which of the following should be performed first in any penetration test?
In which of the following should be performed first in any penetration test?
Which of the following items is unique to the N-tier architecture method of designing software applications?
Which of the following items is unique to the N-tier architecture method of designing software
applications?
which phase of a penetration test?
Vulnerability mapping occurs after which phase of a penetration test?
what the engineer performed?
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how
much information can be obtained from the firm’s public facing web servers. The engineer decides
to start by using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
DatE. Mon, 16 Jan 2011 01:41:33 GMT
Content-TypE. text/html
Accept-Ranges: bytes
Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT
ETaG. “b0aac0542e25c31:89d”
Content-Length: 7369
Which of the following is an example of what the engineer performed?
which of the following processes to remove unnecessary software, services, and insecure configuration settings
To reduce the attack surface of a system, administrators should perform which of the following
processes to remove unnecessary software, services, and insecure configuration settings?
Which type of firewall is the tester trying to traverse?
While conducting a penetration test, the tester determines that there is a firewall between the
tester’s machine and the target machine. The firewall is only monitoring TCP handshaking of
packets at the session layer of the OSI model. Which type of firewall is the tester trying to
traverse?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which type of scan is used on the eye to measure the layer of blood vessels?
Which web applications vulnerability did the analyst discover?
A security analyst in an insurance company is assigned to test a new web application that will be
used by clients to help them choose and apply for an insurance plan. The analyst discovers that
the application is developed in ASP scripting language and it uses MSSQL as a database
backend. The analyst locates the application’s search form and introduces the following code in
the search input fielD.
IMG SRC=vbscript:msgbox(“Vulnerable”);> originalAttribute=”SRC”
originalPath=”vbscript:msgbox(“Vulnerable”);>”
When the analyst submits the form, the browser returns a pop-up window that says “Vulnerable”.
Which web applications vulnerability did the analyst discover?
Which vulnerability has been detected in the web application?
While testing the company’s web applications, a tester attempts to insert the following test script
into the search area on the company’s web sitE.
<script>alert(” Testing Testing Testing “)</script>
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with
the text: “Testing Testing Testing”. Which vulnerability has been detected in the web application?
what was the original message?
A hacker was able to sniff packets on a company’s wireless network. The following information
was discovereD.
The Key 10110010 01001011
The Cyphertext 01100101 01011010
Using the Exlcusive OR, what was the original message?