Posts

James, a penetration tester, found a SQL injection vulnerability in the website http://www.xsecurity.com. He used sqlmap and extracted the website’s databases from the sql server, one of them being “offices.” Which among the following sqlmap queries does James issue in order to extract the tables related to the database “offices”?

-
James, a penetration tester, found a SQL injection vulnerability in the website http://www.xsecurity.com. He used sqlmap and extracted the website’s databases from the sql server, one of them being “offices.” Which among the following sqlmap queries does James issue in order to extract the tables related to the database “offices”? sqlmap -u “www.xsecurity.com” --dbs offices -T sqlmap -u “www.xsecurity.com” --dbs offices --T sqlmap -u “www.xsecurity.com” --dbs offices -tables sqlmap -u “www.xsecurity.com” --dbs offices --tables
Post a Comment
Read more

Dale is a network admin working in Zero Faults Inc. Recently the company’s network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on the network’s IDS and identified that an attacker sent spoofed packets to a broadcast address in the network. Which of the following attacks compromised the network?

-
Dale is a network admin working in Zero Faults Inc. Recently the company’s network was compromised and is experiencing very unusual traffic. Dale checks for the problem that compromised the network. He performed a penetration test on the network’s IDS and identified that an attacker sent spoofed packets to a broadcast address in the network. Which of the following attacks compromised the network? ARP Spoofing Amplification attack MAC Spoofing Session hijacking
Post a Comment
Read more

Sandra, a wireless network auditor, discovered her client is using WEP. To prove the point that the WEP encryption is very weak, she wants to decrypt some WEP packets. She successfully captured the WEP data packets, but could not reach the content as the data is encrypted. Which of the following will help Sandra decrypt the data packets without knowing the key?

-
Sandra, a wireless network auditor, discovered her client is using WEP. To prove the point that the WEP encryption is very weak, she wants to decrypt some WEP packets. She successfully captured the WEP data packets, but could not reach the content as the data is encrypted. Which of the following will help Sandra decrypt the data packets without knowing the key? A. Fragmentation Attack B. Chopchop Attack C. ARP Poisoning Attack D. Packet injection Attack
Post a Comment
Read more

Tom is a networking manager in XYZ Inc. He and his team were assigned the task to store and update the confidential files present on a remote server using Network File System (NFS) client-server application protocol. Since the files are confidential, Tom was asked to perform this operation in a secured manner by limiting the access only to his team. As per the instructions provided to him, to use NFS securely, he employed the process of limiting the superuser access privileges only to his team by using authentication based on the team personnel identity. Identify the method employed by Tom for securing access controls in NFS?

-
Tom is a networking manager in XYZ Inc. He and his team were assigned the task to store and update the confidential files present on a remote server using Network File System (NFS) client-server application protocol. Since the files are confidential, Tom was asked to perform this operation in a secured manner by limiting the access only to his team. As per the instructions provided to him, to use NFS securely, he employed the process of limiting the superuser access privileges only to his team by using authentication based on the team personnel identity. Identify the method employed by Tom for securing access controls in NFS? Root Squashing nosuid noexec Suid
Post a Comment
Read more

Gibson, a security analyst at MileTech Solutions, is performing cloud penetration testing. As part of this process, he needs to check for any governance and compliance issues against cloud services. Which of the following documents helps Gibson in checking whether the CSP is regularly audited and certified for compliance issues?

-
Gibson, a security analyst at MileTech Solutions, is performing cloud penetration testing. As part of this process, he needs to check for any governance and compliance issues against cloud services. Which of the following documents helps Gibson in checking whether the CSP is regularly audited and certified for compliance issues? Service level agreement Data use agreement ROE agreement Nondisclosure agreement
Post a Comment
Read more

ABC bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank’s DNS servers, reading news articles online about the bank, performing competitive intelligence gathering, watching what times the bank employees come and go, and searching the bank’s job postings. What phase of the penetration testing is Anthony currently in?

-
ABC bank, a UK-based bank hired Anthony, to perform a penetration test for the bank. Anthony began performing lookups on the bank’s DNS servers, reading news articles online about the bank, performing competitive intelligence gathering, watching what times the bank employees come and go, and searching the bank’s job postings. What phase of the penetration testing is Anthony currently in? Attack phase Post-attack phase Pre-attack phase Remediation phase
Post a Comment
Read more

The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated their firewall. Rhythm discovered the attacker modified the addressing information of the IP packet header and the source address bits field to bypass the firewall. What type of firewall bypassing technique was used by the attacker?

-
The Rhythm Networks Pvt Ltd firm is a group of ethical hackers. Rhythm Networks was asked by their client Zombie to identify how the attacker penetrated their firewall. Rhythm discovered the attacker modified the addressing information of the IP packet header and the source address bits field to bypass the firewall. What type of firewall bypassing technique was used by the attacker? Source routing Proxy Server HTTP Tunneling Anonymous Website Surfing Sites
Post a Comment
Read more