312-50 Exam Dumps | While performing online banking using a Web browser, a user receives an email that contains a link to

<< Prev Question Next Question >>

Question 114/350

While performing online banking using a Web browser, a user receives an email that contains a link to an interesting Web site. When the user clicks on the link, another Web browser session starts and displays a video of cats playing a piano. The next business day, the user receives what looks like an email from his bank, indicating that his bank account has been accessed from a foreign country. The email asks the user to call his bank and verify the authorization of a funds transfer that took place.
What Web browser-based security vulnerability was exploited to compromise the user?

A. Cross-Site Request Forgery

B. Cross-Site Scripting

C. Clickjacking

D. Web form input validation

Recent Comments (The most recent comments are at the top.)

AnAnon - Oct 22, 2020

The best answer should be B (XSS) because :
- you need a script to open a new window and to retreive at the same time some informations
- in a CSRF, the browser of the user will make the request, so there will not be an access from another country

Question List (350q): Question 1: Which of the following ensures that updates to policies, pro...; Question 2: When comparing the testing methodologies of Open Web Applica...; Question 3: Your team has won a contract to infiltrate an organization. ...; Question 4: Low humidity in a data center can cause which of the followi...; Question 5: While checking the settings on the internet browser, a techn...; Question 6: What is the primary drawback to using advanced encryption st...; Question 7: Which NMAP feature can a tester implement or adjust while sc...; Question 8: Which of the following cryptography attack methods is usuall...; Question 9: What type of OS fingerprinting technique sends specially cra...; Question 10: Your company was hired by a small healthcare provider to per...; Question 11: What information should an IT system analysis provide to the...; Question 12: Using Windows CMD, how would an attacker list all the shares...; Question 13: This asymmetry cipher is based on factoring the product of t...; Question 14: Jimmy is standing outside a secure entrance to a facility. H...; Question 15: Which of the following is an example of an asymmetric encryp...; Question 16: Advanced encryption standard is an algorithm used for which ...; Question 17: Which set of access control solutions implements two-factor ...; Question 18: A Certificate Authority (CA) generates a key pair that will ...; Question 19: A hacker is attempting to use nslookup to query Domain Name ...; Question 20: PGP, SSL, and IKE are all examples of which type of cryptogr...; Question 21: To maintain compliance with regulatory requirements, a secur...; Question 22: Which type of access control is used on a router or firewall...; Question 23: Which of the following is a hashing algorithm?...; Question 24: An attacker uses a communication channel within an operating...; Question 25: To send a PGP encrypted message, which piece of information ...; Question 26: Which of the following is an application that requires a hos...; Question 27: Which of the following settings enables Nessus to detect whe...; Question 28: The configuration allows a wired or wireless network interfa...; Question 29: What are the three types of authentication?...; Question 30: What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43...; Question 31: Which of the following is one of the most effective ways to ...; Question 32: Your company performs penetration tests and security assessm...; Question 33: Which method can provide a better return on IT security inve...; Question 34: In the OSI model, where does PPTP encryption take place?...; Question 35: Which tool would be used to collect wireless packet data?...; Question 36: Which of the following is a hardware requirement that either...; Question 37: Which of the following is a protocol specifically designed f...; Question 38: Which of the following types of firewall inspects only heade...; Question 39: Which of the following is the successor of SSL?...; Question 40: A large company intends to use Blackberry for corporate mobi...; Question 41: You are logged in as a local admin on a Windows 7 system and...; Question 42: You work as a Security Analyst for a retail organization. In...; Question 43: A security engineer has been asked to deploy a secure remote...; Question 44: At a Windows Server command prompt, which command could be u...; Question 45: Which of the following incident handling process phases is r...; Question 46: The "gray box testing" methodology enforces what kind of res...; Question 47: Which technical characteristic do Ethereal/Wireshark, TCPDum...; Question 48: When you are getting information about a web server, it is v...; Question 49: Which initial procedure should an ethical hacker perform aft...; Question 50: If an e-commerce site was put into a live environment and th...; Question 51: Which of the following descriptions is true about a static N...; Question 52: A common cryptographical tool is the use of XOR. XOR the fol...; Question 53: It is an entity or event with the potential to adversely imp...; Question 54: Which of the following processes evaluates the adherence of ...; Question 55: A penetration tester is conducting a port scan on a specific...; Question 56: Which of the following tools would be the best choice for ac...; Question 57: Which of the following is the greatest threat posed by backu...; Question 58: Which of the following levels of algorithms does Public Key ...; Question 59: A newly discovered flaw in a software application would be c...; Question 60: ICMP ping and ping sweeps are used to check for active syste...; Question 61: Which type of intrusion detection system can monitor and ale...; Question 62: When you are collecting information to perform a data analys...; Question 63: Which of the following programming languages is most vulnera...; Question 64: This international organization regulates billions of transa...; Question 65: Employees in a company are no longer able to access Internet...; Question 66: Which of the following defines the role of a root Certificat...; Question 67: It is a kind of malware (malicious software) that criminals ...; Question 68: While using your bank's online servicing you notice the foll...; Question 69: To determine if a software program properly handles a wide r...; Question 70: What is the main advantage that a network-based IDS/IPS syst...; Question 71: What is the benefit of performing an unannounced Penetration...; Question 72: The intrusion detection system at a software development com...; Question 73: An incident investigator asks to receive a copy of the event...; Question 74: What results will the following command yield: 'NMAP -sS -O ...; Question 75: The use of technologies like IPSec can help guarantee the fo...; Question 76: When you are testing a web application, it is very useful to...; Question 77: Which of the following conditions must be given to allow a t...; Question 78: What is the best defense against privilege escalation vulner...; Question 79: The following is part of a log file taken from the machine o...; Question 80: The network administrator contacts you and tells you that sh...; Question 81: Fingerprinting VPN firewalls is possible with which of the f...; Question 82: Which of the following scanning tools is specifically design...; Question 83: A tester has been using the msadc.pl attack script to execut...; Question 84: What is a successful method for protecting a router from pot...; Question 85: Which of the following items of a computer system will an an...; Question 86: Which tool is used to automate SQL injections and exploit a ...; Question 87: Which element of Public Key Infrastructure (PKI) verifies th...; Question 88: Windows file servers commonly hold sensitive files, database...; Question 89: In the software security development life cycle process, thr...; Question 90: Company A and Company B have just merged and each has its ow...; Question 91: Passive reconnaissance involves collecting information throu...; Question 92: A company firewall engineer has configured a new DMZ to allo...; Question 93: Risks = Threats x Vulnerabilities is referred to as the:...; Question 94: A recently hired network security associate at a local bank ...; Question 95: Which of the following resources does NMAP need to be used a...; Question 96: Which solution can be used to emulate computer services, suc...; Question 97: Bluetooth uses which digital modulation technique to exchang...; Question 98: A bank stores and processes sensitive privacy information re...; Question 99: A developer for a company is tasked with creating a program ...; Question 100: A security consultant decides to use multiple layers of anti...; Question 101: What is the way to decide how a packet will move from an unt...; Question 102: How does the Address Resolution Protocol (ARP) work?...; Question 103: An organization hires a tester to do a wireless penetration ...; Question 104: How can a policy help improve an employee's security awarene...; Question 105: Which of the following open source tools would be the best c...; Question 106: A hacker, who posed as a heating and air conditioning specia...; Question 107: After trying multiple exploits, you've gained root access to...; Question 108: Pentest results indicate that voice over IP traffic is trave...; Question 109: What are the three types of compliance that the Open Source ...; Question 110: What is the name of the international standard that establis...; Question 111: The following is a sample of output from a penetration teste...; Question 112: A network administrator received an administrative alert at ...; Question 113: Which of the following is considered the best way to protect...; 1 commentQuestion 114: While performing online banking using a Web browser, a user ...; Question 115: Which of the following statements is TRUE?...; Question 116: How can a rootkit bypass Windows 7 operating system's kernel...; Question 117: Which of the following is considered an acceptable option wh...; Question 118: A company's security policy states that all Web browsers mus...; Question 119: Seth is starting a penetration test from inside the network....; Question 120: An Internet Service Provider (ISP) has a need to authenticat...; Question 121: An ethical hacker for a large security research firm perform...; Question 122: A Security Engineer at a medium-sized accounting firm has be...; Question 123: What is the most common method to exploit the "Bash Bug" or ...; Question 124: What term describes the amount of risk that remains after th...; Question 125: The company ABC recently contracted a new accountant. The ac...; Question 126: You've just been hired to perform a pen test on an organizat...; Question 127: An NMAP scan of a server shows port 25 is open. What risk co...; Question 128: Which mode of IPSec should you use to assure security and co...; Question 129: A penetration tester is hired to do a risk assessment of a c...; Question 130: When utilizing technical assessment methods to assess the se...; Question 131: When an alert rule is matched in a network-based IDS like sn...; Question 132: The use of alert thresholding in an IDS can reduce the volum...; Question 133: Which of the following is a strong post designed to stop a c...; Question 134: You just set up a security system in your network. In what k...; Question 135: A penetration tester is conducting a port scan on a specific...; Question 136: What is one thing a tester can do to ensure that the softwar...; Question 137: Which of the following security operations is used for deter...; Question 138: A consultant has been hired by the V.P. of a large financial...; Question 139: You have successfully gained access to a linux server and wo...; Question 140: You have compromised a server on a network and successfully ...; Question 141: To reduce the attack surface of a system, administrators sho...; Question 142: How is sniffing broadly categorized?...; Question 143: Session splicing is an IDS evasion technique in which an att...; Question 144: An engineer is learning to write exploits in C++ and is usin...; Question 145: A company has hired a security administrator to maintain and...; Question 146: What is the process of logging, recording, and resolving eve...; Question 147: Which of the following describes the characteristics of a Bo...; Question 148: After gaining access to the password hashes used to protect ...; Question 149: Ricardo wants to send secret messages to a competitor compan...; Question 150: While conducting a penetration test, the tester determines t...; Question 151: An NMAP scan of a server shows port 69 is open. What risk co...; Question 152: When does the Payment Card Industry Data Security Standard (...; Question 153: Which type of scan is used on the eye to measure the layer o...; Question 154: Which of the following lists are valid data-gathering activi...; Question 155: What is the best description of SQL Injection?...; Question 156: You are using NMAP to resolve domain names into IP addresses...; Question 157: A hacker has managed to gain access to a Linux host and stol...; Question 158: Which of the following is optimized for confidential communi...; Question 159: Initiating an attack against targeted businesses and organiz...; Question 160: Which of the following is the least-likely physical characte...; Question 161: An attacker gains access to a Web server's database and disp...; Question 162: Which type of scan measures a person's external features thr...; Question 163: What does a firewall check to prevent particular ports and a...; Question 164: A hacker is attempting to see which IP addresses are current...; Question 165: > NMAP -sn 192.168.11.200-215 The NMAP command above perf...; Question 166: An Intrusion Detection System (IDS) has alerted the network ...; Question 167: During a wireless penetration test, a tester detects an acce...; Question 168: You have several plain-text firewall logs that you must revi...; Question 169: Which of the following describes the characteristics of a Bo...; Question 170: Which of the following is designed to identify malicious att...; Question 171: Which of the following is a detective control?...; Question 172: In order to show improvement of security over time, what mus...; Question 173: A security policy will be more accepted by employees if it i...; Question 174: A penetration tester was hired to perform a penetration test...; Question 175: A network security administrator is worried about potential ...; Question 176: If the final set of security controls does not eliminate all...; Question 177: How does an operating system protect the passwords used for ...; Question 178: Which of the following techniques will identify if computer ...; Question 179: The company ABC recently discovered that their new product w...; Question 180: Eve stole a file named secret.txt, transferred it to her com...; Question 181: Craig received a report of all the computers on the network ...; Question 182: Which of the following is a design pattern based on distinct...; Question 183: A security analyst is performing an audit on the network to ...; Question 184: WPA2 uses AES for wireless data encryption at which of the f...; Question 185: During a penetration test, a tester finds that the web appli...; Question 186: You've gained physical access to a Windows 2008 R2 server wh...; Question 187: What is the main reason the use of a stored biometric is vul...; Question 188: The security concept of "separation of duties" is most simil...; Question 189: Which NMAP command combination would let a tester scan every...; Question 190: International Organization for Standardization (ISO) standar...; Question 191: env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' What ...; Question 192: Which property ensures that a hash function will not produce...; Question 193: If executives are found liable for not properly protecting t...; Question 194: Which of the following is an advantage of utilizing security...; Question 195: Which statement is TRUE regarding network firewalls preventi...; Question 196: Which regulation defines security and privacy controls for F...; Question 197: A computer science student needs to fill some information in...; Question 198: You are performing information gathering for an important pe...; Question 199: An attacker is trying to redirect the traffic of a small off...; Question 200: Which of the following is a low-tech way of gaining unauthor...; Question 201: On a Linux device, which of the following commands will star...; Question 202: The fundamental difference between symmetric and asymmetric ...; Question 203: Which vital role does the U.S. Computer Security Incident Re...; Question 204: Which command line switch would be used in NMAP to perform o...; Question 205: Smart cards use which protocol to transfer the certificate i...; Question 206: Which of the following tools will scan a network to perform ...; Question 207: SOAP services use which technology to format information?...; Question 208: An IT security engineer notices that the company's web serve...; Question 209: Which cipher encrypts the plain text digit (bit or byte) one...; Question 210: The Open Web Application Security Project (OWASP) testing me...; Question 211: Which protocol and port number might be needed in order to s...; Question 212: What two conditions must a digital signature meet?...; Question 213: What technique is used to perform a Connection Stream Parame...; Question 214: John the Ripper is a technical assessment tool used to test ...; Question 215: While performing data validation of web content, a security ...; Question 216: Which of these options is the most secure procedure for stor...; Question 217: A consultant is hired to do physical penetration testing at ...; Question 218: Which of the following is not a Bluetooth attack?...; Question 219: Which of the following tools is used to detect wireless LANs...; Question 220: The Heartbleed bug was discovered in 2014 and is widely refe...; Question 221: When analyzing the IDS logs, the system administrator notice...; Question 222: How do employers protect assets with security policies perta...; Question 223: What is the most secure way to mitigate the theft of corpora...; Question 224: Which of the following describes a component of Public Key I...; Question 225: During a penetration test, the tester conducts an ACK scan u...; Question 226: Which of the following business challenges could be solved b...; Question 227: A hacker searches in Google for filetype:pcf to find Cisco V...; Question 228: A certified ethical hacker (CEH) completed a penetration tes...; Question 229: A security analyst in an insurance company is assigned to te...; Question 230: Some passwords are stored using specialized encryption algor...; Question 231: A regional bank hires your company to perform a security ass...; Question 232: A security engineer is attempting to map a company's interna...; Question 233: Nation-state threat actors often discover vulnerabilities an...; Question 234: Which of the following is a preventive control?...; Question 235: What statement is true regarding LM hashes?...; Question 236: You have compromised a server and successfully gained a root...; Question 237: A pentester gains access to a Windows application server and...; Question 238: One way to defeat a multi-level security solution is to leak...; Question 239: Which of the following problems can be solved by using Wires...; Question 240: Which of the following can the administrator do to verify th...; Question 241: Which of the following is an example of two factor authentic...; Question 242: Which of the following examples best represents a logical or...; Question 243: Which method of password cracking takes the most time and ef...; Question 244: What is a "Collision attack" in cryptography?...; Question 245: A network administrator discovers several unknown files in t...; Question 246: When setting up a wireless network, an administrator enters ...; Question 247: What is the main disadvantage of the scripting languages as ...; Question 248: Which of the following items is unique to the N-tier archite...; Question 249: Which of the following is a symmetric cryptographic standard...; Question 250: How can rainbow tables be defeated?...; Question 251: Which of the following network attacks takes advantage of we...; Question 252: The purpose of a __________ is to deny network access to loc...; Question 253: When creating a security program, which approach would be us...; Question 254: You have successfully comprised a server having an IP addres...; Question 255: Which of the following can take an arbitrary length of input...; Question 256: What is the main difference between a "Normal" SQL Injection...; Question 257: Which of the following is an example of IP spoofing?...; Question 258: Which of the following is a client-server tool utilized to e...; Question 259: During a penetration test, a tester finds a target that is r...; Question 260: An attacker changes the profile information of a particular ...; Question 261: You have successfully compromised a machine on the network a...; Question 262: A tester has been hired to do a web application security tes...; Question 263: You have successfully gained access to your client's interna...; Question 264: One advantage of an application-level firewall is the abilit...; Question 265: Which of the following does proper basic configuration of sn...; Question 266: A company has publicly hosted web applications and an intern...; Question 267: What is the role of test automation in security testing?...; Question 268: A medium-sized healthcare IT business decides to implement a...; Question 269: Which security strategy requires using several, varying meth...; Question 270: Jesse receives an email with an attachment labeled "Court_No...; Question 271: Which of the following types of firewalls ensures that the p...; Question 272: Which statement best describes a server type under an N-tier...; Question 273: Least privilege is a security concept that requires that a u...; Question 274: During a security audit of IT processes, an IS auditor found...; Question 275: When using Wireshark to acquire packet capture on a network,...; Question 276: Which of the following algorithms provides better protection...; Question 277: A certified ethical hacker (CEH) is approached by a friend w...; Question 278: What is the correct PCAP filter to capture all TCP traffic g...; Question 279: An attacker has installed a RAT on a host. The attacker want...; Question 280: An attacker has been successfully modifying the purchase pri...; Question 281: During a blackbox pen test you attempt to pass IRC traffic o...; Question 282: A Network Administrator was recently promoted to Chief Secur...; Question 283: Which of the following is the structure designed to verify a...; Question 284: Which type of antenna is used in wireless communication?...; Question 285: Which of the following techniques does a vulnerability scann...; Question 286: How can telnet be used to fingerprint a web server?...; Question 287: Which of the following is a command line packet analyzer sim...; Question 288: Which of the following parameters enables NMAP's operating s...; Question 289: Which of the following is a common Service Oriented Architec...; Question 290: It is a vulnerability in GNU's bash shell, discovered in Sep...; Question 291: Which of the following is assured by the use of a hash?...; Question 292: Which of the statements concerning proxy firewalls is correc...; Question 293: Which tool allows analysts and pen testers to examine links ...; Question 294: A computer technician is using a new version of a word proce...; Question 295: In Risk Management, how is the term "likelihood" related to ...; Question 296: You are performing a penetration test. You achieved access v...; Question 297: A security consultant is trying to bid on a large contract t...; Question 298: A new wireless client is configured to join a 802.11 network...; Question 299: Which system consists of a publicly available set of databas...; Question 300: A circuit level gateway works at which of the following laye...; Question 301: You are tasked to perform a penetration test. While you are ...; Question 302: Which United States legislation mandates that the Chief Exec...; Question 303: Which of the following tools performs comprehensive tests ag...; Question 304: This tool is an 802.11 WEP and WPA-PSK keys cracking program...; Question 305: Which of the following parameters describe LM Hash (see exhi...; Question 306: Diffie-Hellman (DH) groups determine the strength of the key...; Question 307: This phase will increase the odds of success in later phases...; Question 308: A penetration tester is attempting to scan an internal corpo...; Question 309: Which of the following programs is usually targeted at Micro...; Question 310: Which of the following is a characteristic of Public Key Inf...; Question 311: A botnet can be managed through which of the following?...; Question 312: It is a regulation that has a set of guidelines, which shoul...; Question 313: From the two screenshots below, which of the following is oc...; Question 314: An attacker has captured a target file that is encrypted wit...; Question 315: Which Open Web Application Security Project (OWASP) implemen...; Question 316: Which of the following processes of PKI (Public Key Infrastr...; Question 317: A pentester is using Metasploit to exploit an FTP server and...; Question 318: The chance of a hard drive failure is once every three years...; Question 319: Which of the following is a component of a risk assessment?...; Question 320: Which of the following statements regarding ethical hacking ...; Question 321: Perspective clients want to see sample reports from previous...; Question 322: A hacker is attempting to see which ports have been left ope...; Question 323: Which results will be returned with the following Google sea...; Question 324: A company is using Windows Server 2003 for its Active Direct...; Question 325: An attacker sniffs encrypted traffic from the network and is...; Question 326: Which of the following identifies the three modes in which S...; Question 327: Firewalk has just completed the second phase (the scanning p...; Question 328: Which of the following is a primary service of the U.S. Comp...; Question 329: The Open Web Application Security Project (OWASP) is the wor...; Question 330: A company's Web development team has become aware of a certa...; Question 331: Which tool can be used to silently copy files from USB devic...; Question 332: Which of the following tools can be used for passive OS fing...; Question 333: During a recent security assessment, you discover the organi...; Question 334: The "white box testing" methodology enforces what kind of re...; Question 335: Which of the following is a component of a risk assessment?...; Question 336: A technician is resolving an issue where a computer is unabl...; Question 337: Which of the following tools is used to analyze the files pr...; Question 338: While testing the company's web applications, a tester attem...; Question 339: Which type of security document is written with specific ste...; Question 340: Which of the following guidelines or standards is associated...; Question 341: It is a short-range wireless communication technology intend...; Question 342: When you return to your desk after a lunch break, you notice...; Question 343: A hacker has successfully infected an internet-facing server...; Question 344: If a tester is attempting to ping a target that exists but r...; Question 345: Which of the following network attacks relies on sending an ...; Question 346: You are attempting to man-in-the-middle a session. Which pro...; Question 347: Which security control role does encryption meet?...; Question 348: In 2007, this wireless security algorithm was rendered usele...; Question 349: Which command lets a tester enumerate alive systems in a cla...; Question 350: A hacker was able to sniff packets on a company's wireless n...

Question 114/350

Recent Comments (The most recent comments are at the top.)

LEAVE A REPLY

Download PDF File