- (Exam Topic 1)
What is the role of test automation in security testing?

1. A. It is an option but it tends to be very expensive.
2. B. It should be used exclusivel
3. C. Manual testing is outdated because of low speed and possible test setup inconsistencies.
4. D. Test automation is not usable in security due to the complexity of the tests.
5. E. It can accelerate benchmark tests and repeat them with a consistent test setu
6. F. But it cannot replace manual testing completely.

Correct Answer: D

- (Exam Topic 2)
Which of the following is the primary objective of a rootkit?

1. A. It opens a port to provide an unauthorized service
2. B. It creates a buffer overflow
3. C. It replaces legitimate programs
4. D. It provides an undocumented opening in a program

Correct Answer: C

- (Exam Topic 3)
You are tasked to configure the DHCP server to lease the last 100 usable IP addresses in subnet to. 1.4.0/23. Which of the following IP addresses could be teased as a result of the new configuration?

1. A. 210.1.55.200
2. B. 10.1.4.254
3. C. 10.1.5.200
4. D. 10.1.4.156

Correct Answer: C
https://en.wikipedia.org/wiki/Subnetwork
As we can see, we have an IP address of 10.1.4.0 with a subnet mask of /23. According to the question, we need to determine which IP address will be included in the range of the last 100 IP addresses.
The available addresses for hosts start with 10.1.4.1 and end with 10.1.5.254. Now you can clearly see that the last 100 addresses include the address 10.1.5.200.

- (Exam Topic 2)
Jason, an attacker, targeted an organization to perform an attack on its Internet-facing web server with the intention of gaining access to backend servers, which are protected by a firewall. In this process, he used a URL https://xyz.com/feed.php?url:externaIsile.com/feed/to to obtain a remote feed and altered the URL input to the local host to view all the local resources on the target server. What is the type of attack Jason performed In the above scenario?

1. A. website defacement
2. B. Server-side request forgery (SSRF) attack
3. C. Web server misconfiguration
4. D. web cache poisoning attack

Correct Answer: B
Server-side request forgery (also called SSRF) is a net security vulnerability that allows an assaulter to induce the server-side application to make http requests to associate arbitrary domain of the attacker’s choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services among the organization’s infrastructure, or to external third-party systems.
Another type of trust relationship that often arises with server-side request forgery is where the application server is able to interact with different back-end systems that aren’t directly reachable by users. These systems typically have non-routable private informatics addresses. Since the back-end systems normally ordinarily protected by the topology, they typically have a weaker security posture. In several cases, internal back-end systems contain sensitive functionality that may be accessed while not authentication by anyone who is able to act with the systems.
In the preceding example, suppose there’s an body interface at the back-end url https://192.168.0.68/admin. Here, an attacker will exploit the SSRF vulnerability to access the executive interface by submitting the following request:
POST /product/stock HTTP/1.0
Content-Type: application/x-www-form-urlencoded Content-Length: 118 stockApi=http://192.168.0.68/admin

- (Exam Topic 2)
Nedved is an IT Security Manager of a bank in his country. One day. he found out that there is a security breach to his company's email server based on analysis of a suspicious connection from the email server to an unknown IP Address.
What is the first thing that Nedved needs to do before contacting the incident response team?

1. A. Leave it as it Is and contact the incident response te3m right away
2. B. Block the connection to the suspicious IP Address from the firewall
3. C. Disconnect the email server from the network
4. D. Migrate the connection to the backup email server

Correct Answer: C