- All Exams Instant Download
What technique does Jimmy use to compromise a database?
Jimmy, an attacker, knows that he can take advantage of poorly designed input validation routines to create or alter SQL commands to gain access to private data or execute commands in the database. What technique does Jimmy use to compromise a database?A . Jimmy can submit user input that executes...
How do you defend against ARP Spoofing? Select three.
How do you defend against ARP Spoofing? Select three.A . Use ARPWALL system and block ARP spoofing attacksB . Tune IDS Sensors to look for large amount of ARP traffic on local subnetsC . Use private VLANSD . Place static ARP entries on servers, workstation and routersView AnswerAnswer: A,C,D Explanation:...
Why do you think Dan might not be able to get an interactive session?
Dan is conducting penetration testing and has found a vulnerability in a Web Application which gave him the sessionID token via a cross site scripting vulnerability. Dan wants to replay this token. However, the session ID manager (on the server) checks the originating IP address as well. Dan decides to...
What does FIN in TCP flag define?
What does FIN in TCP flag define?A . Used to abort a TCP connection abruptlyB . Used to close a TCP connectionC . Used to acknowledge receipt of a previous packet or transmissionD . Used to indicate the beginning of a TCP connectionView AnswerAnswer: B
What type of Virus is shown here?
What type of Virus is shown here? A . Cavity VirusB . Macro VirusC . Boot Sector VirusD . Metamorphic VirusE . Sparse Infector VirusView AnswerAnswer: E
Which statement correctly defines this term?
One of the effective DoS/DDoS countermeasures is 'Throttling'. Which statement correctly defines this term?A . Set up routers that access a server with logic to adjust incoming traffic to levels that will be safe for the server to processB . Providers can increase the bandwidth on critical connections to prevent...
What is the purpose of this code?
Lori was performing an audit of her company's internal Sharepoint pages when she came across the following code. What is the purpose of this code? A . This JavaScript code will use a Web Bug to send information back to another server.B . This code snippet will send a message...
In which step would you engage a forensic investigator?
Testing security periodically. In which step would you engage a forensic investigator?A . 1B . 2C . 3D . 4E . 5F . 6View AnswerAnswer: D
Why do you think this is possible?
Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server. Why do you think this is possible?A . It works because encryption is performed at the application layer (single encryption key)B...
In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?
In Buffer Overflow exploit, which of the following registers gets overwritten with return address of the exploit code?A . EEPB . ESPC . EAPD . EIPView AnswerAnswer: D
