Page: 1
/ 14
Total 200 questions
ARP spoofing is a technique whereby an attacker sends fake ("spoofed") Address
Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
ARP spoofing attack is used as an opening for other attacks.
What type of attack would you launch after successfully deploying ARP spoofing?
A. Parameter Filtering -
B. Social Engineering -
C. Input Validation -
D. Session Hijacking -
Answer : D //en.wikipedia.org/wiki/ARP_spoofing
SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query via the data input or transmitted from the client (browser) to the web application.
A successful SQL injection attack can:
i)Read sensitive data from the database
iii)Modify database data (insert/update/delete)
iii)Execute administration operations on the database (such as shutdown the DBMS) iV)Recover the content of a given file existing on the DBMS file system or write files into the file system v)Issue commands to the operating system
Pen tester needs to perform various tests to detect SQL injection vulnerability. He has to make a list of all input fields whose values could be used in crafting a SQL query, including the hidden fields of POST requests and then test them separately, trying to interfere with the query and to generate an error.
In which of the following tests is the source code of the application tested in a non-runtime environment to detect the SQL injection vulnerabilities?
- A. Automated Testing
- B. Function Testing
- C. Dynamic Testing
- D. Static Testing
Answer : D
Reference:
http://ijritcc.org/IJRITCC%20Vol_2%20Issue_5/Removal%20of%20Data%20Vulnerabilities
%20Using%20SQL.pdf
Fuzz testing or fuzzing is a software/application testing technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.
Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs, and SQL injection.
Fuzzer helps to generate and submit a large number of inputs supplied to the application for testing it against the inputs. This will help us to identify the SQL inputs that generate malicious output.
Suppose a pen tester knows the underlying structure of the database used by the application (i.e., name, number of columns, etc.) that she is testing.
Which of the following fuzz testing she will perform where she can supply specific data to the application to discover vulnerabilities?
- A. Clever Fuzz Testing
- B. Dumb Fuzz Testing
- C. Complete Fuzz Testing
- D. Smart Fuzz Testing
Answer : D
Which of the following has an offset field that specifies the length of the header and data?
- A. IP Header
- B. UDP Header
- C. ICMP Header
- D. TCP Header
Answer : D
What is a difference between host-based intrusion detection systems (HIDS) and network- based intrusion detection systems (NIDS)?
- A. NIDS are usually a more expensive solution to implement compared to HIDS.
- B. Attempts to install Trojans or backdoors cannot be monitored by a HIDS whereas NIDS can monitor and stop such intrusion events.
- C. NIDS are standalone hardware appliances that include network intrusion detection capabilities whereas HIDS consist of software agents installed on individual computers within the system.
- D. HIDS requires less administration and training compared to NIDS.
Answer : C
What are the scanning techniques that are used to bypass firewall rules and logging mechanisms and disguise themselves as usual network traffic?
- A. Connect Scanning Techniques
- B. SYN Scanning Techniques
- C. Stealth Scanning Techniques
- D. Port Scanning Techniques
Answer : C
Reference: http://wwww.pc-
freak.net/tutorials/hacking_info/arkin%20network%20scanning%20techniques.pdf (page 7
A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications.
Which of the following frameworks helps an organization in the evaluation of the companys information security with that of the industrial standards?
- A. Microsoft Internet Security Framework
- B. Information System Security Assessment Framework
- C. The IBM Security Framework
- D. Nortell’s Unified Security Framework
Answer : B
If a web application sends HTTP cookies as its method for transmitting session tokens, it may be vulnerable which of the following attacks?
- A. Parameter tampering Attack
- B. Sql injection attack
- C. Session Hijacking
- D. Cross-site request attack
Answer : D
Reference: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Many security and compliance projects begin with a simple idea: assess the organization's risk, vulnerabilities, and breaches. Implementing an IT security risk assessment is critical to the overall security posture of any organization.
An effective security risk assessment can prevent breaches and reduce the impact of realized breaches.
What is the formula to calculate risk?
- A. Risk = Budget x Time
- B. Risk = Goodwill x Reputation
- C. Risk = Loss x Exposure factor
- D. Risk = Threats x Attacks
Answer : C
Which one of the following log analysis tools is a Cisco Router Log Format log analyzer and it parses logs, imports them into a SQL database (or its own built-in database), aggregates them, and generates the dynamically filtered reports, all through a web interface?
- A. Event Log Tracker
- B. Sawmill
- C. Syslog Manager
- D. Event Log Explorer
Answer : B
The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.
Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first.
Identify the injection attack represented in the diagram below:
- A. Frame Injection Attack
- B. LDAP Injection Attack
- C. XPath Injection Attack
- D. SOAP Injection Attack
Answer : B
Reference: e https://www.blackhat.com/presentations/bh-europe-08/Alonso-
Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf ( page 3 to 5)
A man enters a PIN number at an ATM machine, being unaware that the person next to him was watching. Which of the following social engineering techniques refers to this type of information theft?
- A. Shoulder surfing
- B. Phishing
- C. Insider Accomplice
- D. Vishing
Answer : A
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP
ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?
- A. Smurf
- B. Trinoo
- C. Fraggle
- D. SYN flood
Answer : A
Which of the following statements is true about the LM hash?
- A. Disabled in Windows Vista and 7 OSs
- B. Separated into two 8-character strings
- C. Letters are converted to the lowercase
- D. Padded with NULL to 16 characters
Answer : A
Reference: http://www.onlinehashcrack.com/how_to_crack_windows_passwords.php (first paragraph of the page)
30 days access 