Which statement is a characteristic of the broken access control threat to web applications? It allows attackers to access, and potentially change, serialized versions of data and objects. It allows…
Match the cloud model to its description. (Not all options are used.)
Which attack involves the insertion of malicious code into SQL statements? local file inclusion SQL injection brute force cross-site scripting
Which security device is used to make responses to client requests look like they all come from the same server? forward proxy reverse proxy stateful firewall jump box
What is used to isolate the different parts of a running container? namespaces control groups wrappers union file systems
In software development, what is the purpose of a jump box? to act as a single trusted machine used to launch connections to sensitive systems to make all requests originating…
Which technique is used to help mitigate SQL injection attacks? assigning DBA or admin access rights to the application account using stored procedures with the "db_owner" default role limiting the…
What are two characteristics of fiber-optic cable? (Choose two.) It is not affected by EMI or RFI. Each pair of cables is wrapped in metallic foil. It combines the technique…
What does the command “C:\>wevtutil gl <log name>” display? Configuration information of a specific Event Log Event logs are saved in .xml format Event log record structure List of available…
A forensics investigator is searching the hard drive of a computer for files that were recently moved to the Recycle Bin. He searches for files in C:\RECYCLED using a command…
What will the following URL produce in an unpatched IIS Web Server? http://www.thetargetsite.com/scripts/..% co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\ Directory listing of C: drive on the web server Insert a Trojan horse into the C:…
What operating system would respond to the following command? c:\> nmap -sW 10.10.145.65 Windows 95 FreeBSD Windows XP Mac OS X
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. What is one proven method to account for common elements found…
Jesse receives an email with an attachment labeled “Court_Notice_21206.zip”. Inside the zip file is a file named “Court_Notice_21206.docx.exe” disguised as a word document. Upon execution, a window appears stating, “This…
This form of encryption algorithm is a symmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among…
Which classful protocols perform an automatic summarization of routes when routers send updates across major classful network boundaries? (Choose two.) RIPv1 RIPv2 IGRP OSPF EIGRP BGPv4 Explanation: The classful routing…
What configuration is needed to span a user defined Virtual LAN (VLAN) between two or more switches? A VTP domain must be configured. VTP pruning should be enabled. The VTP…
John, a professional hacker, targeted an organization that uses LDAP for accessing distributed directory services. He used an automated tool to anonymously query the LDAP service for sensitive information such…
SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which…
Which three statements are TRUE regarding a Local Area Network (LAN)? (Choose three.) A LAN is confined to one building or campus. A LAN can cover great distances. A LAN…