application

Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks on the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario?

11 Comments / CEHv11 / By

Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in …

Scenaro : 1. Victim opens the attacker’s web site. 2. Attacker sets up a web site which contain interesting and attractive content like ‘Do you want to make $1000 in a day? 3. Victim clicks to the interesting and attractive content URL. 4. Attacker creates a transparent ‘iframe’ in front of the URL which the victim attempts to click, so the victim thinks that he/she clicks on the ‘Do you want to make $1000 in a day?’ URL but actually he/she clicks on the content or URL that exists in the transparent ‘iframe’ which is setup by the attacker. What is the name of the attack which is mentioned in the scenario? Read More »

web service

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

Leave a Comment / CEHv11 / By

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Option 1 : SOAP API Option 2 : RESET …

Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario? Read More »

session ID

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario?

Leave a Comment / CEHv11 / By

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID link the target employee to Boney ‘s account page without disclosing any information to the victim. When the target employee click on the link, all …

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee click on the link, all the sensitive payment details entered in a form are linked to Boney’s account. What is the attack performed by Boney in the above scenario? Read More »

SQL

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker?

Leave a Comment / CEHv11 / By

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker? Option 1 : Union-based SQLi Option 2 : In-band SQLi Option 3 : Out-of-band SQLi Option 4 : Time-based blind SQLi 1. Union-based SQLi Union …

SQL injection (SQLi) attacks attempt to inject SQL syntax into web requests, which may bypass authentication and allow attackers to access and/or modify data attached to a web application. Which of the following SQLi types leverages a database server’s ability to make DNS requests to pass data to an attacker? Read More »

web

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan?

Leave a Comment / CEHv11 / By

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? Option 1 : RESET API Option 2 : SOAP API Option 3 : Web shells …

Susan, a software developer, wants her web API to update other applications with the latest information. For this purpose, she a user-defined HTTP callback or push APIs that are raised based on trigger events; when invoked, this feature supplies data to other applications so that users can instantly receive real-time information. Which of the following techniques is employed by Susan? Read More »

container

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier conatiner technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in?

Leave a Comment / CEHv11 / By

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently …

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier conatiner technology architecture. Currently, Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture is Abel currently working in? Read More »

application

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

Leave a Comment / CEHv11 / By

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Option 1 : Denial of service Option 2 : Cross-site scripting Option 3 : SQL injection Option 4 : Directory traversal   1. Denial of service The Denial of …

While testing a web application in development, you notice that the web server does not properly ignore the “dot dot slash” (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario? Read More »

installed

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario?

Leave a Comment / CEHv11 / By

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Option 1 : Clickjacking Option 2 : SMS phishing attack Option 3 : Agent Smith attack Option 4 : SIM …

Don, a student, came across a gaming app in a third-party app store and installed it. Subsequently, all the legitimate apps in his Smartphone were replaced by deceptive applications that appeared legitimate. He also received many advertisement on his Smartphone after installing the app. What is the attack performed on Don in the above scenario? Read More »

John is investing web-application firewall logs and observers that someone is attempting to inject the following : char buff[10]; buff[10] = ‘a’; What type of attack is this ?

Leave a Comment / CEHv11 / By

John is investing web-application firewall logs and observers that someone is attempting to inject the following : char buff[10]; buff[10] = ‘a’; What type of attack is this ? Option 1 : Buffer overflow Option 2 : CSRF Option 3 : SQL injection Option 4 : XSS 1. Buffer overflow Buffer overflow this attack is an anomaly that happens when software writing data to a buffer overflows the buffer’s capacity, leading to adjacent memory locations …

John is investing web-application firewall logs and observers that someone is attempting to inject the following : char buff[10]; buff[10] = ‘a’; What type of attack is this ? Read More »

Android

What is the file that determines the basis configuration (specifically activities, services, broadcast receivers, etc.) in an Android application?

Leave a Comment / CEHv11 / By

What is the file that determines the basis configuration (specifically activities, services, broadcast receivers, etc.) in an Android application? Option 1 : APK.info Option 2 : classes.dex Option 3 : AndroidManifest.xml Option 4 : resources.asrc 1. APK.info Android Package (APK) is that the package file format employed by the Androids OS , and variety of other Android-based operating systems for distribution and installation of mobile apps, mobile games and middleware. APK is analogous to other …

What is the file that determines the basis configuration (specifically activities, services, broadcast receivers, etc.) in an Android application? Read More »