - Warchalking

Warchalking

Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses? - Proxies - Web spiders - Firewalls - Banners

Web spiders

Which of the following APIs is a user-defined HTTP callback or push API that is raised based on events triggered, such as receiving a comment on a post or pushing code to the registry? - Webhook - SOAP API - RESTful API - REST API

Webhook

Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system? - Whois lookup - TCP/IP - Traceroute - DNS lookup

Whois lookup

Which of the following techniques is used by network management software to detect rogue APs? - AP scanning - Wired side inputs - RF scanning - Virtual-private network

Wired side inputs

Which of the following components of Cisco's WIPS deployment forwards attack information from wireless IPS monitor-mode APs to the MSE and distributes configuration parameters to APs? - Wireless control system - Mobility services engine - Local mode AP - Wireless LAN controller

Wireless LAN controller

In which of the following attacks does an attacker exploit dynamic routing protocols, such as DSR and AODV, and place themselves strategically in a target network to sniff and record ongoing wireless transmissions? - Sinkhole attack - Wormhole attack - RADIUS replay - Honeypot AP attack

Wormhole attack

Kenneth, a professional penetration tester, was hired by the XYZ Company to conduct wireless network penetration testing. Kenneth proceeds with the standard steps of wireless penetration testing. He tries to collect lots of initialization vectors (IVs) using the injection method to crack the WEP key. He uses the aircrack-ng tool to capture the IVs from a specific AP. Which of the following aircrack-ng commands will help Kenneth to do this? - aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0 - airmon-ng start wifi0 9aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 ath0 - airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0

airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0

Which of the following options of Sublist3r allows the user to specify a comma-separated list of search engines? - d - p - e - o

e

Which of the following Hping3 command is used to perform ACK scan? - hping3 -1 <IP Address> -p 80 - hping3 -8 50-60 -S <IP Address> -V - hping3 -A <IP Address> -p 80 - hping3 -2 <IP Address> -p 80

hping3 -A <IP Address> -p 80

Which of the following hping commands is used by an attacker to collect the initial sequence number? - hping3 192.168.1.103 -Q -p 139 -s - hping3 -A 10.0.0.25 -p 80 - hping3 -S 72.14.207.99 -p 80 --tcp-timestamp - hping3 -2 10.0.0.25 -p 80

hping3 192.168.1.103 -Q -p 139 -s

Robin, a professional hacker, targeted an organization for financial benefit. He initiated footprinting attacks on the target organization. In this process, he used an advanced Google search query that returns a list of FTP servers by IP address, which are mostly Windows NT servers with guest login capabilities. What is the advanced Google search query employed by Robin in the above scenario? - inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~'/html' - intitle:"Index Of" - intext:sftp-config.jsonintext:pure-ftpd.conf intitle:index of - type:mil inurl:ftp ext:pdf | ps

inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~'/html'

Which of the following web services provides useful information about a target company, such as the market value of the company's shares, company profile, and competitor details? - investing.com - linkup.com - dice.com - indeed.com

investing.com

Which of the following commands displays various options that a user can utilize to obtain a list of words from a target website? - dnsrecon -r 162.241.216.0-162.241.216.255 - cewl --email www.certifiedhacker.com - ruby cewl.rb --help - cewl www.certifiedhacker.com

ruby cewl.rb --help

Which of the following Nmap options is used by an attacker to perform an SCTP COOKIE ECHO scan? - sZ - sU - sL - sY

sZ

Which of the following tools does an attacker use to perform a query on the platforms included in OSRFramework? - domainfy.py - searchfy.py - mailfy.py - usufy.py

searchfy.py

Which Google search query will search for any files a target certifiedhacker.com may have? - site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini - allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini - site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini - site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini

site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini

Which Google search query can you use to find mail lists dumped on pastebin.com? - site:pastebin.com intext:*@*.com:* - allinurl: pastebin.com intitle:*@*.com:* - allinurl: pastebin.com intitle:"mail lists" - cache: pastebin.com intitle:*@*.com:*

site:pastebin.com intext:*@*.com:*

A hacker is attempting to check for all the systems alive in the network by performing a ping sweep. Which NMAP switch would the hacker use? - sU - sS - sn - sT

sn

Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database. - syscell - ssysobject - ssysrow - ssysdbs

ssysobject

Which of the following is a security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity? - Security misconfiguration - Sensitive data exposure - Broken authentication - Injection

Broken authentication

In which of the following attack types does an attacker flood an application with an excess amount of data so that the application may crash or exhibit vulnerable behavior? - Directory traversal - Denial-of-service attack - Buffer overflow attack - Parameter/form tampering

Buffer overflow attack

Which of the following techniques is NOT a countermeasure for securing accounts? - Enable unused default user accounts - Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms - Eliminate unnecessary database users and stored procedures - Remove all unused modules and application extensions

Enable unused default user accounts

Which of the following techniques is NOT a countermeasure for securing accounts? - Remove all unused modules and application extensions - Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms - Enable unused default user accounts - Eliminate unnecessary database users and stored procedures

Enable unused default user accounts

Which of the following is not a defensive measure for web server attacks while implementing Machine.config? - Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) - Ensure that tracing is enabled <trace enable="true"/> and debug compiles are turned on - Encrypt or restrict intranet traffic - Restrict code access security policy settings

Ensure that tracing is enabled <trace enable="true"/> and debug compiles are turned on

Which of the following tools is not used to perform webserver information gathering? - Nmap - Netcraft - Wireshark - Whois

Wireshark

Which of the following is an operation in the web service architecture that involves obtaining the service interface description at the time of development as well as the binding and location description calls at run time? - Find - Bind - Publish - Service

Find

Which of the following techniques makes a web server vulnerable to attacks? - Blocking unrestricted internal and outbound traffic - Running unhardened applications and servers - Regularly updating the web server with the latest patches - Using different system administrator credentials everywhere

Running unhardened applications and servers

Which of the following stores a server's configuration, error, executable, and log files? - Document root - Virtual document tree - Server root - Web proxy

Server root

Which of the following terms refers to a set of hotfixes packed together? - Service pack - Repair pack - Hotfix pack - Patch

Service pack

Which of the following command does an attacker use to enumerate common web applications? - nmap -p80 --script http-userdir -enum localhost - nmap --script http-trace -p80 localhost - nmap --script http-enum -p80 <host> - nmap -p80 --script http-trace <host>

nmap --script http-enum -p80 <host>

An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this? - Phishing attack - Jamming attack - Water hole attack - Denial-of-service attack

- Water hole attack

The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services? - A security certification for hardened web applications - Web application patches - A list of flaws and how to fix them - An extensible security framework named COBIT

A list of flaws and how to fix them

In which of the following attack techniques does an attacker lure victims via email or a link that is constructed such that the loopholes of remote execution code become accessible, allowing the attacker to obtain access privileges equal to those of authorized users? - ActiveX attack - Session fixation - Frame injection - Request forgery attack

ActiveX attack

Which of the following is NOT a best approach to protect your firm against web server attacks? - Apply restricted ACLs - Allow remote registry administration - Remove unnecessary ISAPI filters from the web server - Secure the SAM (Stand-alone Servers Only)

Allow remote registry administration

Which of the following is NOT a best approach to protect your firm against web server attacks? - Remove unnecessary ISAPI filters from the web server - Allow remote registry administration - Apply restricted ACLs - Secure the SAM (Stand-alone Servers Only)

Allow remote registry administration

Which of the following is a web security testing tool that can be used by an attacker to predict and use the next possible session ID token to take over a valid session? - Burp Suite - Nikto2 - NCollector Studio - Netcraft

Burp Suite

An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price? - By changing hidden form values - By using SQL injection - By using cross site scripting - By utilizing a buffer overflow attack

By changing hidden form values

Which of the following tools is employed by a pen tester to find vulnerabilities in an organization's web server and evaluate its security posture by using the same techniques as those currently employed by cybercriminals? - Pupy - Netcraft - CORE Impact - NetVizor

CORE Impact

In which of the following cookie exploitation attacks does an attacker modify the cookie contents to obtain unauthorized information about a user and thereby perform identity theft? - Cookie sniffing - Cookie replay - Session brute-forcing - Cookie poisoning

Cookie poisoning

Which of the following is a clickjacking technique that overlays only the selected controls from a transparent page and involves masking buttons with hyperlinks and text labels containing false information? - Complete transparent overlay - Rapid content replacement - Cropping - Click event dropping

Cropping

In which of the following attack types does an attacker exploit the trust of an authenticated user to pass malicious code or commands to a web server? - SQL injection attack - Unvalidated input and file injection - Cross-site scripting - Cross-site request forgery

Cross-site request forgery

Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user's web browser to send a request to a vulnerable website through a malicious web page? - Cross-site request forgery - Web service attack - Hidden field manipulation - Cookie snooping

Cross-site request forgery

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the applications search form and introduces the following code in the search input field:"IMG SRC = vbscript:msgbox (Vulnerable" When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover? - Cross-site request forgery - Command injection - Cross-site scripting - SQL injection

Cross-site scripting

Which of the following attacks exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users? - Cross-site scripting - Broken access control - Security misconfiguration - Sensitive data exposure

Cross-site scripting

Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data? - Security misconfiguration - Components with known vulnerabilities - Cross-site scripting (XSS) - XML external entity (XXE)

Cross-site scripting (XSS)

Which of the following is not a session hijacking technique? - Cross-site scripting - DNS hijacking - Session fixation - Session sidejacking

DNS hijacking

Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack? - Man-in-the-middle attack - Denial-of-service attack - Session hijacking attack - DNS hijacking attack

DNS hijacking attack

If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform? - DNS amplification attack - HTTP response splitting attack - DoS attack - DNS server hijacking

DNS server hijacking

Which of the following is a type of attack in which the attacker alters or deletes the data of a web server and replaces the data with malware? - Data theft - Compromise of user accounts - Data tampering - Website defacement

Data tampering

Which of the following types of damage is caused when attackers access sensitive data such as financial records, future plans, and the source code of a program? - Website defacement - Data theft - Damage of the reputation of the company - Data tampering

Data theft

The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to? - DDoS - Defacement - Phishing - HTTP attack

Defacement

An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform? - HTTP response splitting attack - DNS server hijacking - DoS attack - DNS amplification attack

DoS attack

Which of the following is the root file directory of a web server that stores critical HTML files related to web pages of a domain name that will be sent in response to requests? - Virtual hosting - Document root - Web proxy - Server root

Document Root

Which of the following is NOT a best approach to protect your firm against web server files and directories? - Enable serving of directory listings - Avoid mapping virtual directories between two different servers, or over a network - Eliminate unnecessary files within the .jar files - Disable serving certain file types by creating a resource mapping

Enable serving of directory listings

Which of the following techniques allows an attacker to inject unusual characters into HTML code to bypass client-side controls? - Source-code review - Attack hidden form fields - Evade XSS filters - Attack browser extensions

Evade XSS filters

A security administrator is looking for a patch management tool which scans organizational network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task? - Netscan Pro - Nikto - Burp suite - GFI LanGuard

GFI LanGuard

In which of the following types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance? - Shell injection - File injection - HTML injection - HTML embedding

HTML injection

Which of the following tools is used by an attacker to perform website mirroring? - HTTrack - Hydra - Netcraft - Nessus

HTTrack

Which of the following techniques does an attacker use to replace the value of the data source parameter with that of a rogue Microsoft SQL server? - Hash stealing - Connection pool DoS - Port scanning - Hijacking web credentials

Hash stealing

One of the following is a clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor. When the user clicks on this cursor, it will be registered on a malicious page. Which is this clickjacking technique? - Click event dropping - Hidden overlay - Complete transparent overlay - Rapid content replacement

Hidden overlay

An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective? - Netcraft - Nessus - Burp suite - Hydra

Hydra

Which of the following tools is a simple Internet server identification utility that is capable of performing reverse DNS lookup and HTTP server identification? - OllyDbg - ID Serve - Dylib Hijack Scanner - NCollector Studio

ID Serve

Which of the following countermeasures should be followed to defend against DNS hijacking? - Include DNS hijacking into incident response and business continuity planning - Do not safeguard the registrant account information - Use the default router password included in the factory settings - Download audio and video codecs and other downloaders from untrusted websites

Include DNS hijacking into incident response and business continuity planning

What technique is used to perform a connection stream parameter pollution (CSPP) attack? - Injecting parameters into a connection string using semicolons as a separator - Adding multiple parameters with the same name in HTTP requests - Setting a user's session identifier (SID) to an explicit known value - Inserting malicious Javascript code into input parameters

Injecting parameters into a connection string using semicolons as a separator

Which of the following techniques is NOT a countermeasure to defend against web server attacks? - Use a dedicated machine as a web server - Secure the SAM - Install IIS server on a domain controller - Relocate sites and virtual directories to non-system partitions

Install IIS server on a domain controller

Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft? - Improper error handling - Parameter/form tampering - Unvalidated inputs - Insufficient transport layer protection

Insufficient transport layer protection

In which layer of the web-application vulnerability stack does an attacker scan an operating system to find open ports and vulnerabilities and develop viruses/backdoors to exploit them? - Layer 3 - Layer 2 - Layer 5 - Layer 7

Layer 3

In which layer of the web application vulnerability stack does an attacker exploit business-logic flaws and technical vulnerabilities to perform input validation attacks such as XSS? - Layer 4 - Layer 5 - Layer 7 - Layer 6

Layer 7

Which of the following vulnerabilities occurs when an application adds files without the proper validation of inputs, thereby enabling an attacker to modify the input and embed path traversal characters? - Security misconfiguration - File fingerprinting - Local file inclusion - Fileless malware

Local file inclusion

In which of the following attacks does an attacker attempt to access sensitive information by intercepting and altering communications between an end user and a web server? - Man-in-the-middle attack - HTTP response splitting attack - Phishing attack - Website defacement attack

Man-in-the-middle attack

Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers? - Man-in-the-middle attack - HTTP response splitting attack - Directory traversal attack - DoS attack

Man-in-the-middle attack

Which of the following is not a webserver security tool? - Fortify Web - InspectNetIQ secure configuration manager - Netcraft - Retina CS

Netcraft

Which of the following is an attack that can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant? - Platform exploits - CAPTCHA attacks - Buffer overflow - Network access attacks

Network access attacks

Which of the following is a lookup database for default passwords, credentials, and ports? - NetcraftN - Collector Studio - Open Sez Me - ID Serve

Open Sez Me

Which of the following guidelines should be followed by application developers to defend against HTTP response-splitting attacks? - Use the same TCP connection with the proxy for different virtual hosts - Allow CR (%0d or \r) and LF (%0a or \n) characters - Parse all user inputs or other forms of encoding before using them in HTTP headers - Share incoming TCP connections among different clients

Parse all user inputs or other forms of encoding before using them in HTTP headers

Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities? - Patch Management - Product Management - Risk Management - Vulnerability Management

Patch Management

Which of the following teams has the responsibility to check for updates and patches regularly? - Vulnerability assessment team - Red team - Patch management team - Security software development team

Patch management team

Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following? - Application servers - DNS servers - None of the above - Proxies

Proxies

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit? - Security misconfiguration - SQL injection - Sensitive data exposure - Broken access control

Security misconfiguration

Which of the following attacks allows an attacker to inject malicious content, modify the user´s online experience, and obtain unauthorized information? - Session prediction - Session poisoning - Cross-site request forgery - Session brute-forcing

Session poisoning

Which of the following types of payload modules in the Metasploit framework is self-contained and completely stand-alone? - Stages - Exploit - Singles - Stagers

Singles

During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability? - The web application does not have the secure flag set. - The victim's browser must have ActiveX technology enabled. - The victim user should not have an endpoint security solution. - The session cookies do not have the HttpOnly flag set.

The session cookies do not have the HttpOnly flag set.

Which of the following technique defends servers against blind response forgery? - UDP source port randomization - Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters - Removal of carriage returns (CRs) and linefeeds (LFs) - Restriction of web application access to unique IPs

UDP source port randomization

Which of the following technique defends servers against blind response forgery? - UDP source port randomization - Removal of carriage returns (CRs) and linefeeds (LFs) - Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters - Restriction of web application access to unique IPs

UDP source port randomization

A network administrator has observed that the computers in his network have Windows 7 operating system. The administrator has learned that the WannaCry ransomeware is affecting Windows 7 Systems across the globe. Which of the following is the best option that the network administrator has to provide efficient security and defend his network? - Remove all Windows 7 machines from the network - Update security patches and fixes provided by Microsoft - Conduct vulnerability assessment of all the machines in the network - Perform penetration testing on all the machines in the network

Update security patches and fixes provided by Microsoft

Which of the following techniques is used by an attacker to enumerate usernames from a target web application? - Verbose failure message - Dictionary attack - Cookie poisoning - Bypass SAML-based SSO

Verbose failure message

Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up? - Virtual document tree - Server root - Virtual hosting - Document root

Virtual document tree

Which of the following is a web-server component that provides storage on a different machine or disk after the original disk is filled up? - Document root - Server root - Virtual hosting - Virtual document tree

Virtual document tree

Which of the following provides storage on a different machine or disk after the original disk is filled up? - Virtual Hosting - Document root - Virtual document tree - Server root

Virtual document tree

Which of the following components of the web service architecture is an extension of SOAP and can be used to maintain the integrity and confidentiality of SOAP messages? - WS-Security - WS-Policy - WSDL - UDDI

WS-Security

Which of the following provides an interface between end-users and webservers? - Firewall - Database - Demilitarized zone - Web applications

Web applications

Which of the following layers in the web application architecture contains various components such as a firewall, an HTTP request parser, a proxy caching server, an authentication and login handler, a resource handler, and a hardware component? - Web-server logic layer - Business logic layer - Client or presentation layer - Database layer

Web-server logic layer

In which of the following attack types does an attacker alter the visual appearance of a web page by injecting code to add image popups or text? - Web cache poisoning - Server-side request forgery - Website defacement - Web-server misconfiguration

Website defacement

Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data? - Directory traversal attack - Website defacement - Man-in-the-middle attack - HTTP response splitting attack

Website defacement

Which technology do SOAP services use to format information? - XML - SATA - PCI - ISDN

XML

Which of the following commands does an attacker use to detect HTTP Trace? - nmap -p80 --script http-userdir -enum localhost - nmap --script http-enum -p80 <host> - nmap --script hostmap <host> - nmap -p80 --script http-trace <host>

nmap -p80 --script http-trace <host>


Conjuntos de estudio relacionados

BIOL2170 Exam 4 Study Guide (CH.13-17)

View Set

EMT Ch. 10: Shock questions and answers

View Set

Section 8.1: The role of conscience and why some Christians believe conscience is the most important guide in making moral decisions

View Set

Regulations - Other Federal and State Regulations

View Set

Exam 2: Schziophrenia, Bipolar Disorder, Neurocognitive Disorders

View Set

Driving Class Study Set (Chapters 1-6)

View Set

Business Stats Chapter 9 Smartbook

View Set