Online Access Free 412-79v9 Practice Test

Which of the following information gathering techniques collects information from an organization's web-based calendar and email services?

• A.Anonymous Information Gathering
• B.Active Information Gathering
• C.Private Information Gathering
• D.Passive Information Gathering

Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

• A.Examine Server Side Includes (SSI)
• B.Examine Hidden Fields
• C.Check for Directory Consistency and Page Naming Syntax of the Web Pages
• D.Examine E-commerce and Payment Gateways Handled by the Web Server

Which of the following password cracking techniques is used when the attacker has some information about the password?

• A.Hybrid Attack
• B.Rule-based Attack
• C.Dictionary Attack
• D.Syllable Attack

From where can clues about the underlying application environment can be collected?

• A.From file types and directories
• B.From source code
• C.From executable file
• D.From the extension of the file

Hackers today have an ever-increasing list of weaknesses in the web application structure at their disposal, which they can exploit to accomplish a wide variety of malicious tasks.

New flaws in web application security measures are constantly being researched, both by hackers and by security professionals. Most of these flaws affect all dynamic web applications whilst others are dependent on specific application technologies. In both cases, one may observe how the evolution and refinement of web technologies also brings about new exploits which compromise sensitive databases, provide access to theoretically secure networks, and pose a threat to the daily operation of online businesses.
What is the biggest threat to Web 2.0 technologies?

• A.URL Tampering Attacks
• B.SQL Injection Attacks
• C.Service Level Configuration Attacks
• D.Inside Attacks