While using your bank’s online servicing you notice the following string in the URL bar: “http://
www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Camount=21”
You observe that if you modify the Damount & Camount values and submit the request, that data on the web
page reflect the changes.
Which type of vulnerability is present on this site?

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named
“Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating,
“This word document is corrupt.” In the background, the file copies itself to Jesse APPDATA\\local directory and
begins to beacon to a C2 server to download additional malicious binaries.
What type of malware has Jesse encountered?

Your company performs penetration tests and security assessments for small and medium-sized business in
the local area. During a routine security assessment, you discover information that suggests your client isinvolved with human trafficking.
What should you do?

This international organization regulates billions of transactions daily and provides security guidelines to protect
personally identifiable information (PII). These security controls provide a baseline and prevent low-level
hackers sometimes known as script kiddies from causing a data breach.
Which of the following organizations is being described?

In 2007, this wireless security algorithm was rendered useless by capturing packets and discovering the
passkey in a matter of seconds. This security flaw led to a network invasion of TJ Maxx and data theft through
a technique known as wardriving.
Which Algorithm is this referring to?

The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities
and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the transport layer
security (TLS) protocols defined in RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system
very easy?

This tool is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data
packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK
attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools.
Which of the following tools is being described?

During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a
Demilitarized Zone (DMZ) and a second DNS server on the internal network.
What is this type of DNS configuration commonly called?

Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The TCP
XMAS scan is used to identify listening ports on the targeted system.
If a scanned port is open, what happens?