You enter the following URL on your Web browser:
http://www.we-are-secure.com/scripts/..%co%af../..%co%
af../windows/system32/cmd.exe?/c+dir+c:
What kind of attack are you performing?

1. A. Directory traversal
2. B. Replay
3. C. Session hijacking
4. D. URL obfuscating

Correct Answer: A

Which of the following rootkits patches, hooks, or replaces system calls with versions that hide information about the attacker?

1. A. Library rootkit
2. B. Kernel level rootkit
3. C. Hypervisor rootkit
4. D. Boot loader rootkit

Correct Answer: A

Maria works as a professional Ethical Hacker. She recently got a project to test the security of www.we-are-secure.com. Arrange the three pre -test phases of the attack to test the security of weare-secure.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

CORRECT TEXT
Fill in the blank with the appropriate term.
______ is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.

1. A.

Correct Answer: Ingressfiltering

Which of the following are the limitations for the cross site request forgery (CSRF) attack?
Each correct answer represents a complete solution. Choose all that apply.

1. A. The attacker must determine the right values for all the form inputs.
2. B. The attacker must target a site that doesn't check the referrer header.
3. C. The target site should have limited lifetime authentication cookies.
4. D. The target site should authenticate in GET and POST parameters, not only cookies.

Correct Answer: AB