chapter 12 ethical hacker pro
Which of the following is a password cracking tool that can make over 50 simultaneous target connections? -TCH-Hydra -Metasploit -Brutus -Wfetch
-Brutus
HTTP headers can contain hidden parameters such as user-agent, host headers, accept, and referrer. Which of the following tool could you use to discover hidden parameters? -Hackalert -WinDump -Wikto -Burp Suite
-Burp Suite
Frank wants to do a penetration test. He is looking for a tool that checks for vulnerabilities in web applications, network systems, wireless networks, mobile devices, and defense systems such as IDS or IPS. Which of the following tools would you recommend to him? -Arachni -Syhunt Dynamic -COREImpact Pro -Immunity CANVAS
-COREImpact Pro
In 2011, Sony was targeted by an SQL injection attack that compromised over a million emails, usernames, and passwords. Which of the following could have prevented the attack? -Careful configuration and penetration testing on the front end. -Scanning the operating system and application coding regularly for bugs and errors. -Using VPN technology to protect client data when connecting from a remote system. -Blocking, or at least monitoring, activity on ports 161 and 162.
-Careful configuration and penetration testing on the front end.
Which type of web application requires a separate application to be installed before you can use the app? -Server-based web app -Client-based web app -Mobile apps -Browser-based web app
-Client-based web app
A hacker has used an SQL injection to deface a web page by inserting malicious content and altering the contents of the database. Which of the following did the hacker accomplish? -Bypass authentication -Compromise data availability -Compromise data integrity -Information disclosure
-Compromise data integrity
Web applications use sessions to establish a connection and transfer sensitive information between a client and a server. Attacking an application's session management mechanisms can help you get around some of the authentication controls and allow you to use the permissions of more privileged application users. Which of the following type of attacks could you use to accomplish this? -Cookie parameter tampering -Buffer overflow -Hash stealing -Web script injection
-Cookie parameter tampering
As a penetration tester, you have found there is no data validation being completed at the server, which could leave the web applications vulnerable to SQL injection attacks. Which of the following could you use to help defend against this vulnerability? -Be sure that the database server account is being run with maximum rights. -Use a higher privileged account for database connectivity. -Decline any entry that includes binary input, comment characters, or escape sequences. -Always use default error messaging.
-Decline any entry that includes binary input, comment characters, or escape sequences.
Which of the following HTTP response messages would you receive if additional action needs to be taken to complete the request? -3xx: Redirection -1xx: Informational -4xx: Client Error -2xx: Success
-3xx: Redirection
Which of the following best describes the SQL Power Injector tool? -A tool used for heavy queries to complete time-based blind SQL injection attacks. -A tool used to find SQL injections on a web page. -An injection framework that can exploit SQL injection vulnerabilities on most databases. -An injection tool that be can used for retrieving user and password hashes, fingerprinting, accessing a file system, and executing commands.
-A tool used to find SQL injections on a web page.
Which of the following best describes a phishing attack? -An attacker alters the XSS to run a Trojan horse with the victim's web browser. -This attack is used to intercept communications between an authorized user and the web server. -A user is tricked into believing that a legitimate website is requesting their login information. -In this attack, attackers use various weaknesses to hack into seemingly secure passwords.
-A user is tricked into believing that a legitimate website is requesting their login information.
Which of the following best describes a web application? -A web application taxes the client's processor and storage space. -Web applications require special administration because they involve updates on client computers. -A web application is software that has been installed on a web server. -Web applications need to be developed for every operating system.
-A web application is software that has been installed on a web server.
Which of the following best describes Microsoft Internet Information Services (IIS)? -A database server technology -An email server technology -A web server technology -A name server technology
-A web server technology
Which of the following is an open-source web server technology? -Nginx -Microsoft Internet Information Services (IIS) -LightSpeed Web Server -Apache Web Server
-Apache Web Server
The following are countermeasures you would take against a web application attack: *Secure remote administration and connectivity testing. *Perform extensive input validation. *Configure the firewall to deny ICMP traffic. *Stop data processed by the attacker from being executed. Which of the following attacks would these countermeasures prevent? -DoS attacks -XSS attacks -Web services attack -Directory traversal
-DoS attacks
As part of your penetration test, you have captured an FTP session, as shown below. Which of the following concerns or recommendations will you include in your report? -FTP uses clear-text passwords. -FTP ports 192 & 168 should be hidden. -FTP response type 230 should be blocked. -FTP request type A allows ASCII files to be downloaded.
-FTP uses clear-text passwords.
Gathering information about a system, its components, and how they work together is known as ________? -Analyzing -Spoofing -Attacking -Footprinting
-Footprinting
You are looking for a web server security tool that will detect hidden malware in websites and advertisements. Which of the following security tools would you most likely use? -Wikto -Syhunt Dynamic -MBSA -Hackalert
-Hackalert
An attacker is attempting to connect to a database using a web application system account instead of user-provided credentials. Which of the following methods is the attacker attempting to use? -Cookie parameter tampering -Password attacks -Cookie exploitation -Hijacking web credentials
-Hijacking web credentials
Which of the following functions does a single quote (') perform in an SQL injection? -Indicates that data has ended and a command is beginning. -Indicates that everything after the single quote is a comment. -Indicates that code is ending and a comment is being entered. -Indicates that the comment has ended and data is being entered.
-Indicates that data has ended and a command is beginning.
Which of the following web server countermeasures is implemented to fix known vulnerabilities, eliminate bugs, and improve performance? -Install patches and updates. -Remove inactive accounts. -Perform a vulnerability scan. -Disable the directory listing option.
-Install patches and updates.
There are several types of signature evasion techniques. Which of the following best describes the obfuscated codes technique? -Inserts in-line comments between SQL keywords. -Is an SQL statement that is hard to read and understand. -Code can be used to represent an SQL query. -Uses the CHAR function to represent a character.
-Is an SQL statement that is hard to read and understand.
The SQL injection methodology has four parts. Which of the following parts is similar to playing the game 20 questions? -Information gathering -Test for SQL injection vulnerabilities -Launch a SQL attack -Advanced SQL injection
-Launch a SQL attack
Which of the following best describes the countermeasures you would take against a cross-site request forgery attack? -Use SSL for all authenticated parts of an application. Verify whether user information is stored in a hashed format. Do not submit session data as part of a GET or POST. -Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details. -Set the secure flag on all sensitive cookies. Ensure that certificates are valid and are not expired. All non-SSL web page requests should be directed to the SSL page. -Avoid using redirects and forwards. If you must use them, be sure that the supplies values are valid and the user has appropriate authorization.
-Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details.
Which of the following steps in the web server hacking methodology involves setting up a web server sandbox to gain hands-on experience attacking a web server? -Vulnerability scanning -Mirroring -Footprinting -Session hijacking
-Mirroring
You are looking for a web application security tool that runs automated scans looking for vulnerabilities susceptible to SQL injection, cross-site scripting, and remote code injection. Which of the following web application security tools would you most likely use? -dotDefender -N-Stalker -VampireScan -Netsparker
-Netsparker
Which of the following best describes the HTTP Request/Response TRACE? -Stores web pages and distributes them to clients. -Establishes a communication tunnel to the server. -Only transfers the status line and the header section. -Performs a loopback test to a target resource.
-Performs a loopback test to a target resource.
Which of the following types of injections can be injected into conversations between an application and a server to generate excessive amounts of spam email? -XPath injection -LDAP injection -SQL injection -SMTP injection
-SMTP injection
Upload bombing and poison null byte attacks are designed to target which of the following web application vulnerabilities? -Flawed web design -Input validation -Scripting errors -Buffer overflow
-Scripting errors
Which of the following footprinting methods would you use to scan a web server to find ports that the web server is using for various services? -Port scanning -Detect proxy servers -Detect firewalls -Service discovery
-Service discovery
Which of the following statements is true regarding cookies? -They load tons of files onto a server, hoping to fill up the server's drives and crash the system. -They were created to store information about user preferences and web activities. -They will overflow when an application or process tries to send more data than they are able to hold. -They assign session IDs, encryption, and permissions to a specific client for a period of time.
-They were created to store information about user preferences and web activities.
SQL injections are a result of which of the following flaws? -The web server -The file system -Web applications -The database
-Web applications
Which of the following explains why web servers are often targeted by attackers? -Web servers are standalone servers that seldom interact with other network resources. -Web servers are placed behind firewalls to make them less accessible to users. -Web servers are simple devices with few complex features, making their attack surfaces easy to exploit. -Web servers provide an easily found, publicly accessible entrance to a network that users are encouraged to enter into and browse.
-Web servers provide an easily found, publicly accessible entrance to a network that users are encouraged to enter into and browse.
You are analyzing the web applications in your company and have newly discovered vulnerabilities. You want to launch a denial-of-service (DoS) attack against the web server. Which of the following tools would you most likely use? -Wireshark -Burp Suite -WebScarab -WebInspect
-WebInspect
Which of the following types of web server attacks is characterized by altering or vandalizing a website's appearance in an attempt to humiliate, discredit, or annoy the victim? -Website defacement -Cross-site scripting -Footprinting -Directory traversal
-Website defacement