A company's security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities.
Example: allintitle: root passwd
A hacker has successfully infected an internet-facing server which he will then use to send junk mail, take part in coordinated attacks, or host junk email content. Which sort of trojan infects this server?
A network admin contacts you. He is concerned that ARP spoofing or poisoning might occur on his network. What are some things he can do to prevent it? Select the best answers.
After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
When discussing passwords, what is considered a brute force attack?
What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server you've compromised and gained root access to?
You are monitoring the network of your organisations. You notice that: Which of the following solution will you suggest?
What is the difference between the AES and RSA algorithms?
Due to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?
In order to show improvement of security over time, what must be developed?
What hacking attack is challenge/response authentication used to prevent?
What is the following command used for? net use \targetipc$ "" /u:""
If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?
Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?
The purpose of a __________ is to deny network access to local area networks and other information assets by unauthorised wireless devices.
What do Trinoo, TFN2k, WinTrinoo, T-Sight, and Stracheldraht have in common?
You have successfully gained access to a linux server and would like to ensure that the succeeding outgoing traffic from this server will not be caught by a Network Based Intrusion Detection Systems (NIDS).
What is the best way to evade the NIDS?
Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.