312-50v10 Exam Question 31

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.
What should be the first step in security testing the client?
  • 312-50v10 Exam Question 32

    While using your bank's online servicing you notice the following string in the URL bar:
    "http://www.MyPersonalBank.com/account?id=368940911028389&Damount=10980&Cam ount=21" You observe that if you modify the Damount & Camount values and submit the request, that data on the web page reflect the changes.
    Which type of vulnerability is present on this site?
  • 312-50v10 Exam Question 33

    An attacker tries to do banner grabbing on a remote web server and executes the following command.

    Service
    detection performed. Please report any incorrect results at http://nmap.org/submit/.
    Nmap done: 1 IP address (1 host up) scanned in 6.42 seconds
    What did the hacker accomplish?
  • 312-50v10 Exam Question 34

    When tuning security alerts, what is the best approach?
  • 312-50v10 Exam Question 35

    Which of the following tools performs comprehensive tests against web servers, including dangerous files and CGIs?