Which of the following conditions must be met to exploit this vulnerability?
During a penetration test, a tester finds that the web application being analyzed is vulnerable to
Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this
vulnerability?
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resid
Which protocol and port number might be needed in order to send log messages to a log analysis
tool that resides behind a firewall?
What is the ethical response?
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating.
She offers to pay to break into her husband’s email account in order to find proof so she can take
him to court. What is the ethical response?
Which NMAP switch would the hacker use?
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch
would the hacker use?
Which type of certificate is used to encrypt and decrypt the data?
The network administrator for a company is setting up a website with e-commerce capabilities.
Packet sniffing is a concern because credit card information will be sent electronically over the
Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of
certificate is used to encrypt and decrypt the data?
Which security control role does encryption meet?
Which security control role does encryption meet?
Which type of attack did the consultant perform?
A consultant is hired to do physical penetration testing at a large financial company. In the first day
of his assessment, the consultant goes to the company`s building dressed like an electrician and
waits in the lobby for an employee to pass through the main access gate, then the consultant
follows the employee behind to get into the restricted area. Which type of attack did the consultant
perform?
How will the pentester pivot using Metasploit?
A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester
pivot using Metasploit?
Which of the following actions should the security administrator take?
A company has hired a security administrator to maintain and administer Linux and Windowsbased systems. Written in the nightly report file is the followinG.
Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours
later the size has decreased considerably. Another hour goes by and the log files have shrunk in
size again.
Which of the following actions should the security administrator take?
Which NMAP switch would the hacker use?
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP
switch would the hacker use?