1.
Which of the following information gathering techniques collects information from an organizations web-based calendar and email services?
2.
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?
3.
Which of the following statements is true about the LM hash?
4.
Which of the following statement holds true for TCP Operation?
5.
Which of the following will not handle routing protocols properly?
6.
What is a goal of the penetration testing report?
7.
Which of the following is the range for assigned ports managed by the Internet Assigned Numbers Authority (IANA)?
8.
Identify the injection attack represented in the diagram below:
9.
Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?
10.
The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them. What is the best way to protect web applications from parameter tampering attacks?