Ethical hacker Jane Smith is attempting to perform an SQL injection attack. She wants to test the response time of a true or false response and wants to use a second command to determine whether the database will return true or false results for user IDs. Which two SQL injection types would give her the results she is looking for? Option 1 : Time-based and boolean-based Option 2: Out of band and boolean-based Option 3
Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘” or ‘1’=’1″ in any basic injection statement such “or 1=1.” Identify the evasion technique used by Daniel in the above scenario. Option 1 : Variation Option 2 :
Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? Option 1 : RESET API Option 2 : SOAP API Option 3 : Web shells
Sam, a professional hacker, targeted an organization with intention of compromising AWS IAM credentials. He attempted to lure one of the employees of the organization by initiating fake calls while posing as a legimate employee. Moreover, he sent phishing emails to steal the AWS IAM credentials and further compromise the employee’s account What is the technique used by Sam to compromise the AWS IAM credentials? Option 1: Reverse engineering Option 2: Social engineering Option 3:
Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task? Option 1: ARP ping scan Option 2: TCP Maimon sacn Option 3: ACK flag prob sacn Option 4: UDP scan 1. ARP ping scan One of the foremost common Nmap
There are multiple cloud deployment options depending on how isolated a customer’s resources are from those of other customers. Shared environment share the costs and allow each customer to enjoy lower operations expenses. One solution is for a customer to join with a group of users or organizations to share a cloud environment. What is this cloud deployment option called? Option 1 : Private Option 2 : Community Option 3 : Public Option 4 :
Sam is a penetration tester hired by Inception Tech, a security organization. He was asked to perform port scanning on a target host in the network. While performing the given task, Sam sends FIN/ACK probes and determines that an RST packet is sent in response by the target host, indicating that the port is closed. What is the port scanning technique used by Sam to discovers open ports? Option 1 : IDLE/IPID header scan Option
A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendors for several months prior to the intrusion. This is likely a failure in which of the following security processes? Option 1 : Vendors risk management Option 2 : Patch management Option 3 : Secure development lifecycle Option 4 : Security awareness training
You have been authorized to perform a penetration test against a website. You want to use Google dorks to footprint the site but only want results that show file extensions. What Google dork operator would you use? Option 1 : inurl Option 2 : site Option 3 : ext Option 4 : filetype 1. inurl Find pages with a certain word (or words) in the url. For this example, any results containing the word “apple”
Joe works as an IT administrator in an organization and has recently set up a cloud computing service for the organization. To implement this service, he reached out to a telecom company for providing Internet connectivity and transport services between the organization and the cloud service provide. In the NIST cloud deployment reference architecture, under which category does the telecom company fall in the above scenario? Option 1 : Cloud auditor Option 2 : Cloud
