Which web applications vulnerability did the analyst discover?
A security analyst in an insurance company is assigned to test a new web application that will be
used by clients to help them choose and apply for an insurance plan. The analyst discovers that
the application is developed in ASP scripting language and it uses MSSQL as a database
backend. The analyst locates the application’s search form and introduces the following code in
the search input fielD.
IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC”
originalPath=”vbscript:msgbox(“Vulnerable”);>”
When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable”.
Which web applications vulnerability did the analyst discover?
Which vulnerability has been detected in the web application?
While testing the company’s web applications, a tester attempts to insert the following test script
into the search area on the company’s web sitE.
<script>alert(” Testing Testing Testing “)</script>
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with
the text: “Testing Testing Testing”. Which vulnerability has been detected in the web application?
what was the original message?
A hacker was able to sniff packets on a company’s wireless network. The following information
was discovereD.
The Key 10110010 01001011
The Cyphertext 01100101 01011010
Using the Exlcusive OR, what was the original message?
International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlin
International Organization for Standardization (ISO) standard 27002 provides guidance for
compliance by outlining
Which solution can be used to emulate computer services, such as mail and ftp, and to capture information rela
Which solution can be used to emulate computer services, such as mail and ftp, and to capture
information related to logins or actions?
How should the administrator classify this situation?
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection
system. The alert was generated because a large number of packets were coming into the
network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers.
How should the administrator classify this situation?
What type of activity has been logged?
The following is part of a log file taken from the machine on the network with the IP address of
192.168.1.106:
Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
What type of activity has been logged?
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
Which of the following settings enables Nessus to detect when it is sending too many packets and the network p
Which of the following settings enables Nessus to detect when it is sending too many packets and
the network pipe is approaching capacity?
Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process.
Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?