Create Next App

Exam contains 337 questions

Page 8 of 57

Question 43 🔥

While performing an assessment on a banking site, you discover the following link: hnps://mybank.com/xfer.aspMer_toMaccount_number]&amount-[dollars]Assuming authenticated banking users can be lured to your web site, which crafted html tag may be used to launch a XSRF attack?

Which database solution meets these requirements?

B. <scripi>alert('hnps:/'mybank.com/xfer.a$p?xfer_io-[attacker_account]&amoutn-[dollars]')</script>

Highly voted

C. <scripr>document.\write('hTtp$://mybankxom/xfer.a$p?xfer_to-[attacker.accountl &amount-[dollars)</script>

Highly voted

D. <img src-'https/mybank.com/xfer.asp?xfer_to=[artacker_account]&amount= [dollars]">

Highly voted

A. <imgsrc-"java script alert (‘document cookie'):">

Highly voted

Discussion of the question

Question 44 🔥

Given the following Scapy information, how is default Layer 2 information derived?

Which database solution meets these requirements?

A. The default layer 2 information is contained in a local scapy.cfg configuration fileon the local system.

Highly voted

B. If not explicitly defined, the Ether type field value Is created using the hex value ofthe destination port, in this case 80

Highly voted

C. If not explicitly defined, pseudo-random values are generated for the Layer 2 defaultinformation.

Highly voted

D. Scapy relies on the underlying operating system to construct Layer 2 information touse as default.

Highly voted

Discussion of the question

Question 45 🔥

How can web server logs be leveraged to perform Cross-Site Scripting (XSSI?

Which database solution meets these requirements?

A. Web logs containing XSS may execute shell scripts when opened In a GUI textbrowser

Highly voted

C. If web logs are viewed in a web-based console, log entries containing XSS mayexecute on the browser.

Highly voted

D. When web logs are viewed in a terminal. XSS can escape to the shell and executecommands.

Highly voted

B. XSS attacks cause web logs to become unreadable and therefore are an effective DOS attack.

Highly voted

Discussion of the question

Question 46 🔥

192.168.116.9 Is an IP address forvvww.scanned-server.com. Why are the results from the two scans, shown below, different?

Which database solution meets these requirements?

A. John.pot

Highly voted

B. John conf

Highly voted

C. John.rec

Highly voted

D. John.ini

Highly voted

Discussion of the question

Question 47 🔥

What is the impact on pre-calculated Rainbow Tables of adding multiple salts to a set of passwords?

Which database solution meets these requirements?

A. Salts increases the time to crack the original password by increasing the number oftables that must be calculated.

Highly voted

B. Salts double the total size of a rainbow table database.

Highly voted

C. Salts can be reversed or removed from encoding quickly to produce unsaltedhashes.

Highly voted

D. Salts have little effect because they can be calculated on the fly with applicationssuch as Ophcrack.

Highly voted

Discussion of the question

Question 48 🔥

Analyze the excerpt from a packet capture between the hosts 192.168.116.9 and 192.168.116.101. What factual conclusion can the tester draw from this output?

Which database solution meets these requirements?

A. Port 135 is filtered, port 139 is open.

Highly voted

B. Pons 135 and 139 are filtered.

Highly voted

C. Ports 139 and 135 are open.

Highly voted

D. Port 139 is closed, port 135 is open

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

giac GPEN

Exam contains 337 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us