Question 1

A security analyst has been asked to test the firewall rules in a corporate network. Which scenario is the most effective way to test for rule misconfigurations that might allow an unauthorized protocol or port to pass through the firewall undetected?

Options :

A : flooding the firewall with UDP traffic to determine if connectionless protocols can bypass the stateful filtering mechanisms

B : Using an FTP bounce attack to test firewall rules for opening an unauthorized connection through an alternate protocol channel

C : Sending fragmented TCP packets over multiple network segments to test if the firewall reassembles them before applying filtering rules

D : Launching a cross-site request forgery attack to test whether HTTP requests can bypass the firewall’s content filtering rules

Answer: B

Question 2

During a penetration testing exercise, you suspect a session hijacking attempt due to unusual session token patterns. What is a suitable initial command to investigate this anomaly on the network?

Options :

A : Run tcpdump -nnxi eth0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' to capture and analyze HTTP session tokens.

B : xecute netstat -an | grep :80 | grep ESTABLISHED to view active connections to port 80 and identify any anomalies.

C : Use wireshark -k -i eth0 -f 'tcp port 80' -a duration:60 to sniff traffic on port 80 for one minute and review sessions.

D : Implementing snort -dev -l ./log -c snort.conf to monitor for signatures associated with session hijacking.

Answer: A

Question 3

In a scenario where you suspect that an API's session tokens are not properly validated, which technique would you use to test the effectiveness of the API's session management?

Options :

A : Modify the API key in the header to see if the response changes

B : force session expiration by sending requests at rapid intervals

C : attempt session replay by reusing a captured valid session token to perform unauthorized actions

D : Use an invalidated token to access the API and monitor for unauthorized data retrieval

Answer: C

Question 4

Fill in the blank: To ensure successful injection of malicious code into a script, it is essential to manipulate the ________ of the target script to ensure that the injected code executes without being detected by basic validation mechanisms.

Options :

A : argument handling

B : memory allocation

C : execution flow

D : environment variable

Answer: C

Question 5

Fill in the blank: The most effective software for reverse engineering PLC code is typically ____.

Options :

A : IDA Pro

B : hidra

C : inary Ninja

D : OllyDbg

Answer: A