Phase 3

Question 1

What does CMMI stand for?

Answer 1

Capability Maturity Model Integration

Question 2

How many levels are there in CMMI?

Answer 2

5

Question 3

At which level of CMMI are processes characterized throughout the organization?

Defined

Optimizing

Managed

Quantitatively Managed

Answer 3

Defined

Question 4

PCI-DSS has how many objectives?

Answer 4

6

Question 5

At which level of CMMI are processes unpredictable and/or poorly controlled?

Answer 5

Initial

Question 6

Which of the following are the significant compliance drivers used to manage a GRC program effectively? (select all that apply)

Regulatory

Compliance

Contractual

Organizational

Answer 6

Regulatory

Contractual

Organizational

Question 7

What is the default port used by burp suite for the proxy

Answer 7

8080

Question 8

When using burp suite as a proxy, what default IP address should be pointed to for the proxy

Answer 8

Localhost

Question 9

What additional steps are necessary to be able to access an https site using a proxy

Answer 9

The proxy’s TLS root CA certificate must be installed in the browser’s CA store

Question 10

In which section of an html document would the <title></title> tags normally be used

Answer 10

<head> section
</head>

Question 11

Which of these is the anchor tag?

<ing>
<div>
<anchor>
<a>
</a></anchor></div></ing>

Answer 11

<a></a>

Question 12

What is inline content

Answer 12

When all html and other elements exist in one single page

Question 13

What is linked content

Answer 13

When one page has html with references to separate files containing css and Javascript

Question 14

What type of vulnerability allows attackers to execute unauthorized commands on the server by exploiting improperly sanitized input fields?

Answer 14

Command Injection .
Is a vulnerability that allows an attacker to execute arbitrary commands on a host operating system through a vulnerable app

Question 15

Which Attack uses the users currently authenticate session to forge a request to a web application ?

Answer 15

Cross site request forgery (csrf) tricks the victim into submitting a malicious request.

Question 16

What vulnerability occurs when a web application allows the upload of executable scripts as files?

Answer 16

File inclusion lfi. And upload vulnerability

These vulnerabilities allow attackers to include files on the server or upload dangerous files to a server

LFI local file inclusion
Rfi remote file inclusion

Question 17

What vulnerability is present if an attacker can programmatically bypass a web application captcha

Answer 17

Using an insecure captcha occur when captcha implementation is weak allowing automated systems to attack

Question 18

Which vulnerability allows attackers to manipulate backend databases through unsanitized input fields

Answer 18

SQL injection involves inserting a SQL query via the input data from the client to the application

Question 19

What vulnerability could allow an attacker to predict or brute force a session token

Answer 19

Weak session ids are vulnerable to interception or prediction, allowing attackers to hijack a users session

Question 20

What type of vulnerability allows attackers to inject client-side scripts into web pages viewed by other users

Answer 20

Cross-site scripting(xss) allows attackers to inject malicious scripts into content viewed by other users. Stored xss persists on the server, while reflected xss is returned in the response

Question 21

What are the 6 levels of the software development cycle

Answer 21

Planning
Analysis
Design
Implementation
Testing and integration
Maintenance

Question 22

Where is the default Apache configuration file in fedora linux?

Answer 22

/etc/httpd/conf

Question 23

Why should the 404 page be customized

Answer 23

Obfuscate the details about apache server, to minimize known attacks

Question 24

What is java

Answer 24

A compiled, statically typed language that is used to develop a wide variety of applications, including desktop software, mobile apps and web servers

Question 25

What is javascript

Answer 25

Interpreted dynamically typed language primarily used to add interactivity to web pages

Question 26

What is Metadata?

Answer 26

Data about the data or object

Question 27

What designates Javascript in an html document?

Question 28

What is Race condition?

Answer 28

An attack method where attacker races against a vulnerable application by exploiting the gap between testing and accessing the file. Also known as TOCTOU

Question 29

How many directories deep does mkdir -p $(python3 -c ‘print (“A/”*50)’) create?

Answer 29

50

Question 30

In the command mkdir -p $(python3 -c ‘print(“A/”*50)’) what does the -p do?

Answer 30

Creates parent directories, as needed

Question 31

Which SQL command allows us to query a database for current values?

Answer 31

SELECT

Question 32

Which SQL command returns all the values in a table named people?

Answer 32

SELECT * FROM people;

Question 33

Which SQL command allows new records to be created in a table called people?

Answer 33

INSERT INTO people (username,firstname,lastname,pass) VALUES(“uname”,”some”,”one”,”password1!);

Question 34

Where does PHP scripting run?

Answer 34

Server side

Question 35

Why would a programmer choose a compiled language instead of an interpreted one?

Answer 35

Compiled code tends to be faster and more efficient

Question 36

Using xdd on a file, you get the following output. What type of file is this?
00000000: 2321 2f62 686e 2f62 6173 680a

Answer 36

Bash script

Question 37

What does -m32 flag do with gcc?

Answer 37

Compiles code into 32bit binary