1.
Network mapping provides a security testing team with a blueprint of the organization. Which of the following steps is NOT a part of manual network mapping?
2.
Which of the following Nmap commands is used to perform a UDP port scan?
3.
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
4.
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels. Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?
5.
Which of the following methods can be used to detect session hijacking attack?
6.
Which of the following is the best method of accurately identifying the services running on a victim host?
7.
You work as a System Engineer for Cyber World Inc. Your company has a single Active Directory domain. All servers in the domain run Windows Server 2008. The Microsoft Hyper-V server role has been installed on one of the servers, namely uC1. uC1 hosts twelve virtual machines. You have been given the task to configure the Shutdown option for uC1, so that each virtual machine shuts down before the main Hyper-V server shuts down. Which of the following actions will you perform to accomplish the task?
8.
An attacker sends a large number of packets to a target computer that causes denial of service. Which of the following type of attacks is this?
9.
In which of the following attacks does an attacker spoof the source address in IP packets that are sent to the victim?
10.
Adam is a novice Web user. He chooses a 22 letters long word from the dictionary as his password. How long will it take to crack the password by an attacker?