What is the following command trying to accomplish?

You are a security analyst performing a penetration tests for a company in the Midwest. After some initial
reconnaissance, you discover the IP addresses of some Cisco routers used by the company. You type in the
following URL that includes the IP address of one of the routers:
http://172.168.4.131/level/99/exec/show/config
After typing in this URL, you are presented with the entire configuration file for that router. What have you
discovered?

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to
sensitive information about the company clients. You have rummaged through their trash and found very little
information. You do not want to set off any alarms on their network, so you plan on performing passive foot
printing against their Web servers. What tool should you use?

Jessica works as systems administrator for a large electronics firm. She wants to scan her network quickly to
detect live hosts by using ICMP ECHO Requests. What type of scan is Jessica going to perform?

You are assisting a Department of Defense contract company to become compliant with the stringent security
policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections that were
first initiated by internal computers. What type of firewall must you implement to abide by this policy?

Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit,
Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports
scanned do not give a response. In what state are these ports?

If an attacker’s computer sends an IPID of 31400 to a zombie computer on an open port in IDLE scanning,
what will be the response?

You are carrying out the last round of testing for your new website before it goes live. The website has many
dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come
across a web security site that recommends inputting the following code into a search field on web pages to
check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: “This
is a test.”
What is the result of this test?

You setup SNMP in multiple offices of your company. Your SNMP software manager is not receiving data from
other offices like it is for your main office. You suspect that firewall changes are to blame. What ports should
you open for SNMP to work through Firewalls? (Choose two.)

What will the following command produce on a website login page? SELECT email, passwd, login_id,
full_name FROM members WHERE email = ‘someone@somehwere.com’; DROP TABLE members; –‘