Ethical Hacking Part 2
Which of the following wireless standards uses modulation schemes such as GFSK, π/4-DPSK, and 8DPSK and a frequency of 2.4 GHz with data transfer rates in the range of 25-50 Mbps?
802.15.1 (Bluetooth)
Which of the following is a communication standard that is also known as WiMAX and is designed to provide multiple physical layer (PHY) and MAC options?
802.16
In which of the following attacks does an attacker saturate an API with a massive volume of traffic from multiple infected computers or botnets to delay the API services to legitimate users?
API DDoS attack
Which of the following is used to connect wireless devices to a wireless/wired network?
Access Point (AP)
In which of the following attack techniques does an attacker lure victims via email or a link that is constructed such that the loopholes of remote execution code become accessible, allowing the attacker to obtain access privileges equal to those of authorized users?
ActiveX Attack
Which of the following tools provides automated web application security testing with innovative technologies including DeepScan and AcuSensor technology?
Acunetix web vulnerability scanner
Which of the following countermeasures should be followed to protect web applications against broken authentication and session management attacks?
Apply pass phrasing with at least five random words
Which of the following techniques is NOT a best practice for securing webhooks?
Avoid validating the X-OP-Timestamp within the threshold of the current time
In which of the following attacks does an attacker pose a true or false question to an database to determine whether an application is vulnerable to SQL injection?
Blind SQL injection
In which of the following techniques does an attacker use logical requests such as AND/OR to bypass a firewall?
Blind SQL injection
Steve works as a penetration tester in a firm named InfoSecurity. Recently, Steve was given an assignment to test the security of the company's web applications and backend database. While conducting the test, he sends a malicious SQL query with conditional timing delays to the backend database through the web application. This conditional time delay forces the database to wait for a specified amount of time before responding. He performs the same task using different malicious SQL queries. By observing various query responses from the database, Steve came to know that the web application is vulnerable to an SQL injection attack. What type of SQL injection attack is Steve most likely performing?
Blind SQL injection
Which of the following attacks is time-intensive because the database should generate a new statement for each newly recovered bit?
Blind SQL injection
Which of the following techniques is used by an attacker to connect a fake account on the provider with a victim's account on the client side?
CSRF on authorization response
Which of the following is the most effective technique in identifying vulnerabilities or flaws in the web page code?
Code analysis
Which of the following types of API vulnerabilities occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials?
Code injections
In which of the following SQL injection attacks does an attacker deface a web page, insert malicious content into web pages, or alter the contents of a database?
Compromised data integrity
In which of the following cookie exploitation attacks does an attacker modify the cookie contents to obtain unauthorized information about a user and thereby perform identity theft?
Cookie poisoning
In which of the following database technologies is the SQL query [SELECT * FROM syscat.columns WHERE tabname='tablename'] used for column enumeration?
DB2
Which of the following practices makes web applications vulnerable to SQL injection attacks?
Database server running OS commands
William has been hired by the ITSec, Inc. to perform web application security testing. He was asked to perform black box penetration testing to test the security of the company's web applications. No information is provided to William about the company's network and infrastructure. William notices that the company website is dynamic and must make use of a backend database. He wants to see if an SQL injection would be possible. As part of the testing, he tries to catch instances where the user input is used as part of an SQL identifier without any input sanitization. Which of the following characters should William use as the input data to catch the above instances?
Double quote Single quote
Identify the reason why Web Applications are vulnerable to SQL injection attacks.
Error messages reveal important information
Which of the following best practices should be followed to prevent web-shell installation?
Establish a reverse proxy service for retrieving resources
Which of the following techniques allows an attacker to inject unusual characters into HTML code to bypass client-side controls?
Evade XSS filters
Which of the following is considered as a quality checking and assurance technique used to identify coding errors and security loopholes in web applications?
Fuzz testing
In which of the following attacks does an attacker repeatedly send some random input to a target API to generate error messages that reveal critical information?
Fuzzing
Robert, a penetration tester, is trying to perform SQL penetration testing on the SQL database of the company to discover coding errors and security loopholes. Robert sends massive amounts of random data to the SQL database through the web application in order to crash the web application of the company. After observing the changes in the output, he comes to know that the web application is vulnerable to SQL injection attacks. Which of the following testing techniques is Robert using to find out the loopholes?
Fuzzing testing
Which of the following methods carries the requested data to the webserver as a part of the message body?
HTTP POST
If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking attacks, what would you do to avoid the attacks?
Harden browser permission rules
Which of the following techniques does an attacker use to replace the value of the data source parameter with that of a rogue Microsoft SQL server?
Hash stealing
An attacker wants to exploit a webpage. From which of the following points does he start his attack process?
Identify entry points for user input
An attacker injects the following SQL query: blah' AND 1=(SELECT COUNT(*) FROM mytable); -- What is the intention of the attacker?
Identifying the table name
Which of the following countermeasures should be followed to protect web applications against broken access control?
Implement a session timeout mechanism
In which of the following attacks does an attacker use the same communication channel to perform the attack and retrieve the results?
In-band SQL injection
Shea is a licensed penetration tester. She is working with a client to test their new e-commerce website for SQL injection. After signing the NDA and agreeing on the rules of engagement (RoE), she starts by examining and listing all the input fields on the website. She tries to insert a string value in the CVV2 textbox, where a three-digit number is expected, and she ends up with the below error message.
Information gathering and SQL injection vulnerability detection
What technique is used to perform a connection stream parameter pollution (CSPP) attack?
Injecting parameters into a connection string using semicolons as a separator
Which of the following API security risks can be prevented by performing input validation, implementing a parameterized interface for processing inbound API requests, and limiting the number of records returned?
Injection
Which of the following is a built-in tool of Burp Suite that is used for inspecting and modifying traffic between a browser and target application?
Intercepting proxy
To defend against SQL injection, a developer needs to take proper actions in configuring and developing an application. Select all correct statements that help in defending against SQL injection attacks.
Keep untrusted data separate from commands and queries. Ensure that the Web configuration files for each application do not contain sensitive information. Avoid constructing dynamic SQL with concatenated Input values.
Which of the following vulnerabilities occurs when an application adds files without the proper validation of inputs, thereby enabling an attacker to modify the input and embed path traversal characters?
Local file inclusion
Which of the following database management systems contains the system table called "MsysObjects"?
MS Access
Which of the following countermeasures allows developers to protect PL/SQL code from SQL injection attacks?
Make use of bind parameters in dynamic SQL
In which type of fuzz testing do the current data samples create new test data and the new test data again mutates to generate further random data?
Mutation-based
Which statement is TRUE regarding network firewalls in preventing web application attacks?
Network firewalls cannot prevent attacks because ports 80 and 443 must be kept opened.
Which of the following API vulnerabilities allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting?
No ABAC validation
Which of the following functions can be used by an attacker to link a target SQL server's database to the attacker's own machine and retrieve data from the target SQL server database?
OPENROWSET()
Which type of antenna is used in wireless communication?
Omnidirectional
David, a penetration tester, was asked to check the MySQL database of the company for SQL injection attacks. He decided to check the back end database for a double blind SQL injection attack. He knows that double blind SQL injection exploitation is performed based on an analysis of time delays and he needs to use some functions to process the time delays. David wanted to use a function which does not use the processor resources of the server. Which of the following function David need to use?
Option A
Which of the following operators is used for string concatenation in an Oracle database?
Option A
Which of the following DB2 queries allows an attacker to perform column enumeration on a target database?
Option B
Which of the following SQL injection queries is used by an attacker to extract table column names?
Option B
Which of the following commands has to be disabled to prevent exploitation at the OS level?
Option B
Which of the following commands is used to make the CPU wait for a specified amount of time before executing an SQL query?
Option C
Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. Snort can be used to detect SQL injection attacks. Identify the correct Snort rule to detect SQL injection attacks using regular expression.
Option D
Which of the following MSSQL queries allows an attacker to perform column enumeration on a target database?
Option D
Which of the following SQL queries is an example of a heavy query used in SQL injection?
Option D
Which of the following characters is used in an SQL injection query as a wildcard attribute indicator?
Option D
Which of the following is a Snort rule that is used to detect and block an SQL injection attack?
Option D
Which of the following queries is used to create a database account in Microsoft SQL Server?
Option D
In one of the following attacks, an attacker uses different communication channels to perform the attack and obtain results. It is difficult to perform as the attacker needs to communicate with a database server and determine the server features used by a web application. Which is this attack?
Out-of-band SQL injection
Which of the following attacks is possible when an attacker executes .bat or .cmd files and changes the values by superimposing one or more operating-system commands through the request?
Parsing attack
In which of the following attacks does an attacker inject an additional malicious query into an original query to make the DBMS execute multiple SQL queries?
Piggybacked query
In which of the following attacks does an attacker inject an additional malicious query to the original query?
Piggybacked query
Which of the following HTTP service port numbers is used for connecting to a remote network server system?
Port 384
Which of the following is a DNS interrogation tool that allows an attacker to retrieve information about the location and type of servers related to the target web infrastructure?
Professional toolset
In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested?
Protocol-based
Which of the following is the result obtained after executing the SQL query "SELECT" from User_Data WHERE Email_ID = 'blah' or
Return more data
Which of the following web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads?
SOAP API
Based on the source code analysis the analyst concludes that the login.php script is vulnerable to
SQL injection
Which of the following attacks can be performed using information regarding the database interaction of a target web application?
SQL injection, data leakage
Which of the following protocols provides transport-level security for API messages to ensure confidentiality through encryption and integrity through signature?
SSL
Which of the following countermeasures should be followed to defend against watering-hole attacks?
Secure the DNS server to prevent attackers from redirecting the user to a new location
Which of the following built-in tools of Burp Suite is used for testing the randomness of session tokens?
Sequencer tool
Which of the following attacks allows an attacker to inject malicious content, modify the user´s online experience, and obtain unauthorized information?
Session poisoning
In which of the following processes do the station and access point use the same WEP key to provide authentication, which means that this key should be enabled and configured manually on both the access point and the client?
Shared key authentication process
Which of the following tools is used to build rules that aim to detect SQL injection attacks?
Snort
Which of the following API hacking techniques does not target the API or machine code and instead tricks users into divulging their credentials to perform further attacks?
Social engineering
Which of the following is used to detect bugs and irregularities in web applications?
Source code review
In one of the following features of the RESTful API, the client end stores the state of the session, and the server is restricted to save data during request processing. Which is this feature?
Stateless
In which of the following attacks does an attacker use a conditional OR clause in such a way that the condition of the WHERE clause will always be true?
Tautology
Which of the following practices helps developers defend against SQL injection attacks?
Test the content of string variables and accept only expected values
Which of the following countermeasures prevents buffer overruns?
Test the size and data type of the input and enforce appropriate limits.
If your web application sets any cookie with a secure attribute, what does this mean?
The client will send the cookie only over an HTTPS connection
What kind of attack did the hacker attempt to carry out at the bank?
The hacker first attempted logins with suspected user names, and then used SQL injection to gain access to valid bank login IDs.
A tester has been hired to perform source code review of a web application to detect SQL injection vulnerabilities. As part of the testing process, he needs to get all the information about the project from the development team. During the discussion with the development team, he comes to know that the project is in the initial stage of the development cycle. As per the above scenario, which of the following processes does the tester need to follow in order to save the company's time and money?
The tester needs to perform static code analysis as it covers the structural and statement coverage testing.
What is the main difference between a "Normal" SQL injection and a "Blind" SQL injection vulnerability?
The vulnerable application does not display errors with information about the injection results to the attacker.
Select all correct answers. In blind SQLi, attackers can steal data by asking a series of true or false questions through SQL statements. Select all the correct types of blind SQL injections.
Time delay Boolean exploitation
In LAN-to-LAN Wireless Network, the APs provide wireless connectivity to local computers, and computers on different networks that can be interconnected?
True
SQL injection attacks do not exploit a specific software vulnerability; instead they target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database.
True
Which of the following issues can be detected when testers send long strings of junk data, similar to strings for detecting buffer overruns that throw SQL errors on a page?
Truncation
In which of the following attacks does an attacker use an ORDER BY clause to find the right number of columns in a database table?
Union SQL injection
Which of the following countermeasures should be followed to protect web applications from command injection attacks?
Use modular shell disassociation from the kernel
An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to login as "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker?
Username enumeration
In which of the following evasion techniques does an attacker use a WHERE statement that is always evaluated as "true" so that any math string comparison can be used such as "' OR '1'='1'"?
Variations
Which of the following techniques is used by an attacker to enumerate usernames from a target web application?
Verbose failure message
Which of the following metadata formats does the SOAP API use to reveal a large amount of technical information such as paths, parameters, and message formats?
WSDL/XML-Schema
Which of the following automatically discover hidden content and functionality by parsing HTML form and client-side JavaScript requests and responses?
Web spiders
Which of the following APIs is a user-defined HTTP callback or push API that is raised based on events triggered, such as receiving a comment on a post or pushing code to the registry?
Webhook
In one of the following defensive techniques, only the list of entities such as data type, range, size, and value that have been approved for secured access are accepted. Which is this technique?
Whitelist validation
Which of the following parameters defines the level of access to an application to redirect a user agent to the authorization server?
scope
Which of the following system table does MS SQL Server database use to store metadata? Hackers can use this system table to acquire database schema information to further compromise the database.
sysobjects