1.Question 1Identify the attack in which an attacker exploits vulnerabilities that evolve from the unsafe use of functions in an application in public web servers to send crafted requests to the internal or backend servers. 1 pointSSH brute force Web server password cracking Web server misconfiguration Server-side request forgery 2.Question 2In which of the following layers of the vulnerability stack do security professionals configure solutions such as IDS and IPS to raise alarms if any malicious traffic enters a target server? 1 pointLayer 5Layer 7Layer 3 Layer 13.Question 3While performing web application testing, Ruben, a software developer, found out that the web application failed to protect sensitive traffic flowing in the network. Additionally, the web application supported weak algorithms and used expired or invalid certificates, making it susceptible to various attacks that revealed user data.Identify the security misconfiguration detected by Ruben in the above scenario. 1 pointInsufficient transport layer protection Unvalidated inputs Improper error handling Parameter/form tampering 4.Question 4Identify the type of SQL injection technique used by the attacker when they cannot directly exploit any other SQL injection techniques. 1 pointBlind SQL injection Out-of-band SQL injection Error-based SQL injection In-band SQL injection 5.Question 5Which of the following countermeasure helps developers or testing teams secure the database against SQL injection attacks? 1 pointUse quoted/delimited identifiers as they can ease the whitelisting, black-listing, and escaping efforts Avoid constructing dynamic SQL with concatenated input values Test the content of string variables and accept all the values Ensure that the web config files for each application contain sensitive information