An organization decided to harden its security against web-application and web-server attacks. John, a security personnel in the organization, employed a security scanner to automate web-application security testing and to guard the organization's web infrastructure against web-application threats. Using that tool, he also wants to detect XSS, directory transversal problems, fault injection, SQL injection, attempts to execute commands, and several other attacks. Which of the following security scanners will help John perform the above task?

• A.AlienVaultOSSIM™
• B.Syhunt Hybrid
• C.Cisco ASA
• D.Saleae Logic Analyzer

Comment: *

Name: *

Email: *

Verification: *

You are performing a penetration test for a client and have gained shell access to a Windows machine on the internal network. You intend to retrieve all DNS records for the internal domain, if the DNS server is at 192.168.10.2 and the domain name is abccorp.local, what command would you type at the nslookup prompt to attempt a zone transfer?

• A.List domain=Abccorp.local type=zone
• B.Iserver 192.168.10.2-t all
• C.list server=192.168.10.2 type=all
• D.is-d abccorp.local

Comment: *

Name: *

Email: *

Verification: *

Annie, a cloud security engineer, uses the Docker architecture to employ a client/server model in the application she is working on. She utilizes a component that can process API requests and handle various Docker objects, such as containers, volumes. Images, and networks. What is the component of the Docker architecture used by Annie in the above scenario?

• A.Docker client
• B.Docker objects
• C.Docker daemon
• D.Docker registries

Correct Answer: C

Docker uses a client-server design. The docker client talks to the docker daemon, that will the work of building, running, and distributing your docker containers. The docker client and daemon will run on the same system, otherwise you will connect a docker consumer to a remote docker daemon. The docker consumer and daemon communicate using a REST API, over OS sockets or a network interface.

The docker daemon (dockerd) listens for docker API requests and manages docker objects like pictures, containers, networks, and volumes. A daemon may communicate with other daemons to manage docker services.

Comment: *

Name: *

Email: *

Verification: *

Richard, an attacker, targets an MNC. in this process, he uses a footprinting technique to gather as much information as possible. Using this technique, he gathers domain information such as the target domain name, contact details of its owner, expiry date, and creation date. With this information, he creates a map of the organization's network and misleads domain owners with social engineering to obtain internal details of its network. What type of footprinting technique is employed by Richard?

• A.VoIP footprinting
• B.VPN footprinting
• C.Whois footprinting
• D.Email footprinting

Comment: *

Name: *

Email: *

Verification: *

Attacker Rony Installed a rogue access point within an organization's perimeter and attempted to Intrude into its internal network. Johnson, a security auditor, identified some unusual traffic in the internal network that is aimed at cracking the authentication mechanism. He immediately turned off the targeted network and tested for any weak and outdated security mechanisms that are open to attack. What is the type of vulnerability assessment performed by Johnson in the above scenario?

• A.Distributed assessment
• B.Wireless network assessment
• C.Host-based assessment
• D.Application assessment

Comment: *

Name: *

Email: *

Verification: *