Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities
Which Open Web Application Security Project (OWASP) implements a web application full of
known vulnerabilities?
Which command should the hacker type into the command shell to request the appropriate records?
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses
the nslookup interactive mode for the search. Which command should the hacker type into the
command shell to request the appropriate records?
which cryptographic algorithms would be useful to gain access to the application?
After gaining access to the password hashes used to protect access to a web based application,
knowledge of which cryptographic algorithms would be useful to gain access to the application?
which piece of information from the recipient must the sender have before encrypting the message?
To send a PGP encrypted message, which piece of information from the recipient must the sender
have before encrypting the message?
What is the mostly likely way the attacker has been able to modify the purchase price?
An attacker has been successfully modifying the purchase price of items purchased on the
company’s web site. The security administrators verify the web server and Oracle database have
not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs
and found no attacks that could have caused this. What is the mostly likely way the attacker has
been able to modify the purchase price?
Which of the following items is unique to the N-tier architecture method of designing software applications?
Which of the following items is unique to the N-tier architecture method of designing software
applications?
what the engineer performed?
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how
much information can be obtained from the firm’s public facing web servers. The engineer decides
to start by using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
DatE. Mon, 16 Jan 2011 01:41:33 GMT
Content-TypE. text/html
Accept-Ranges: bytes
Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT
ETaG. “b0aac0542e25c31:89d”
Content-Length: 7369
Which of the following is an example of what the engineer performed?
which of the following processes to remove unnecessary software, services, and insecure configuration settings
To reduce the attack surface of a system, administrators should perform which of the following
processes to remove unnecessary software, services, and insecure configuration settings?
Which type of firewall is the tester trying to traverse?
While conducting a penetration test, the tester determines that there is a firewall between the
tester’s machine and the target machine. The firewall is only monitoring TCP handshaking of
packets at the session layer of the OSI model. Which type of firewall is the tester trying to
traverse?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which type of scan is used on the eye to measure the layer of blood vessels?