CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. GAQM
  5. CEH-001

Free CEH-001 Exam Braindumps (page: 97)

Page 96 of 220
PDF with 878 Questions

A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan. The analyst discovers that the application is developed in ASP scripting language and it uses MSSQL as a database backend. The analyst locates the application's search form and introduces the following code in the search input field.

IMG SRC=vbscript:msgbox("Vulnerable");> originalAttribute="SRC" originalPath="vbscript:msgbox("Vulnerable");>"
When the analyst submits the form, the browser returns a pop-up window that says "Vulnerable".

Which web applications vulnerability did the analyst discover?

  1. Cross-site request forgery
  2. Command injection
  3. Cross-site scripting
  4. SQL injection

Answer(s): C



While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web site.

<script>alert(" Testing Testing Testing ")</script>
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text: "Testing Testing Testing". Which vulnerability has been detected in the web application?

  1. Buffer overflow
  2. Cross-site request forgery
  3. Distributed denial of service
  4. Cross-site scripting

Answer(s): D



A hacker was able to sniff packets on a company's wireless network. The following information was discovered.

The Key 10110010 01001011
The Cyphertext 01100101 01011010

Using the Exlcusive OR, what was the original message?

  1. 00101000 11101110
  2. 11010111 00010001
  3. 00001101 10100100
  4. 11110010 01011011

Answer(s): B



International Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining

  1. guidelines and practices for security controls.
  2. financial soundness and business viability metrics.
  3. standard best practice for configuration management.
  4. contract agreement writing standards.

Answer(s): A






Post your Comments and Discuss GAQM CEH-001 exam with other Community members:

CEH-001 Exam Discussions & Posts