Which attack surface, defined by the SANS Institute, is delivered through the exploitation of vulnerabilities in web, cloud, or host-based applications?networksoftwarehumanhostNavigation Bar

Which of the following tools assists security professionals from the initial mapping and analysis of an application’s attack surface to the identification and exploitation of security vulnerabilities?Group of answer choicesEMC NetWorkerNagiosophcrackBurp Suite

1.Question 1Identify the attack in which an attacker exploits vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to the internal or backend servers. 1 pointSSH brute force Web server password cracking Web server misconfiguration Server-side request forgery 2.Question 2In which of the following layers of the vulnerability stack do security professionals configure solutions such as IDS and IPS to raise alarms if any malicious traffic enters a target server? 1 pointLayer 5Layer 7Layer 3 Layer 13.Question 3While performing web application testing, Ruben, a software developer, found out that the web application failed to protect sensitive traffic flowing in the network. Additionally, the web application supported weak algorithms and used expired or invalid certificates, making it susceptible to various attacks that revealed user data.Identify the security misconfiguration detected by Ruben in the above scenario. 1 pointInsufficient transport layer protection Unvalidated inputs Improper error handling Parameter/form tampering 4.Question 4Identify the type of SQL injection technique used by the attacker when they cannot directly exploit any other SQL injection techniques. 1 pointBlind SQL injection Out-of-band SQL injection Error-based SQL injection In-band SQL injection 5.Question 5Which of the following countermeasure helps developers or testing teams secure the database against SQL injection attacks? 1 pointUse quoted/delimited identifiers as they can ease the whitelisting, black-listing, and escaping efforts Avoid constructing dynamic SQL with concatenated input values Test the content of string variables and accept all the values Ensure that the web config files for each application contain sensitive information

Which two attacks target web servers through exploiting possible vulnerabilities of input functions used by an application? (Choose two.)cross-site scriptingtrust exploitationport scanningport redirectionSQL injectionNavigation Bar

A _____ uses specialized software to scan internal networks and Internet facing servers for weaknesses and areas of exposure.vulnerability assessmentPenTestrisk analysisPhreak test

_____________ is guarded by firewalls.Select one:virus attacksdata driven attacksUnauthorized accessfire attacks