- (Topic 1)
Analyze the command output below. What information can the tester infer directly from the information shown?

Correct Answer:C

- (Topic 1)
You are conducting a penetration test for a private contractor located in Singapore. The scope extends to all internal hosts controlled by the company, you have gathered necessary hold-harmless and nondisclosure agreements. Which action by your group can incur criminal liability under Chapter 50a, Computer Misuse Act?

Correct Answer:D

- (Topic 4)
Which of the following tools is a wireless sniffer and analyzer that works on the Windows operating system?

Correct Answer:A

- (Topic 4)
Which of the following tools allow you to perform HTTP tunneling?
Each correct answer represents a complete solution. Choose all that apply.

Correct Answer:ABC

- (Topic 1)
While performing an assessment on a banking site, you discover the following link:
hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]
Assuming authenticated banking users can be lured to your web site, which crafted html
tag may be used to launch a XSRF attack?

Correct Answer:C

- (Topic 2)
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-are-secure Inc. to improve the login page PHP script. Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?

Correct Answer:C