As a part of the pen testing process, James performs a FIN scan as given below:

What will be the response if the port is open?

A. No response

B. FIN/RST

C. FIN/ACK

D. RST

In delivering penetration testing report, which of the following steps should NOT be followed?

A. Always send the report by email or CD-ROM

B. Always deliver the report to approved stakeholders in the company in person

C. Always ask for a signed acknowledgment after submitting the report

D. Report must be presented in a PDF format, unless requested otherwise

David is working on a pen testing assignment as a junior consultant. His supervisor told him to test a web application for SQL injection. The supervisor also informed David the web application is known to be vulnerable to the "admin' OR '" injection. When David tried this string, he received a WAF error message the input is not allowed. Which of the following strings could David use instead of the above string to bypass the WAF filtering?

A. exec sp_addsrvrolemember 'name ' , 'sysadmin '

B. ' union select

C. admin') or '1'='1'-

D. 'or username like char(37);

Which of the following pre-engagement documents identifies the systems to be tested, types of tests, and the depth of the testing?

A. Draft Report

B. Letter of Intent

C. Rule of Engagement

D. Authorization Letter

Identify the port numbers used by POP3 and POP3S protocols.

A. 113 and 981

B. 111 and 982

C. 110 and 995

D. 109 and 973

In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers, etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?

A. XPath Injection Attack

B. Authorization Attack

C. Authentication Attack

D. Frame Injection Attack

Security auditors determine the use of WAPs on their networks with Nessus vulnerability scanner which identifies the commonly used WAPs. One of the plug-ins that the Nessus Vulnerability Scanner uses is ID #11026 and is named "Access Point Detection". This plug-in uses four techniques to identify the presence of a WAP. Which one of the following techniques is mostly used for uploading new firmware images while upgrading the WAP device?

A. NMAP TCP/IP fingerprinting

B. HTTP fingerprinting

C. FTP fingerprinting

D. SNMP fingerprinting

Which of the following are the default ports used by NetBIOS service?

A. 135, 136, 139, 445

B. 134, 135, 136, 137

C. 137, 138, 139, 140

D. 133, 134, 139, 142

You are assisting a Department of Defense contract company to become compliant with the stringent

security policies set by the DoD. One such strict rule is that firewalls must only allow incoming connections

that were first initiated by internal computers.

What type of firewall must you implement to abide by this policy?

A. Circuit-level proxy firewall

B. Packet filtering firewall

C. Application-level proxy firewall

D. Statefull firewall

NTP protocol is used to synchronize the system clocks of computers with a remote time server or time source over a network. Which one of the following ports is used by NTP as its transport layer?

A. TCP port 152

B. UDP port 177

C. UDP port 123

D. TCP port 113