Correct Answer:

GET /restricted/accounts/?name=Joe HTTP/1.1 Host: somebank.com is correct.

Of the choices provided, this is the only one that attempts direct access to Joe’s account. The following is from OWASP’s page on the subject: “Applications frequently use the actual name or key of an object when generating web pages. Applications don’t always verify the user is authorized for the target object. This results in an insecure direct object reference flaw.” An attacker, who is an authorized system user, simply changes a parameter value that directly refers to a system object to another object the user isn’t authorized for.

Incorrect Answers:

GET /restricted/\r\n\%00account%00Joe%00access HTTP/1.1  Host: somebank.com, GET /restricted/bank.getaccount('Joe') HTTP/1.1  Host: somebank.com, and GET /restricted/goldtransfer?to=Brad&from=1 or 1=1' HTTP/1.1  Host: somebank.com are incorrect.

These do not attempt direct access to Joe’s account.

Correct Answer:

Proxy servers can filter Internet traffic for internal hosts is correct.

Proxy servers stand in the stead of internal hosts. You can have them go out of the network and do all the dirty work for you, or you can have them “host” services for you. Providing controlled access to Internet traffic with a proxy is an excellent example—browsers point to a proxy that then handles the work of grabbing and returning requested data.

Incorrect Answers:

Proxy servers monitor unauthorized access to the network, proxy servers automate IP addressing on your network, and proxy servers allow outside customers access to the organization website are incorrect.

An IDS monitors traffic, and DHCP servers automate addressing. A web server would be used to host a website, not a proxy.

Correct Answer:

The ASP script is vulnerable to SQL injection attack is correct.

The login script clearly states it’s using SQL, and you can clearly see the “If login is bad, tell them invalid, but if everything (better said, anything) else is okay, let them in.”

Incorrect Answers:

The ASP script is vulnerable to XSS attack, the ASP script is vulnerable to session splice attack, and the ASP script is vulnerable to replay attack are incorrect.

None of the other answers matches anything in the script at all.

Correct Answer:

The firewall doesn’t protect against port 80 and port 443 attacks is correct.

The question states that users are accessing the server over HTTP and HTTPS. This indicates the standard ports 80 and 443 must be open on the firewall. Of course, as we all know, there is nothing restricting the use of any port for any purpose—port 80 can carry anything an attacker wants it to carry—but standard port numbering and purposes can be used on most of your exam.

Incorrect Answers:

The firewall can detect malicious traffic and will halt attacks, if properly configured, a firewall is the only protection needed to safeguard the server, and authentication methods configured at the firewall can halt most attacks are incorrect.

Firewalls aren’t designed to discern whether traffic is malicious or not: they either allow or block traffic.

Firewalls are most definitely not the only security requirement for any system, and there are no authentication mechanisms to go through; either traffic is allowed or it is not.

Correct Answers:

Version, algorithm ID, public key, and key usage are correct.

X.509 is an ITU-T standard defining all sorts of things regarding PKI, including the digital certificate and what it holds. It identifies several components of a digital certificate, including the version, the algorithm ID, a copy of the public key, and the key usage description.

Incorrect Answers:

Private key and PTR record are incorrect.

The private key is never shared.

A PTR record is a DNS record type, not a component of a digital signature.

Correct Answer:

Public is correct.

A public cloud model is one where services are provided over a network that is open for public use (like the Internet). Public cloud is generally used when security and compliance requirements found in large organizations isn’t a major issue.

Incorrect Answers:

Private, community, and hybrid are incorrect.

A private cloud model is operated solely for a single organization (aka single-tenant environment), is usually not a pay-as-you-go type of operation, and is usually preferred by larger organizations.

A community cloud model is one where the infrastructure is shared by several organizations, usually with the same policy and compliance considerations.

The hybrid cloud model is exactly what it sounds like—a composite of two or more cloud deployment models.

Correct Answer:

Scanning is correct.

There are five stages in an ethical hack—reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. In this case, the attacker is using ping as well as port and vulnerability scanners to discover live targets and prepare attacks against them.

Incorrect Answers:

Attack, reconnaissance, pre-attack, and gaining access are incorrect.

Attack and pre-attack are two of the three pen test stages (post-attack being the only one left).

Reconnaissance would be using public records and such to gather useful information.

Gaining access is where the fun starts—attacking to find a way in.

Correct Answer:

SMB is correct.

Also known as Common Internet File System (CIFS), SMB can run directly over port 445 but also uses ports 137 and 138 in UDP and uses 137 and 139 in TCP.

Incorrect Answers:

SNMP, Syslog, and Kerberos are incorrect.

By default, SNMP uses TCP 161, syslog uses UDP 514, and Kerberos uses TCP 88.

Correct Answer:

Pre-attack is correct.

Pen tests have pre-attack, attack, and post-attack phases. Scanning takes place in the pre-attack phase.

Incorrect Answers:

Attack, post-attack, and reconnaissance are incorrect.

Scanning does not take place in the attack or post-attack phase. Reconnaissance is a distractor in this case.

Correct Answer:

Computer based is correct. There are three types of social engineering attacks: human based, mobile based, and computer based. All of the mentioned attacks make use of computers; therefore, the answer is computer based.

Incorrect Answers;

Human based, technical, and physical are incorrect.

Human-based social engineering uses face-to-face or telephone contact. Technical and physical are distracters.