A company’s Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

1. A. Cross-site scripting vulnerability
2. B. SQL injection vulnerability
3. C. Web site defacement vulnerability
4. D. Gross-site Request Forgery vulnerability

Correct Answer: A

Which of the following Linux commands will resolve a domain name into IP address?

1. A. >host-t a hackeddomain.com
2. B. >host-t ns hackeddomain.com
3. C. >host -t soa hackeddomain.com
4. D. >host -t AXFR hackeddomain.com

Correct Answer: A

Consider the following Nmap output:

what command-line parameter could you use to determine the type and version number of the web server?

1. A. -sv
2. B. -Pn
3. C. -V
4. D. -ss

Correct Answer: A
C:\Users\moi>nmap -h | findstr " -sV" -sV: Probe open ports to determine service/version info

How does a denial-of-service attack work?

1. A. A hacker prevents a legitimate user (or group of users) from accessing a service
2. B. A hacker uses every character, word, or letter he or she can think of to defeat authentication
3. C. A hacker tries to decipher a password by using a system, which subsequently crashes the network
4. D. A hacker attempts to imitate a legitimate user by confusing a computer or even another person

Correct Answer: A

Which of the following is a command line packet analyzer similar to GUI-based Wireshark?

1. A. nessus
2. B. tcpdump
3. C. ethereal
4. D. jack the ripper

Correct Answer: B