Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are u sing SFTP program on their computers.

Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network. What filter should George use in E thereal?

The first phase of the penetration testing plan is to develop the scope of the project in consultation with the client. Pen testing test components depend on the client’s operating environment, threat perception, security and compliance requirements, ROE, and budget.

Various components need to be considered for testing while developing the scope of the project.

W hich of the following is NOT a pen testing component to be tested?

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri ' s duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company ' s switches with ACK bit and the source address of her machine set.

What is Terri trying to accomplish by sending this IP packet?

You have compromised a lower-level administrator account on an Active Directory network of a small company in Dallas, Texas. You discover Domain Controllers through enumeration. You connect to one of the Domain Controllers on port 389 using Idp.exe.

What are you trying to accomplish here?

N NO: 134

Which of the following is the objective of Gramm-Leach-Bliley Act?

SQL injection attacks are becoming significantly more popular amongst hackers and there has been an estimated 69 percent increase of this attack type.

This exploit is used to great effect by the hacking community since it is the primary way to steal sensitive data from web applications. It takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a back-end database.

The below diagram shows how attackers launched SQL in jection attacks on web applications.

Which of the following can the attacker use to launch an SQL injection attack?

TCP/IP provides a broad range of communication protocols for the various applications on the network. The TCP/IP model has four layers with major protocols included within each layer. Which one of the following protocols is used to collect information from all the network devices?

The first and foremost step for a penetration test is information gathering. The main objective of this test is to gather information about the target system which can be used in a malicious manner to gain access to the target systems.

Which of the following informati on gathering terminologies refers to gathering information through social engineering on-site visits, face-to-face interviews, and direct questionnaires?

Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?