A penetration tester is testing input validation on a search form that was discovered on a website. Which of the following characters is the BEST option to test the website for vulnerabilities?
Correct Answer:
C
A single quote (') is a common character used to test for SQL injection vulnerabilities, which occur when user input is directly passed to a database query. A single quote can terminate a string literal and allow an attacker to inject malicious SQL commands. For example, if the search form uses the query SELECT * FROM products WHERE name LIKE ‘%user_input%’, then entering a single quote as user input would result in an error or unexpected behavior
The following line-numbered Python code snippet is being used in reconnaissance:
Which of the following line numbers from the script MOST likely contributed to the script triggering a “probable port scan” alert in the organization’s IDS?
Correct Answer:
D
Which of the following is the MOST common vulnerability associated with IoT devices that are directly connected to the Internet?
Correct Answer:
A
A penetration tester ran an Nmap scan on an Internet-facing network device with the –F option and found a few open ports. To further enumerate, the tester ran another scan using the following command:
nmap –O –A –sS –p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered.
Which of the following MOST likely occurred on the second scan?
Correct Answer:
A
Which of the following should a penetration tester attack to gain control of the state in the HTTP protocol after the user is logged in?
Correct Answer:
D