312-50v10 Exam Question 11
Scenario:
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks
that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content
or UPL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
1. Victim opens the attacker's web site.
2. Attacker sets up a web site which contains interesting and attractive content like 'Do you want to make
$1000 in a day?'.
3. Victim clicks to the interesting and attractive content URL.
4. Attacker creates a transparent 'iframe' in front of the URL which victim attempts to click, so victim thinks
that he/she clicks to the 'Do you want to make $1000 in a day?' url but actually he/she clicks to the content
or UPL that exists in the transparent 'iframe' which is setup by the attacker.
What is the name of the attack which is mentioned in the scenario?
312-50v10 Exam Question 12
What is the main disadvantage of the scripting languages as opposed to compiled programming languages?
312-50v10 Exam Question 13
The following is an entry captured by a network IDS. You are assigned the task of analyzing this entry. You notice the value 0x90, which is the most common NOOP instruction for the Intel processor. You figure that the attacker is attempting a buffer overflow attack.
You also notice "/bin/sh" in the ASCII part of the output.
As an analyst what would you conclude about the attack?
You also notice "/bin/sh" in the ASCII part of the output.
As an analyst what would you conclude about the attack?
312-50v10 Exam Question 14
Peter is surfing the internet looking for information about DX Company. Which hacking process is Peter doing?
312-50v10 Exam Question 15
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application.
What kind of Web application vulnerability likely exists in their software?
What kind of Web application vulnerability likely exists in their software?