Transmission control protocol accepts data from a data stream, divides it into chunks, and
adds a TCP header creating a TCP segment.
The TCP header is the first 24 bytes of a TCP segment that contains the parameters and
state of an end-to-end TCP socket. It is used to track the state of communication between
two TCP endpoints.
For a connection to be established or initialized, the two hosts must synchronize. The
synchronization requires each side to send its own initial sequence number and to receive a
confirmation of exchange in an acknowledgment (ACK) from the other side The below
diagram shows the TCP Header format:

How many bits is a acknowledgement number?

Which of the following protocol’s traffic is captured by using the filter tcp.port==3389 in the
Wireshark tool?

In the process of hacking a web application, attackers manipulate the HTTP requests to
subvert the application authorization schemes by modifying input fields that relate to the user
ID, username, access group, cost, file names, file identifiers, etc. They first access the web
application using a low privileged account and then escalate privileges to access protected
resources. What attack has been carried out?

The amount of data stored in organizational databases has increased rapidly in recent years
due to the rapid advancement of information technologies. A high percentage of these data
is sensitive, private and critical to the organizations, their clients and partners. Therefore,
databases are usually installed behind internal firewalls, protected with intrusion detection
mechanisms and accessed only by applications. To access a database, users have to
connect to one of these applications and submit queries through them to the database. The
threat to databases arises when these applications do not behave properly and construct
these queries without sanitizing user inputs first. Identify the injection attack represented in
the diagram below:

Which of the following scan option is able to identify the SSL services?

If a web application sends HTTP cookies as its method for transmitting session tokens, it
may be vulnerable which of the following attacks?

SQL injection attack consists of insertion or “injection” of either a partial or complete SQL
query via the data input or transmitted from the client (browser) to the web application.
A successful SQL injection attack can:
i)Read sensitive data from the database
iii)Modify database data (insert/update/delete)
iii)Execute administration operations on the database (such as shutdown the DBMS)
iV)Recover the content of a given file existing on the DBMS file system or write files into the
file system
v)Issue commands to the operating system

Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to
make a list of all input fields whose values could be used in crafting a SQL query, including
the hidden fields of POST requests and then test them separately, trying to interfere with the
query and to generate an error. In which of the following tests is the source code of the
application tested in a non-runtime environment to detect the SQL injection vulnerabilities?

Which of the following is NOT generally included in a quote for penetration testing services?

Trace route is a computer network diagnostic tool for displaying the route (path) and
measuring transit delays of packets across an Internet Protocol (IP) network. It sends a
sequence of three Internet Control Message Protocol (ICMP) echo request packets
addressed to a destination host. The time-to-live (TTL) value, also known as hop limit, is
used in determining the intermediate routers being traversed towards the destination. During
routing, each router reduces packets’ TTL value by

Which of the following attributes has a LM and NTLMv1 value as 64bit + 64bit + 64bit and
NTLMv2 value as 128 bits?