To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

1. A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
2. B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
3. C. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
4. D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Correct Answer: A

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may Bypass authentication and allow attackers to access and/or modify data attached to a web application.
Which of the following SQLI types leverages a database server's ability to make DNS requests to pass data to an attacker?

1. A. Union-based SQLI
2. B. Out-of-band SQLI
3. C. ln-band SQLI
4. D. Time-based blind SQLI

Correct Answer: B
Out-of-band SQL injection occurs when an attacker is unable to use an equivalent channel to launch the attack and gather results. … Out-of-band SQLi techniques would believe the database server’s ability to form DNS or HTTP requests to deliver data to an attacker. Out-of-band SQL injection is not very common, mostly because it depends on features being enabled on the database server being used by the web application.
Out-of-band SQL injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.
Out-of-band techniques, offer an attacker an alternative to inferential time-based techniques, especially if the server responses are not very stable (making an inferential time-based attack unreliable).
Out-of-band SQLi techniques would rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database’s UTL_HTTP
package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls.

#!/usr/bin/python import socket buffer=[““A””] counter=50 while len(buffer)<=100: buffer.append (““A””*counter)
counter=counter+50 commands= [““HELP””,““STATS .””,““RTIME .””,““LTIME. ””,““SRUN .”’,““TRUN
.””,““GMON
.””,““GDOG .””,““KSTET .”,““GTER .””,““HTER .””, ““LTER .”,““KSTAN .””] for command in
commands: for
buffstring in buffer: print ““Exploiting”” +command +““:””+str(len(buffstring))
s=socket.socket(socket.AF_INET,
socket.SOCK_STREAM) s.connect((‘127.0.0.1’, 9999)) s.recv(50) s.send(command+buffstring) s.close() What is the code written for?

1. A. Denial-of-service (DOS)
2. B. Buffer Overflow
3. C. Bruteforce
4. D. Encryption

Correct Answer: B

You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:

1. A. user.log
2. B. auth.fesg
3. C. wtmp
4. D. btmp

Correct Answer: C

Tony wants to integrate a 128-bit symmetric block cipher with key sizes of 128,192, or 256 bits into a software program, which involves 32 rounds of computational operations that include substitution and permutation operations on four 32-bit word blocks using 8-variable S-boxes with 4-bit entry and 4-bit exit. Which of the following algorithms includes all the above features and can be integrated by Tony into the software program?

1. A. TEA
2. B. CAST-128
3. C. RC5
4. D. serpent

Correct Answer: D