What type of analysis is performed when an attacker has partial knowledge of inner-workings of the application?

• A.Announced
• B.Black-box
• C.White-box
• D.Grey-box

Comment: *

Name: *

Email: *

Verification: *

Jude, a pen tester, examined a network from a hacker's perspective to identify exploits and vulnerabilities accessible to the outside world by using devices such as firewalls, routers, and servers. In this process, he also estimated the threat of network security attacks and determined the level of security of the corporate network.
What is the type of vulnerability assessment that Jude performed on the organization?

• A.Passive assessment
• B.Application assessment
• C.External assessment
• D.Host-based assessment

Comment: *

Name: *

Email: *

Verification: *

which type of virus can change its own code and then cipher itself multiple times as it replicates?

• A.Stealth virus
• B.Tunneling virus
• C.Cavity virus
• D.Encryption virus

Comment: *

Name: *

Email: *

Verification: *

Which system consists of a publicly available set of databases that contain domain name registration contact information?

• A.CAPTCHA
• B.IANA
• C.IETF
• D.WHOIS

Comment: *

Name: *

Email: *

Verification: *

In order to tailor your tests during a web-application scan, you decide to determine which web-server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:
80/tcp open http-proxy Apache Server 7.1.6
what Information-gathering technique does this best describe?

• A.WhOiS lookup
• B.Banner grabbing
• C.Dictionary attack
• D.Brute forcing

Correct Answer: B

Banner grabbing is a technique wont to gain info about a computer system on a network and the services running on its open ports. administrators will use this to take inventory of the systems and services on their network. However, an to find will use banner grabbing so as to search out network hosts that are running versions of applications and operating systems with known exploits.
Some samples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 severally. Tools normally used to perform banner grabbing are Telnet, nmap and Netcat.
For example, one may establish a connection to a target internet server using Netcat, then send an HTTP request. The response can usually contain info about the service running on the host:

This information may be used by an administrator to catalog this system, or by an intruder to narrow down a list of applicable exploits. To prevent this, network administrators should restrict access to services on their networks and shut down unused or unnecessary services running on network hosts. Shodan is a search engine for banners grabbed from portscanning the Internet.

Comment: *

Name: *

Email: *

Verification: *