The penetration testing team of mirtech inc

This preview shows page 8 - 10 out of 20 pages.

19.The penetration testing team of MirTech Inc. identified the presence of various vulnerabilities in the web application coding. They prepared a detailed report addressing to the web developers regarding the findings. In the report, the penetration testing team advised the web developers to avoid the use of dangerous standard library functions. They also informed the web developers that the web application copies the data without checking whether it fits into the target destination memory and is susceptible in supplying the application with large amount of data. According to the findings by the penetration testing team, which type of attack was possible on the web application? A. Buffer overflow B. SQL injection C. Cross-site scripting
KillTestThe safer , easier way to help you pass any IT exams.8/ 18D. Denial-of-service Answer:A 20.Alisa is a Network Security Manager at Aidos Cyber Security. During a regular network audit, she sent specially crafted ICMP packet fragments with different offset values into the network, causing a system crash. Which attack Alisa is trying to perform? 21.Which of the following roles of Microsoft Windows Active Directory refers to the ability of an active directory to transfer roles to any domain controller (DC) in the enterprise? 22.A user unknowingly installed a fake malicious banking app in his Android mobile. This app includes a configuration file that consists of phone numbers of the bank. When the user makes a call to the bank, he is automatically redirected to the number being used by the attacker. The attacker impersonates as a banking official. Also, the app allows the attacker to call the user, then the app displays fake caller ID on the user’s mobile resembling call from a legitimate bank. Identify the attack being performed on the Android mobile user? 23.How does OS Fingerprinting help you as a pen tester? A. It defines exactly what software the target has installed B. It doesn’t depend on the patches that have been applied to fix existing security holesC. It opens a security-delayed window based on the port being scanned D. It helps to research vulnerabilities that you can use to exploit on a target system Answer: D

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture