Domain 6 Flashcards
An ICMP echo request is commonly used during the enumeration or host discovery phase of the serve side attack methodology. What is this technology?
Ping sweep
What is the difference between pen testing and vulnerability testing
Pen testing includes exploiting flaws
What is effective against server side attacks
Firewall
I. A client side exploitation attack after reviewing the logs, what initiated the attack?
Victims machine
Placing a sniffer at a networks choke point and trying to discover applications and servers in use on a network are examples of what
Passive fingerprinting
What is a key tool in web application pen testing that assists dynamic application security testing
HTTP interception proxy
What is the prices of network enumeration
Host discovery
What is the most appropriate technique for determining IPv6 enabling hosts during
Host discovery phase
Neighbor discovery
An attacker compromised a system by first initiating TVP three way handshake to Tcp port 445 and then launching and exploit
Service side attack
If a pen tester were to exploit oracle, Java, adobe flash or Microsoft office, what type of exploit would this be
Client side exploitation
What’s the most important consideration for back ups
Ability to restore the backups
What phase of the server side exploitation methodology would include reviewing LinkedIn or Twitter
Reconnaissance
What type of testing targets unexpected user behavior
Misuse case testing
What method includes building scripts or tools that simulate activities normally performed in an application
Synthetic transactions
What tool would send the following series of a characters to an application AAA,AAAA,AAAAAAAAAA
Fuzzer
