Which of the following will help Sandra decrypt the data packets without knowing the key?A. Fragmentation AttackB. Chopchop AttackC. ARP Poisoning AttackD. Packet injection AttackAnswer: BQuestion: 139Peter, a disgruntled ex-employee of Zapmaky Solutions Ltd., is trying to jeopardize the company’s website . He conductedthe port scan of the website by using the Nmap tool to extract the information about open ports and their corresponding services. Whileperforming the scan, he recognized that some of his requests are being blocked by the firewall deployed by the IT personnel of Zapmaky andhe wants to bypass the same. For evading the firewall, he wanted to employ the stealth scanning technique which is an incomplete TCP three-way handshake method that can effectively bypass the firewall rules and logging mechanisms. Which if the following Nmap commands shouldPeter execute to perform stealth scanning?A. nmap -sT -v zapmaky.comB. nmap -T4 -A -v zapmaky.comC. nmap -sX -T4 -A -v zapmaky.comD. nmap -sN -A zapmaky.comAnswer: A
Question: 140Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users canupload their profile pictures. While scanning the page for vulnerabilities, Richard found a file upload exploit on the website. Richard wants totest the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get around the security,Richard added the ‘jpg’ extension to the end of the file.The new file name ended with ‘.php.jpg’. He then used the Burp suite tool and removed the ‘jpg” extension from the request while uploadingthe file. This enabled him to successfully upload the PHP shell. Which of the following techniques has Richard implemented to upload the PHPshell?A. Session stealingB. Cookie tamperingC. Cross site scriptingD. Parameter tamperingAnswer: DQuestion: 141Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client’s network. He was notprovided with any information about the client organization except the company name. Identify the type of testing Joseph is going to performfor the client organization?A. White-box Penetration TestingB. Black-box Penetration TestingC. Announced TestingD. Grey-box Penetration TestingAnswer: BQuestion: 142
You've reached the end of your free preview.
Want to read all 7 pages?