A Blind SQL injection is a type of SQL Injection attack that asks the database true or false
questions and determines the answer based on the application response. This attack is often
used when the web application is configured to show generic error messages, but has not
mitigated the code that is vulnerable to SQL injection.

It is performed when an error message is not received from application while trying to exploit
SQL vulnerabilities. The developer’s specific message is displayed instead of an error
message. So it is quite difficult to find SQL vulnerability in such cases.
A pen tester is trying to extract the database name by using a blind SQL injection. He tests
the database using the below query and finally finds the database name.
http://juggyboy.com/page.aspx?id=1 ; IF (LEN(DB_NAME())=4) WAITFOR DELAY
’00:00:10′–
http://juggyboy.com/page.aspx?id=1 ; IF (ASCII(lower(substring((DB_NAME()),1,1)))=97)
WAITFOR DELAY ’00:00:10′–
http://juggyboy.com/page.aspx?id=1 ; IF (ASCII(lower(substring((DB_NAME()),2,1)))=98)
WAITFOR DELAY ’00:00:10′–
http://juggyboy.com/page.aspx?id=1 ; IF (ASCII(lower(substring((DB_NAME()),3,1)))=99)
WAITFOR DELAY ’00:00:10′–
http://juggyboy.com/page.aspx?id=1 ; IF (ASCII(lower(substring((DB_NAME()),4,1)))=100)
WAITFOR DELAY ’00:00:10′–
What is the database name?

You are conducting a penetration test against a company and you would like to know a
personal email address of John, a crucial employee. What is the fastest, cheapest way to
find out John’s email address.

Which of the following is an ARP cache poisoning technique aimed at network switches?

Which of the following documents helps in creating a confidential relationship between the
pen tester and client to protect critical and confidential information or trade secrets?

TCP/IP model is a framework for the Internet Protocol suite of computer network protocols
that defines the communication in an IP-based network. It provides end-to-end connectivity
specifying how data should be formatted, addressed, transmitted, routed and received at the
destination. This functionality has been organized into four abstraction layers which are used
to sort all related protocols according to the scope of networking involved.

Which of the following TCP/IP layers selects the best path through the network for packets to travel?

Amazon, an IT based company, conducts a survey on the usage of the Internet. They found
that company employees spend most of the time at work surfing the web for their personal
use and for inappropriate web site viewing. Management decide to block all such web sites
using URL filtering software.

How can employees continue to see the blocked websites?

Internet Control Message Protocol (ICMP) messages occur in many situations, such as
whenever a datagram cannot reach the destination or the gateway does not have the
buffering capacity to forward a datagram. Each ICMP message contains three fields: type,
code, and checksum. Different types of Internet Control Message Protocols (ICMPs) are
identified by a type and code field.

Which of the following ICMP messages will be generated if the destination port is not reachable?

To locate the firewall, SYN packet is crafted using Hping or any other packet crafter and sent
to the firewall. If ICMP unreachable type 13 message (which is an admin prohibited packet)
with a source IP address of the access control device is received, then it means which of the
following type of firewall is in place?

An automated electronic mail message from a mail system which indicates that the user
does not exist on that server is called as?

Which of the following reports provides a summary of the complete pen testing process, its
outcomes, and recommendations?