- (Topic 1)
Which of the following TCP packet sequences are common during a SYN (or half-open) scan?
Correct Answer:C
- (Topic 1)
Which of the following is possible in some SQL injection vulnerabilities on certain types of databases that affects the underlying server OS?
Correct Answer:A
Reference:
http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/
- (Topic 1)
A tester has been contracted to perform a penetration test for a corporate client. The scope of the test is limited to end-user workstations and client programs only. Which of die following actions is allowed in this test?
Correct Answer:B
- (Topic 1)
How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?
Correct Answer:C
- (Topic 3)
Which of the following layers of TCP/IP model is used to move packets between the Internet Layer interfaces of two different hosts on the same link?
Correct Answer:B
- (Topic 1)
During a penetration test we determine that TCP port 22 is listening on a target host. Knowing that SSHD is the typical service that listens on that port we attempt to validate that assumption with an SSH client but our effort Is unsuccessful. It turns out that it is actually an Apache webserver listening on the port, which type of scan would have helped us to determine what service was listening on port 22?
Correct Answer:C