Which of the following tools can be used as penetration tools in the Information system auditing process?
Each correct answer represents a complete solution. Choose two.

Which of the following tools is an automated tool that is used to implement SQL injections and to retrieve data from
Web server databases?

You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-
secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user
page of the Web site. The We-are-secure login page is vulnerable to a __________.

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.weare- secure.com. He installs a rootkit on the Linux server of the We-are-secure network. Which of the following statements are true about rootkits?
Each correct answer represents a complete solution. Choose all that apply.