- (Exam Topic 2)
Which utility will tell you in real time which ports are listening or in another state?
Correct Answer:
B
- (Exam Topic 2)
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration. If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
Correct Answer:
C
- (Exam Topic 3)
When you are testing a web application, it is very useful to employ a proxy tool to save every request and response. You can manually test every request and analyze the response to find vulnerabilities. You can test parameter and headers manually to get more precise results than if using web vulnerability scanners.
What proxy tool will help you find web vulnerabilities?
Correct Answer:
C
- (Exam Topic 1)
Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?
Correct Answer:
D
- (Exam Topic 1)
Which of the following is a component of a risk assessment?
Correct Answer:
A
