Wapt Test 2

Question 1

1. Clent Certificate Authentication
2. Form Based Authentication
3. Two-Factor auth
4. Basic Authentication

Answer 1

Basic Authentication

Question 2

Based on this snippet from an authentication session intercept. Which statement is most likely to describe the security posture?
1. Security of the application will depend entirely on developers implimentation.
2. Due to user lockout, this app is vuln to MITM attacks
3. The exloitable link inthis authenticatioin scheme is the cliehnt machine.

Answer 2

1. Security of the application will depend entirely on developers implimentation.

Question 3

Which Burp tool can assist an analyst in manual logic flaw testing?
1. Extender
2. Sequencer
3. Intruder
4. Repeater

Answer 3

4. Repeater

Question 4

if the @8.8.8.8 was removed from the command bellow, what would occur?
dig @8.8.8.8 giac.org -t mx
1. Command will fail because a DNS server is not specified
2. The default DNS server for the target will be queried
3. The root name server for the zone will be queried
4. The default DNS server for the host machine will be queried

Answer 4

4. The default DNS server for the host machine will be queried

Question 5

What foundational technology enables the creation of dynamic web pages?
1. Simple Object Access Protocol
2. Document Object Model
3. Hypertext Transfer Protocol/3
4. JavaScript Object Notation

Answer 5

2. DOM

Question 6

Which of the following is an example of a false positive when using automated scanner?
1. An SSH server discovered on a non standardard port
2. initial TTL Values that are set unusually low
3. IIS vulnerabilities on an Apache Server
4. A RST/ACK packet from a terminated session

Answer 6

3. IIS Vulnerabilities on an Apache Server

Question 7

Which of the following can be used by a dev to prevent HTML injection attacks?
1. input sanitization
2. Same Origin Policy enforcement
3. Key management
4. Session validation

Answer 7

1. Input Sanitization

Question 8

Which of the following fields would appear in an HTTP Request header?
1. Allow: Post, Head
2. Server: Apache/1.3.26 (Red-Hat/Linux)
3. Host: www.company.org
4. Set-Cookie: UserID=LDoppler; max-age=3600

Answer 8

3. Host: www.company.org

Methods allowed, Set Cookie, and Server fields are all in the HTTP Resp

Question 9

Which of the following is the first line of an HTTP Response?
1. Server Name
2. Status Code
3. Character Set
4. Content Type

Answer 9

2. Status Code

Question 10

What flaw exists in an application that retrieves a resource using user-supplied input without validating the account is authorized to access it?
1. Parameter Tampering
2. Direct Page Access
3. Ajax Same Origin Policy Evasion
4. Insecure Direct Object Reference.

Answer 10

4. Insecure Direct Object Reference

Question 11

A pentester enteres a series of strings into a search field on a web app server to determine the num of columns and types of data.
** levi’ UNION SELECT NULL; –
levi’ UNION SELECT NULL, NULL;–
etc**
Not mater how many NULLS no attemp is succesful. What is the problem?

1. He did not ORDER BY attack strings before this UNION
2. A NULL is not matchiing a column’s data type
3. Oracle is the backend DB
4. the attack string requires column names

Answer 11

3. Oracl is the backend DB

Question 12

Given the URL bellow, which type of attack would most likely to succeed?
http://www.giac.net/php/index.php?lang=de-utf &&convcharset-iso-888&conenection=utf8_unicode_ci
1. cookie theft
2. reflective XSS
3. HTTP referer

Answer 12

2. Reflective xss

Question 13

What is the purpose of Same-Origine Policy in providing web application security in a browsers memory?
1. Stopping a browser from running dangerious scipts
2. Prohibiting a web session from running externally sourced scripts
3. Controlling interaction between code from different users
4. Preventing client from accessing a malicious site

Answer 13

3. Controlling interactions between code from different servers

Question 14

Which statement would be found in the Scope section for a web app pen test?
1. Updates to the pentester’s virtual machine and tools will be applied manualy and validated against the tester’s lab target
2. Client is responsible for contacting their hosting service and scheduling the test with them
3. Targets of the test will not block pentesters IP addresses
4. Backups of the target environment will be performed prior to the test

Answer 14

2. Client is responsible for contacting their hosting service and scheduling the test with them

Question 15

Which of the followoing is recommended method of maintaining web app session state?
1. Ses management as defined by the HTTP protocol
2. Ses management built into the web framework
3. Ses management provided by the OS
4. Ses management created by the applictions dev

Answer 15

2. Ses management built into the web framework.

Question 16

Which of the followoing is recommended method of maintaining web app session state?
1. Ses management as defined by the HTTP protocol
2. Ses management built into the web framework
3. Ses management provided by the OS
4. Ses management created by the applictions dev

Answer 16

2. Ses management built into the web framework.

Question 17

A SQL table column includes the following data. What data type is most likely used
amarquez
bogrady
jsmith
1. CHAR
2. BOOL
3. VARCHAR
4. BINARY

Answer 17

3. VARCHAR

VARCHAR allows for strings of variable lenght

Question 18

Answer 18

A.

Question 19

Which section of a web application pentest report outlines relevant detail, constrants, results, information like tgt IP and summary of recommended fixes?
1. Findings.
2. Appendices
3. Test Parameters
4. Executive Summary

Answer 19

3. Test Parameters