which of the following processes to remove unnecessary software, services, and insecure configuration settings
To reduce the attack surface of a system, administrators should perform which of the following
processes to remove unnecessary software, services, and insecure configuration settings?
Which type of firewall is the tester trying to traverse?
While conducting a penetration test, the tester determines that there is a firewall between the
tester’s machine and the target machine. The firewall is only monitoring TCP handshaking of
packets at the session layer of the OSI model. Which type of firewall is the tester trying to
traverse?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which web applications vulnerability did the analyst discover?
A security analyst in an insurance company is assigned to test a new web application that will be
used by clients to help them choose and apply for an insurance plan. The analyst discovers that
the application is developed in ASP scripting language and it uses MSSQL as a database
backend. The analyst locates the application’s search form and introduces the following code in
the search input fielD.
IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC”
originalPath=”vbscript:msgbox(“Vulnerable”);>”
When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable”.
Which web applications vulnerability did the analyst discover?
Which vulnerability has been detected in the web application?
While testing the company’s web applications, a tester attempts to insert the following test script
into the search area on the company’s web sitE.
<script>alert(” Testing Testing Testing “)</script>
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with
the text: “Testing Testing Testing”. Which vulnerability has been detected in the web application?
what was the original message?
A hacker was able to sniff packets on a company’s wireless network. The following information
was discovereD.
The Key 10110010 01001011
The Cyphertext 01100101 01011010
Using the Exlcusive OR, what was the original message?
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlin
International Organization for Standardization (ISO) standard 27002 provides guidance for
compliance by outlining
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information rela
Which solution can be used to emulate computer services, such as mail and ftp, and to capture
information related to logins or actions?
How should the administrator classify this situation?
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection
system. The alert was generated because a large number of packets were coming into the
network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers.
How should the administrator classify this situation?
What type of activity has been logged?
The following is part of a log file taken from the machine on the network with the IP address of
192.168.1.106:
Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
What type of activity has been logged?