When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is
A. OWASP is for web applications and OSSTMM does not include web applications.
B. OSSTMM is gray box testing and.OWASP is black box testing.
C. OWASP addresses controls and.OSSTMM does not.
D. OSSTMM addresses controls and.OWASP does not.
Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a 32-bit address to a 48-bit address?
Which NMAP.feature can a tester implement or adjust while scanning for open ports to avoid detection by the networkos IDS?
A. Timing options to slow the speed.that the port scan is conducted
B. Fingerprinting to identify which operating systems are running on the network
C. ICMP ping sweep to determine which hosts on the network are not available
D. Traceroute to control the path of the packets sent during the scan
Windows file servers commonly hold sensitive files, databases, passwords and more.. Which of
the following choices would be a common vulnerability that usually exposes them?
A. Cross-site scripting
B. SQL injection
C. Missing patches
D. CRLF injection
Which.type of access control is used on a router or firewall to limit network activity?
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?
A. NMAP.-PN -A -O -sS 192.168.2.0/24
B. NMAP.-P0 -A -O -p1-65535 192.168.0/24
C. NMAP.-P0 -A -sT -p0-65535 192.168.0/16
D. NMAP.-PN -O -sS -p 1-1024 192.168.0/8
Which.types of detection methods are employed by Network Intrusion Detection Systems (NIDS)?
The fundamental difference between symmetric and asymmetric key cryptographic systems is that symmetric key cryptography uses which of the following?
A. Multiple keys for non-repudiation of bulk data
B. Different keys on both ends of the transport medium
C. Bulk encryption for data transmission over fiber
D. The same key on each end of the transmission medium
Which command lets a tester enumerate alive systems in a class C.network via ICMP using native Windows tools?
A. ping 192.168.2.
B. ping 192.168.2.255
C. for %V in (1 1 255) do PING 192.168.2.%V
D. for /L %V in (1 1 254) do PING -n 1 192.168.2.%V | FIND /I “Reply”
How can telnet be used to fingerprint a web server?
A. telnet webserverAddress 80 HEAD / HTTP/1.0
B. telnet webserverAddress 80.PUT / HTTP/1.0
C. telnet webserverAddress 80 HEAD / HTTP/2.0
D. telnet webserverAddress 80.PUT / HTTP/2.0