最新的 Certified Ethical Hacker 412-79v8 免費考試真題:

1. SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.
This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back-end database.
The below diagram shows how attackers launched SQL injection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?

A) Blah' or 1=1 -
B) Blah' "2=2 -"
C) Blah' and 1=1 -
D) Blah' and 2=2 -
E) Explanation:
QUESTIONNO: 127 What threat categories should you use to prioritize vulnerabilities detected in the pen testing report?
A. 1, 2, 3, 4, 5
B. Low, medium, high, serious, critical
C. Urgent, dispute, action, zero, low
D. A, b, c, d, e

2. Which of the following has an offset field that specifies the length of the header and data?

A) TCP Header
B) UDP Header
C) ICMP Header
D) IP Header

3. Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

A) Penetration Testing Agreement
B) Rules of Behavior Agreement
C) Liability Insurance
D) Non-Disclosure Agreement

4. The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.
Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first.
Identify the injection attack represented in the diagram below:

A) LDAP Injection Attack
B) Frame Injection Attack
C) XPath Injection Attack
D) SOAP Injection Attack

5. Logs are the record of the system and network activities. Syslog protocol is used for delivering log information across an IP network. Syslog messages can be sent via which one of the following?

A) UDP and TCP
B) TCP and SMTP
C) SMTP
D) UDP and SMTP

問題與答案：