During a penetration test, a tester.finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?
A. The.web application does not have the secure flag set.
B. The session cookies.do not have the HttpOnly flag set.
C. The victim user should not have an endpoint security solution.
D. The victim’s browser must have ActiveX technology enabled.
Which protocol and port number might be needed in order to send log messages to a log analysis tool that resides behind a firewall?
A. UDP 123
B. UDP 541
C. UDP 514
D. UDP 415
A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband’s email account in order to find proof so she can take him to court..What is the ethical response?
A. Say no; the friend is not the owner of the account.
B. Say yes; the friend needs help to gather evidence.
C. Say yes; do.the job for free.
D. Say no; make sure that the friend knows the risk sheos asking the CEH.to take.
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use?
The network administrator for a company is setting up a website with e-commerce capabilities. Packet sniffing is a concern because credit card information will be sent electronically over the Internet. Customers visiting the site will need to encrypt the data with HTTPS. Which type of certificate.is used to encrypt and decrypt the data?
Which security control role does.encryption.meet?
A consultant.is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an.electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack.did the consultant perform?
A. Man trap
C. Shoulder surfing
D. Social engineering
A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?
A. Issue the pivot exploit and set the meterpreter.
B. Reconfigure the network settings in the meterpreter.
C. Set the payload to propagate through the meterpreter.
D. Create a route statement in the meterpreter.
A company has hired a security administrator to maintain.and administer Linux and Windows-based systems. Written in the nightly report file is the followinG.
Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.
Which of the following actions should the security administrator take?
A. Log the event as suspicious activity and report this behavior to the incident response team immediately.
B. Log the event as suspicious activity,call a manager,and report this as soon as possible.
C. Run an anti-virus scan because it is likely the system is infected by malware.
D. Log the event as suspicious activity,continue to investigate,and.act according to the site’s security policy.
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?