Crowdly

Buffer overflow

Exposure of a listing of the original directory

Bypassing proxy server

An attack that focuses on the database application of

a web server and enables a hacker to acquire sensitive information stored in

the database or execute remote code is called which one of the following?

Username enumeration

Hidden field

SQL injection

DMZ protocol

By inserting special characters in URLs, such as the

character sequence

../

, an attacker can initiate

which type of attack on a web server?

File system traversal

Buffer overflow

Flood

Source disclosure

The common gateway interface (CGI) and Active Server

Page (ASP) dynamic scripting environment are examples of which one of the

following elements?

Client-side applications running on a browser

Browser-server interchange protocols

Web browser protocols

Web applications running on a web server

For an attacker to hijack a session and replace an

initiating host, he or she must be able to predict what item?

Modem number

Sequence Number

Network number

Session number

What attack occurs when an attacker takes over an

existing, authenticated communication that has been initiated by a valid user

and replaces the valid user on one end of the communication?

Denial of Service

Session hijacking

Distributed Denial of Service

Spoofing

Which one of the following methods is not commonly used to obscure a URL?

Expressing the domain name as dotted decimal IP

address in different formats, such as hexadecimal, octal, or double word

(dword)

Adding irrelevant text after

http://

and before the @ symbol

Incrementing memory buffers through software

modifications

Representing characters in the URL in hexadecimal

format

Which statement is the best description of ARP

spoofing?

An attacker poisons the ARP cache on a network device

to reroute the victim’s packets to his or her machine

The act of attempting to overload the switch’s CAM

table

A program that redirects port traffic

A piece of software that captures the traffic flowing

into and out of a computer attached to a network

Which choice best describes the System Hacking Phase?

Discovering open ports and applications by pinging

machines

Blueprinting the security profile of an organization

Finding company information on the Web

Authenticating to the target with the highest level of

access and permissions possible

What the best definition of a “backdoor”?

A method of bypassing normal authentication for

securing remote access to a computer

A program that poisons the ARP cache

A program that floods a switch with MAC frames

A program used to combine two or more executables into

a single

packaged program