Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

While testing the company’s web applications, a tester attempts to insert the following test script into the search
area on the company’s web site:
<script>alert(” Testing Testing Testing “)</script>
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text:
“Testing Testing Testing”. Which vulnerability has been detected in the web application?

Employees in a company are no longer able to access Internet web sites on their computers. The network
administrator is able to successfully ping IP address of web servers on the Internet and is able to open web
sites by using an IP address in place of the URL. The administrator runs the nslookup command for
www.eccouncil.org and receives an error message stating there is no response from the server. What should
the administrator do next?

Which of the following network attacks takes advantage of weaknesses in the fragment reassembly
functionality of the TCP/IP protocol stack?

Which of the following descriptions is true about a static NAT?

If a tester is attempting to ping a target that exists but receives no response or a response that states the
destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option
could the tester use to get a response from a host using TCP?

Which of the following items is unique to the N-tier architecture method of designing software applications?

Which of the following is a primary service of the U.S. Computer Security Incident Response Team (CSIRT)?

An IT security engineer notices that the company’s web server is currently being hacked. What should the
engineer do next?

The intrusion detection system at a software development company suddenly generates multiple alerts
regarding attacks against the company’s external webserver, VPN concentrator, and DNS servers. What
should the security team do to determine which alerts to check first?