Fuzz testing or fuzzing is a software/application testing technique used to discover coding errors and security loopholes in software, operating systems, or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash.
Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs, and SQL injection.
Fuzzer helps to generate and submit a large number of inputs supplied to the application for testing it against the inputs. This will help us to identify the SQL inputs that generate malicious output.
Suppose a pen tester knows the underlying structure of the database used by the application (i.e., name, number of columns, etc.) that she is testing.
Which of the following fuzz testing she will perform where she can supply specific data to the application to discover vulnerabilities?
A. Clever Fuzz Testing
B. Smart Fuzz Testing
C. Complete Fuzz Testing
D. Dumb Fuzz Testing
正解:B
質問 2:
The SnortMain () function begins by associating a set of handlers for the signals, Snort receives. It does this using the signal () function. Which one of the following functions is used as a programspecific signal and the handler for this calls the DropStats() function to output the current Snort statistics?
A. SIGTERM
B. SIGHUP
C. SIGUSR1
D. SIGINT
正解:C
質問 3:
Identify the type of testing that is carried out without giving any information to the employees or administrative head of the organization.
A. Announced Testing
B. Blind Testing
C. Double Blind Testing
D. Unannounced Testing
正解:C
質問 4:
An attacker injects malicious query strings in user input fields to bypass web service authentication mechanisms and to access back-end databases. Which of the following attacks is this?
A. XPath Injection Attack
B. LDAP Injection Attack
C. Frame Injection Attack
D. SOAP Injection Attack
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?
A. Action Plan
B. Testing Plan
C. Configuration checklists
D. Vulnerabilities checklists
正解:D
質問 6:
Which one of the following is a supporting tool for 802.11 (wireless) packet injections, it spoofs
802.11 packets to verify whether the access point is valid or not?
A. Airpwn
B. Aircrack
C. Airsnort
D. Explanation:
QUESTIONNO: 181 A Demilitarized Zone (DMZ) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. Usage of a protocol within a DMZ environment is highly variable based on the specific needs of an organization. Privilege escalation, system is compromised when the code runs under root credentials, and DoS attacks are the basic weakness of which one of the following Protocol?
A. Lightweight Directory Access Protocol (LDAP)
B. Simple NetworkManagement Protocol (SNMP)
C. Telnet
D. Secure Shell (SSH)
E. WEPCrack
正解:A
質問 7:
Information gathering is performed to:
i) Collect basic information about the target company and its network
ii) Determine the operating system used, platforms running, web server versions, etc.
iii) Find vulnerabilities and exploits
Which of the following pen testing tests yields information about a company's technology infrastructure?
A. Analyzing the link popularity of the company's website
B. Searching for trade association directories
C. Searching for web page posting patterns
D. Searching for a company's job postings
正解:D
質問 8:
Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?
A. ./snort -l ./log -b
B. ./snort -dv -r packet.log
C. ./snort -dev -l ./log
D. ./snort -dvr packet.log icmp
正解:B
Satou -
412-79v8問題集は信頼に値する商品です。412-79v8のおかげで、無事に412-79v8試験に合格しました。