312-50v8 Exam Dumps | A company's Web development team has become aware of a certain type of security vulnerability in their

<< Prev Question Next Question >>

Question 36/336

A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?

A. Cross-site scripting vulnerability

B. Cross-site Request Forgery vulnerability

C. SQL injection vulnerability

D. Web site defacement vulnerability

Question List (336q): 2 commentQuestion 1: The following is part of a log file taken from the machine o...; Question 2: A pentester is using Metasploit to exploit an FTP server and...; Question 3: Which of the following is the BEST way to defend against net...; Question 4: Which results will be returned with the following Google sea...; Question 5: You are the Systems Administrator for a large corporate orga...; Question 6: A penetration tester is conducting a port scan on a specific...; Question 7: In 2007, this wireless security algorithm was rendered usele...; Question 8: Which of the following is an advantage of utilizing security...; Question 9: A large company intends to use Blackberry for corporate mobi...; Question 10: While performing data validation of web content, a security ...; Question 11: Which of the following examples best represents a logical or...; Question 12: An NMAP scan of a server shows port 69 is open. What risk co...; Question 13: Which of the following identifies the three modes in which S...; Question 14: A hacker is attempting to see which ports have been left ope...; Question 15: Your team has won a contract to infiltrate an organization. ...; Question 16: Which Open Web Application Security Project (OWASP) implemen...; Question 17: A Certificate Authority (CA) generates a key pair that will ...; Question 18: SOAP services use which technology to format information?...; Question 19: When utilizing technical assessment methods to assess the se...; Question 20: Which solution can be used to emulate computer services, suc...; Question 21: A network administrator discovers several unknown files in t...; Question 22: Fingerprinting VPN firewalls is possible with which of the f...; Question 23: Which command line switch would be used in NMAP to perform o...; Question 24: Which of the following is a hardware requirement that either...; Question 25: A covert channel is a channel that...; Question 26: What term describes the amount of risk that remains after th...; Question 27: This tool is an 802.11 WEP and WPA-PSK keys cracking program...; Question 28: Which cipher encrypts the plain text digit (bit or byte) one...; Question 29: Which system consists of a publicly available set of databas...; Question 30: This phase will increase the odds of success in later phases...; Question 31: Which of the following levels of algorithms does Public Key ...; Question 32: A network administrator received an administrative alert at ...; Question 33: Which of the following is a detective control?...; Question 34: A Network Administrator was recently promoted to Chief Secur...; Question 35: A company has hired a security administrator to maintain and...; Question 36: A company's Web development team has become aware of a certa...; Question 37: Which of the following is an extremely common IDS evasion te...; Question 38: Jimmy is standing outside a secure entrance to a facility. H...; Question 39: Which of the following techniques does a vulnerability scann...; Question 40: The "black box testing" methodology enforces which kind of r...; Question 41: Which tool can be used to silently copy files from USB devic...; Question 42: Which of the following security operations is used for deter...; Question 43: Which of the following is used to indicate a single-line com...; Question 44: Firewalk has just completed the second phase (the scanning p...; Question 45: The "gray box testing" methodology enforces what kind of res...; Question 46: Which of the following is the least-likely physical characte...; Question 47: How is sniffing broadly categorized?...; Question 48: How can a rootkit bypass Windows 7 operating system's kernel...; Question 49: Which security strategy requires using several, varying meth...; Question 50: One advantage of an application-level firewall is the abilit...; Question 51: It is a kind of malware (malicious software) that criminals ...; Question 52: If a tester is attempting to ping a target that exists but r...; Question 53: During a security audit of IT processes, an IS auditor found...; Question 54: Which of the following describes the characteristics of a Bo...; Question 55: Ricardo wants to send secret messages to a competitor compan...; Question 56: When you are getting information about a web server, it is v...; Question 57: Which of the following types of firewall inspects only heade...; Question 58: Which of the following network attacks relies on sending an ...; Question 59: You are using NMAP to resolve domain names into IP addresses...; Question 60: A circuit level gateway works at which of the following laye...; Question 61: An attacker gains access to a Web server's database and disp...; Question 62: Which of the following is a component of a risk assessment?...; Question 63: The use of alert thresholding in an IDS can reduce the volum...; Question 64: Which type of scan is used on the eye to measure the layer o...; Question 65: Which statement is TRUE regarding network firewalls preventi...; Question 66: International Organization for Standardization (ISO) standar...; Question 67: A new wireless client is configured to join a 802.11 network...; Question 68: Which of the following is designed to identify malicious att...; Question 69: When analyzing the IDS logs, the system administrator notice...; Question 70: What information should an IT system analysis provide to the...; Question 71: Bluetooth uses which digital modulation technique to exchang...; Question 72: While using your bank's online servicing you notice the foll...; Question 73: Which of the following is considered an acceptable option wh...; Question 74: Which of the following is one of the most effective ways to ...; Question 75: Which of the following items is unique to the N-tier archite...; Question 76: What is one thing a tester can do to ensure that the softwar...; Question 77: Which of the following statements is TRUE?...; Question 78: A certified ethical hacker (CEH) is approached by a friend w...; Question 79: The Heartbleed bug was discovered in 2014 and is widely refe...; Question 80: Which method of password cracking takes the most time and ef...; Question 81: Which type of antenna is used in wireless communication?...; Question 82: Which of the following defines the role of a root Certificat...; Question 83: During a penetration test, the tester conducts an ACK scan u...; Question 84: A hacker searches in Google for filetype:pcf to find Cisco V...; Question 85: The network administrator for a company is setting up a webs...; Question 86: Which of the following can the administrator do to verify th...; Question 87: Which of the following is a primary service of the U.S. Comp...; Question 88: Port scanning can be used as part of a technical assessment ...; Question 89: Jesse receives an email with an attachment labeled "Court_No...; Question 90: Which of the following guidelines or standards is associated...; Question 91: You work as a Security Analyst for a retail organization. In...; Question 92: Which of the following open source tools would be the best c...; Question 93: Which protocol and port number might be needed in order to s...; Question 94: You have several plain-text firewall logs that you must revi...; Question 95: An Intrusion Detection System (IDS) has alerted the network ...; Question 96: Which of the following is a protocol specifically designed f...; Question 97: Which element of Public Key Infrastructure (PKI) verifies th...; Question 98: Which of the following scanning tools is specifically design...; Question 99: It is a regulation that has a set of guidelines, which shoul...; Question 100: You have successfully gained access to your client's interna...; Question 101: After trying multiple exploits, you've gained root access to...; Question 102: One way to defeat a multi-level security solution is to leak...; Question 103: Windows file servers commonly hold sensitive files, database...; Question 104: For messages sent through an insecure channel, a properly im...; Question 105: A security engineer is attempting to map a company's interna...; Question 106: When you return to your desk after a lunch break, you notice...; Question 107: Which of the following describes the characteristics of a Bo...; Question 108: Which of the following tools would be the best choice for ac...; Question 109: The purpose of a __________ is to deny network access to loc...; Question 110: > NMAP -sn 192.168.11.200-215 The NMAP command above perf...; Question 111: Which method can provide a better return on IT security inve...; Question 112: How can rainbow tables be defeated?...; Question 113: While testing the company's web applications, a tester attem...; Question 114: An attacker has installed a RAT on a host. The attacker want...; Question 115: When you are collecting information to perform a data analys...; Question 116: John the Ripper is a technical assessment tool used to test ...; Question 117: Which type of security document is written with specific ste...; Question 118: What is the most secure way to mitigate the theft of corpora...; Question 119: A medium-sized healthcare IT business decides to implement a...; Question 120: What is the main advantage that a network-based IDS/IPS syst...; Question 121: Which technical characteristic do Ethereal/Wireshark, TCPDum...; Question 122: Which of these options is the most secure procedure for stor...; Question 123: What is the most common method to exploit the "Bash Bug" or ...; Question 124: Which of the following lists are valid data-gathering activi...; Question 125: An attacker uses a communication channel within an operating...; Question 126: Which of the following is an example of two factor authentic...; Question 127: Which of the following describes a component of Public Key I...; Question 128: When you are testing a web application, it is very useful to...; Question 129: Which of the following tools can be used for passive OS fing...; Question 130: The fundamental difference between symmetric and asymmetric ...; Question 131: You have successfully gained access to a linux server and wo...; Question 132: An NMAP scan of a server shows port 25 is open. What risk co...; Question 133: A tester has been hired to do a web application security tes...; Question 134: The Open Web Application Security Project (OWASP) is the wor...; Question 135: What is the primary drawback to using advanced encryption st...; Question 136: What technique is used to perform a Connection Stream Parame...; Question 137: To maintain compliance with regulatory requirements, a secur...; Question 138: Least privilege is a security concept that requires that a u...; Question 139: A computer technician is using a new version of a word proce...; Question 140: What is the broadcast address for the subnet 190.86.168.0/22...; Question 141: Which of the following is the greatest threat posed by backu...; Question 142: Which of the following is a low-tech way of gaining unauthor...; Question 143: Diffie-Hellman (DH) groups determine the strength of the key...; Question 144: What is the main reason the use of a stored biometric is vul...; Question 145: A company has five different subnets: 192.168.1.0, 192.168.2...; Question 146: You have compromised a server on a network and successfully ...; Question 147: What are the three types of compliance that the Open Source ...; Question 148: Which tool is used to automate SQL injections and exploit a ...; Question 149: Which of the following is an application that requires a hos...; Question 150: It is a short-range wireless communication technology intend...; Question 151: During a blackbox pen test you attempt to pass IRC traffic o...; Question 152: Which of the following algorithms provides better protection...; Question 153: Which of the following parameters describe LM Hash (see exhi...; Question 154: Which of the following tools is used to analyze the files pr...; Question 155: You have successfully compromised a machine on the network a...; Question 156: Using Windows CMD, how would an attacker list all the shares...; Question 157: An organization hires a tester to do a wireless penetration ...; Question 158: What is a "Collision attack" in cryptography?...; Question 159: Initiating an attack against targeted businesses and organiz...; Question 160: Which NMAP feature can a tester implement or adjust while sc...; Question 161: A bank stores and processes sensitive privacy information re...; Question 162: A hacker was able to sniff packets on a company's wireless n...; Question 163: Which of the following conditions must be given to allow a t...; Question 164: A hacker has successfully infected an internet-facing server...; Question 165: A security administrator notices that the log file of the co...; Question 166: You've just been hired to perform a pen test on an organizat...; Question 167: On a Linux device, which of the following commands will star...; Question 168: A recently hired network security associate at a local bank ...; Question 169: env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd' What ...; Question 170: Nation-state threat actors often discover vulnerabilities an...; Question 171: The chance of a hard drive failure is once every three years...; Question 172: The security concept of "separation of duties" is most simil...; Question 173: While performing online banking using a Web browser, a user ...; Question 174: Which of the following is a strong post designed to stop a c...; Question 175: To send a PGP encrypted message, which piece of information ...; Question 176: Which type of access control is used on a router or firewall...; Question 177: What are the three types of authentication?...; Question 178: What is the best description of SQL Injection?...; Question 179: What is the correct PCAP filter to capture all TCP traffic g...; Question 180: If the final set of security controls does not eliminate all...; Question 181: Which of the following business challenges could be solved b...; Question 182: A security analyst in an insurance company is assigned to te...; Question 183: Which of the following is an example of an asymmetric encryp...; Question 184: Which property ensures that a hash function will not produce...; Question 185: Which of the following settings enables Nessus to detect whe...; Question 186: Which of the following network attacks takes advantage of we...; Question 187: A computer science student needs to fill some information in...; Question 188: What is the main difference between a "Normal" SQL Injection...; Question 189: What statement is true regarding LM hashes?...; Question 190: How does an operating system protect the passwords used for ...; Question 191: You are performing information gathering for an important pe...; Question 192: Which of the following is a component of a risk assessment?...; Question 193: Which of the following resources does NMAP need to be used a...; Question 194: The configuration allows a wired or wireless network interfa...; Question 195: Which United States legislation mandates that the Chief Exec...; Question 196: To determine if a software program properly handles a wide r...; Question 197: This asymmetry cipher is based on factoring the product of t...; Question 198: What results will the following command yield: 'NMAP -sS -O ...; Question 199: What is the process of logging, recording, and resolving eve...; Question 200: The "white box testing" methodology enforces what kind of re...; Question 201: What is the main disadvantage of the scripting languages as ...; Question 202: Perspective clients want to see sample reports from previous...; Question 203: Which of the following is the successor of SSL?...; Question 204: Which statement best describes a server type under an N-tier...; Question 205: An attacker has captured a target file that is encrypted wit...; Question 206: A hacker is attempting to use nslookup to query Domain Name ...; Question 207: Which of the following techniques will identify if computer ...; Question 208: A penetration tester is hired to do a risk assessment of a c...; Question 209: A developer for a company is tasked with creating a program ...; Question 210: Which of the following problems can be solved by using Wires...; Question 211: Which of the following is assured by the use of a hash?...; Question 212: Which of the following does proper basic configuration of sn...; Question 213: Which of the following is the structure designed to verify a...; Question 214: A certified ethical hacker (CEH) completed a penetration tes...; Question 215: PGP, SSL, and IKE are all examples of which type of cryptogr...; Question 216: This international organization regulates billions of transa...; Question 217: When comparing the testing methodologies of Open Web Applica...; Question 218: An incident investigator asks to receive a copy of the event...; Question 219: How can telnet be used to fingerprint a web server?...; Question 220: How does the Address Resolution Protocol (ARP) work?...; Question 221: An attacker changes the profile information of a particular ...; Question 222: An Internet Service Provider (ISP) has a need to authenticat...; Question 223: Which of the following parameters enables NMAP's operating s...; Question 224: A hacker, who posed as a heating and air conditioning specia...; Question 225: Which NMAP command combination would let a tester scan every...; Question 226: A consultant is hired to do physical penetration testing at ...; Question 227: A security consultant decides to use multiple layers of anti...; Question 228: The Open Web Application Security Project (OWASP) testing me...; Question 229: A consultant has been hired by the V.P. of a large financial...; Question 230: You have compromised a server and successfully gained a root...; Question 231: A security analyst is performing an audit on the network to ...; Question 232: You are performing a penetration test. You achieved access v...; Question 233: Company A and Company B have just merged and each has its ow...; Question 234: You are tasked to perform a penetration test. While you are ...; Question 235: A company's security policy states that all Web browsers mus...; Question 236: Pentest results indicate that voice over IP traffic is trave...; Question 237: A person approaches a network administrator and wants advice...; Question 238: The following is a sample of output from a penetration teste...; Question 239: When does the Payment Card Industry Data Security Standard (...; Question 240: You are a Network Security Officer. You have two machines. T...; Question 241: Which of the following is considered the best way to protect...; Question 242: Which of the following ensures that updates to policies, pro...; Question 243: What is the benefit of performing an unannounced Penetration...; Question 244: Which of the following processes of PKI (Public Key Infrastr...; Question 245: A company firewall engineer has configured a new DMZ to allo...; Question 246: Which of the following tools performs comprehensive tests ag...; Question 247: You just set up a security system in your network. In what k...; Question 248: A security policy will be more accepted by employees if it i...; Question 249: Some passwords are stored using specialized encryption algor...; Question 250: A company is using Windows Server 2003 for its Active Direct...; Question 251: Which of the following tools is used to detect wireless LANs...; Question 252: Which of the following processes evaluates the adherence of ...; Question 253: An attacker sniffs encrypted traffic from the network and is...; Question 254: A regional bank hires your company to perform a security ass...; Question 255: What is the outcome of the comm"nc -l -p 2222 | nc 10.1.0.43...; Question 256: You've gained physical access to a Windows 2008 R2 server wh...; Question 257: A security engineer has been asked to deploy a secure remote...; Question 258: Which of the following is a characteristic of Public Key Inf...; Question 259: During a wireless penetration test, a tester detects an acce...; Question 260: As a Certified Ethical Hacker, you were contracted by a priv...; Question 261: In Risk Management, how is the term "likelihood" related to ...; Question 262: In the software security development life cyle process, thre...; Question 263: Under the "Post-attack Phase and Activities", it is the resp...; Question 264: Which tool allows analysts and pen testers to examine links ...; Question 265: Your company was hired by a small healthcare provider to per...; Question 266: After gaining access to the password hashes used to protect ...; Question 267: Which of the following is a client-server tool utilized to e...; Question 268: In order to show improvement of security over time, what mus...; Question 269: When setting up a wireless network, an administrator enters ...; Question 270: Which tool would be used to collect wireless packet data?...; Question 271: During a penetration test, a tester finds that the web appli...; Question 272: You have successfully comprised a server having an IP addres...; Question 273: A penetration tester is conducting a port scan on a specific...; Question 274: Which command lets a tester enumerate alive systems in a cla...; Question 275: When using Wireshark to acquire packet capture on a network,...; Question 276: The precaution of prohibiting employees from bringing person...; Question 277: It is an entity or event with the potential to adversely imp...; Question 278: You are logged in as a local admin on a Windows 7 system and...; Question 279: Which of the following statements regarding ethical hacking ...; Question 280: Which initial procedure should an ethical hacker perform aft...; Question 281: Which of the following cryptography attack methods is usuall...; Question 282: During a penetration test, a tester finds a target that is r...; Question 283: How can a policy help improve an employee's security awarene...; Question 284: A company has publicly hosted web applications and an intern...; Question 285: An ethical hacker for a large security research firm perform...; Question 286: What does a firewall check to prevent particular ports and a...; Question 287: Which regulation defines security and privacy controls for F...; Question 288: To reduce the attack surface of a system, administrators sho...; Question 289: Which of the following is a hashing algorithm?...; Question 290: A common cryptographical tool is the use of XOR. XOR the fol...; Question 291: If an e-commerce site was put into a live environment and th...; Question 292: The use of technologies like IPSec can help guarantee the fo...; Question 293: From the two screenshots below, which of the following is oc...; Question 294: Which of the following programming languages is most vulnera...; Question 295: A botnet can be managed through which of the following?...; Question 296: A network security administrator is worried about potential ...; Question 297: A newly discovered flaw in a software application would be c...; Question 298: Which of the following is a design pattern based on distinct...; Question 299: An IT security engineer notices that the company's web serve...; Question 300: Advanced encryption standard is an algorithm used for which ...; Question 301: Which of the following is not a Bluetooth attack?...; Question 302: What type of OS fingerprinting technique sends specially cra...; 1 commentQuestion 303: Session splicing is an IDS evasion technique in which an att...; Question 304: During a recent security assessment, you discover the organi...; Question 305: Smart cards use which protocol to transfer the certificate i...; Question 306: Which of the following is optimized for confidential communi...; Question 307: While checking the settings on the internet browser, a techn...; Question 308: A tester has been using the msadc.pl attack script to execut...; Question 309: A pentester gains access to a Windows application server and...; Question 310: Which of the following is a command line packet analyzer sim...; Question 311: Which vital role does the U.S. Computer Security Incident Re...; Question 312: It is a vulnerability in GNU's bash shell, discovered in Sep...; Question 313: The intrusion detection system at a software development com...; Question 314: An engineer is learning to write exploits in C++ and is usin...; Question 315: What is the name of the international standard that establis...; Question 316: In the OSI model, where does PPTP encryption take place?...; Question 317: Risks = Threats x Vulnerabilities is referred to as the:...; Question 318: A penetration tester was hired to perform a penetration test...; Question 319: What is the best defense against privilege escalation vulner...; Question 320: Which of the following is a preventive control?...; Question 321: Which of the following can take an arbitrary length of input...; Question 322: Which of the following programs is usually targeted at Micro...; Question 323: Which set of access control solutions implements two-factor ...; Question 324: Passive reconnaissance involves collecting information throu...; Question 325: An attacker has been successfully modifying the purchase pri...; Question 326: Employees in a company are no longer able to access Internet...; Question 327: Which of the following viruses tries to hide from anti-virus...; Question 328: A security consultant is trying to bid on a large contract t...; Question 329: ICMP ping and ping sweeps are used to check for active syste...; Question 330: A penetration tester is attempting to scan an internal corpo...; Question 331: A Security Engineer at a medium-sized accounting firm has be...; Question 332: WPA2 uses AES for wireless data encryption at which of the f...; Question 333: Which of the following is a common Service Oriented Architec...; Question 334: Which type of scan measures a person's external features thr...; Question 335: The network administrator contacts you and tells you that sh...; Question 336: When creating a security program, which approach would be us...

Question 36/336

LEAVE A REPLY

Download PDF File