Which of the following techniques can help mitigate command injection attacks in the short term while application vulnerabilities are resolved?

Which of the following can be an effective defense against SQL injection attacks?

Which SQL clause can be used by an attacker to combine new SQL queries with the prior query results in an SQL injection attack?

Which of the following XSS attacks requires some social engineering effort in conjunction with exploitation of web server–side input processing weaknesses to complete?

An organization is concerned with drive-by attacks and has invested time and money to develop a strategic threat intelligence capability that monitors attack trends. In which phase of incident response does this occur?

An employee opens a malicious attachment that exploits an unpatched vulnerability. The Meterpreter payload launches and connects to TCP port 443 of an attacker-controlled IP address. The organization's firewall permits outbound connections to any IP address on TCP port 443. Which security device could still prevent the attacker from taking control of the system?

Which Metasploit module category makes the target do something the attacker wants?

Which characteristic distinguishes watering hole attacks from drive-by attacks?

Which of the following is an example of a command injection attack on a Linux application?

Which Metasploit payload shovels a shell back to the attacker on a TCP port?