412-79v8 Exam Dumps | In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application

<< Prev Question Next Question >>

Question 35/189

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

A. XPath Injection Attack

B. Authorization Attack

C. Authentication Attack

D. Frame Injection Attack

Question List (189q): Question 1: A security policy is a document or set of documents that des...; Question 2: The framework primarily designed to fulfill a methodical and...; Question 3: Which one of the following Snort logger mode commands is ass...; Question 4: Which of the following protocol's traffic is captured by usi...; Question 5: Which of the following is NOT generally included in a quote ...; Question 6: What is the difference between penetration testing and vulne...; Question 7: When you are running a vulnerability scan on a network and t...; Question 8: SQL injection attacks are becoming significantly more popula...; Question 9: A directory traversal (or path traversal) consists in exploi...; Question 10: Which of the following policy forbids everything with strict...; Question 11: Network scanning is used to identify the available network r...; Question 12: Output modules allow Snort to be much more flexible in the f...; Question 13: Which of the following has an offset field that specifies th...; Question 14: What are placeholders (or markers) in an HTML document that ...; Question 15: Which one of the following 802.11 types uses either FHSS or ...; Question 16: Which of the following is an ARP cache poisoning technique a...; Question 17: In Linux, /etc/shadow file stores the real password in encry...; Question 18: A wireless intrusion detection system (WIDS) monitors the ra...; Question 19: One of the steps in information gathering is to run searches...; Question 20: What is a goal of the penetration testing report? (Exhibit)...; Question 21: Which of the following password cracking techniques is used ...; Question 22: Which of the following is the range for assigned ports manag...; Question 23: SQL injection attack consists of insertion or "injection" of...; Question 24: Identify the attack represented in the diagram below: (Exhib...; Question 25: Port numbers are used to keep track of different conversatio...; Question 26: Which of the following pen testing reports provides detailed...; Question 27: Which of the following documents helps in creating a confide...; Question 28: What are the scanning techniques that are used to bypass fir...; Question 29: Which of the following is not a characteristic of a firewall...; Question 30: In a TCP packet filtering firewall, traffic is filtered base...; Question 31: John, the penetration tester in a pen test firm, was asked t...; Question 32: Transmission control protocol accepts data from a data strea...; Question 33: John, a penetration tester from a pen test firm, was asked t...; Question 34: Traceroute is a computer network diagnostic tool for display...; Question 35: In the process of hacking a web application, attackers manip...; Question 36: Amazon Consulting Corporation provides penetration testing a...; Question 37: A framework is a fundamental structure used to support and r...; Question 38: Identify the port numbers used by POP3 and POP3S protocols....; Question 39: Which one of the following log analysis tools is used for an...; Question 40: The term social engineering is used to describe the various ...; Question 41: In which of the following firewalls are the incoming or outg...; Question 42: Windows stores user passwords in the Security Accounts Manag...; Question 43: TCP/IP model is a framework for the Internet Protocol suite ...; Question 44: Identify the policy that defines the standards for the organ...; Question 45: Which one of the following is a useful formatting token that...; Question 46: A penetration test consists of three phases: pre-attack phas...; Question 47: Which one of the following tools of trade is a commercial sh...; Question 48: Identify the correct formula for Return on Investment (ROI)....; Question 49: DMZ is a network designed to give the public access to the s...; Question 50: Attackers create secret accounts and gain illegal access to ...; Question 51: During external penetration testing, which of the following ...; Question 52: Which of the following is not a condition specified by Hamel...; Question 53: Which of the following is NOT related to the Internal Securi...; Question 54: Traffic on which port is unusual for both the TCP and UDP po...; Question 55: A firewall protects networked computers from intentional hos...; Question 56: The SnortMain () function begins by associating a set of han...; Question 57: Today, most organizations would agree that their most valuab...; Question 58: The IP protocol was designed for use on a wide variety of tr...; Question 59: What sort of vulnerability assessment approach starts by bui...; Question 60: Internet Control Message Protocol (ICMP) messages occur in m...; Question 61: James is testing the ability of his routers to withstand DoS...; Question 62: Identify the type of authentication mechanism represented be...; Question 63: The Web parameter tampering attack is based on the manipulat...; Question 64: Port numbers are used to keep track of different conversatio...; Question 65: Wireless communication allows networks to extend to places t...; Question 66: Which of the following attacks does a hacker perform in orde...; Question 67: Besides the policy implications of chat rooms, Internet Rela...; Question 68: Which of the following policies states that the relevant app...; Question 69: A penetration tester tries to transfer the database from the...; Question 70: In the TCP/IP model, the transport layer is responsible for ...; Question 71: One needs to run "Scan Server Configuration" tool to allow a...; Question 72: Vulnerability assessment is an examination of the ability of...; Question 73: If a web application sends HTTP cookies as its method for tr...; Question 74: Which vulnerability assessment phase describes the scope of ...; Question 75: Application security assessment is one of the activity that ...; Question 76: An antenna is a device that is designed to transmit and rece...; Question 77: Choose the correct option to define the Prefix Length. (Exhi...; Question 78: Which Wireshark filter displays all the packets where the IP...; Question 79: Identify the injection attack represented in the diagram bel...; Question 80: Which of the following acts is a proprietary information sec...; Question 81: Which of the following attacks is an offline attack?...; Question 82: The Internet is a giant database where people store some of ...; Question 83: Assessing a network from a hacker's point of view to discove...; Question 84: What is a difference between host-based intrusion detection ...; Question 85: Why is a legal agreement important to have before launching ...; Question 86: A framework for security analysis is composed of a set of in...; Question 87: An attacker injects malicious query strings in user input fi...; Question 88: Which one of the following 802.11 types has WLAN as a networ...; Question 89: Which of the following is a framework of open standards deve...; Question 90: Which of the following is an application alert returned by a...; Question 91: Which of the following approaches to vulnerability assessmen...; Question 92: Metasploit framework in an open source platform for vulnerab...; Question 93: Which of the following protocols cannot be used to filter Vo...; Question 94: Security auditors determine the use of WAPs on their network...; 1 commentQuestion 95: Wireshark is a network analyzer. It reads packets from the n...; Question 96: Variables are used to define parameters for detection, speci...; Question 97: ARP spoofing is a technique whereby an attacker sends fake (...; Question 98: Fuzz testing or fuzzing is a software/application testing te...; Question 99: The amount of data stored in organizational databases has in...; Question 100: Which one of the following commands is used to search one of...; Question 101: Which of the following is the objective of Gramm-Leach-Blile...; Question 102: Black-box testing is a method of software testing that exami...; Question 103: War Driving is the act of moving around a specific area, map...; Question 104: Timing is an element of port-scanning that can catch one una...; Question 105: Which among the following information is not furnished by th...; Question 106: Which of the following statements is true about Multi-Layer ...; Question 107: Which of the following equipment could a pen tester use to p...; Question 108: Due to illegal inputs, various types of TCP stacks respond i...; Question 109: External penetration testing is a traditional approach to pe...; Question 110: Which of the following information gathering techniques coll...; Question 111: Which of the following shields Internet users from artificia...; Question 112: Which of the following scan option is able to identify the S...; Question 113: Information gathering is performed to: i) Collect basic info...; Question 114: Phishing is typically carried out by email spoofing or insta...; Question 115: Which of the following statements is true about the LM hash?...; Question 116: Nessus can test a server or a network for DoS vulnerabilitie...; Question 117: Identify the transition mechanism to deploy IPv6 on the IPv4...; Question 118: In which of the following IDS evasion techniques does IDS re...; Question 119: Amazon, an IT based company, conducts a survey on the usage ...; Question 120: Which of the following statement holds true for TCP Operatio...; Question 121: Identify the data security measure which defines a principle...; Question 122: Rule of Engagement (ROE) is the formal permission to conduct...; Question 123: Which of the following attributes has a LM and NTLMv1 value ...; Question 124: John, a penetration tester, was asked for a document that de...; Question 125: Identify the framework that comprises of five levels to guid...; Question 126: Which of the following methods is used to perform server dis...; Question 127: What threat categories should you use to prioritize vulnerab...; Question 128: An automated electronic mail message from a mail system whic...; Question 129: The first phase of the penetration testing plan is to develo...; Question 130: Which type of security policy applies to the below configura...; Question 131: The first and foremost step for a penetration test is inform...; Question 132: DNS information records provide important data about:...; Question 133: A Demilitarized Zone (DMZ) is a computer host or small netwo...; Question 134: Which of the following is developed to address security conc...; Question 135: Which of the following contents of a pen testing project pla...; Question 136: A man enters a PIN number at an ATM machine, being unaware t...; Question 137: Identify the type of testing that is carried out without giv...; Question 138: The objective of social engineering pen testing is to test t...; Question 139: Firewall and DMZ architectures are characterized according t...; Question 140: This is a group of people hired to give details of the vulne...; Question 141: Which one of the following is a command line tool used for c...; Question 142: A penetration tester performs OS fingerprinting on the targe...; Question 143: A pen tester has extracted a database name by using a blind ...; Question 144: A firewall's decision to forward or reject traffic in networ...; Question 145: Passwords protect computer resources and files from unauthor...; Question 146: You are conducting a penetration test against a company and ...; Question 147: In the example of a /etc/passwd file below, what does the bo...; Question 148: Which of the following is not the SQL injection attack chara...; Question 149: Which type of vulnerability assessment tool provides securit...; Question 150: Which of the following policies helps secure data and protec...; Question 151: In the context of penetration testing, what does blue teamin...; Question 152: A Blind SQL injection is a type of SQL Injection attack that...; Question 153: What is the maximum value of a "tinyint" field in most datab...; Question 154: Before performing the penetration testing, there will be a p...; Question 155: Internet Control Message Protocol (ICMP) messages occur in m...; Question 156: Which of the following reports provides a summary of the com...; Question 157: By default, the TFTP server listens on UDP port 69. Which of...; Question 158: Firewall is an IP packet filter that enforces the filtering ...; Question 159: Which one of the following log analysis tools is a Cisco Rou...; Question 160: Identify the type of firewall represented in the diagram bel...; Question 161: From where can clues about the underlying application enviro...; Question 162: Which one of the following is a supporting tool for 802.11 (...; Question 163: HTTP protocol specifies that arbitrary binary characters can...; Question 164: Which one of the following acts makes reputational risk of p...; Question 165: Which one of the following scans starts, but does not comple...; 1 commentQuestion 166: Which of the following acts related to information security ...; Question 167: Which of the following appendices gives detailed lists of al...; Question 168: Mason is footprinting an organization to gather competitive ...; Question 169: Which of the following are the default ports used by NetBIOS...; Question 170: Which one of the following is false about Wireshark? (Select...; Question 171: NTP protocol is used to synchronize the system clocks of com...; Question 172: A chipset is a group of integrated circuits that are designe...; Question 173: Rules of Engagement (ROE) document provides certain rights a...; Question 174: Which of the following password hashing algorithms is used i...; Question 175: An external intrusion test and analysis identify security we...; Question 176: Identify the person who will lead the penetration-testing pr...; Question 177: Which of the following defines the details of services to be...; 1 commentQuestion 178: Which one of the following tools of trade is an automated, c...; Question 179: Snort, an open source network-based intrusion detection sens...; Question 180: Which one of the following acts related to the information s...; Question 181: A WHERE clause in SQL specifies that a SQL Data Manipulation...; Question 182: Transmission Control Protocol (TCP) is a connection-oriented...; Question 183: Many security and compliance projects begin with a simple id...; Question 184: During the process of fingerprinting a web application envir...; Question 185: You work as an IT security auditor hired by a law firm in Bo...; Question 186: John, the penetration testing manager in a pen testing firm,...; Question 187: Which one of the following components of standard Solaris Sy...; Question 188: Packet filtering firewalls are usually a part of a router. I...; Question 189: Logs are the record of the system and network activities. Sy...

Question 35/189

LEAVE A REPLY

Download PDF File