CCSP Test 2 (Module 1 to 4)

Cybersecurity Engineer Test

CCSP Test 2 (Module 1 to 4)

1 / 100

Category: Vulnerability Assessment and Scanning Segment -02

1. You are a consultant for an IT company. Your boss asks you to determine the topology of the network. What is the best device to use in this circumstance? 

2 / 100

Category: Vulnerability Assessment and Scanning Segment -02

2. Which of the following can enable you to find all the open ports on an entire network?

3 / 100

Category: Vulnerability Assessment and Scanning Segment -02

3. What can hackers accomplish using malicious port scanning?

4 / 100

Category: Vulnerability Assessment and Scanning Segment -02

4. Why would a security administrator use a vulnerability scanner?

5 / 100

Category: Vulnerability Assessment and Scanning Segment -02

5. Using 3-way handshake, it is possible to check for open ports.

6 / 100

Category: Vulnerability Assessment and Scanning Segment -02

6. Port scanning is a method of finding out which services a host computer offers

7 / 100

Category: Vulnerability Assessment and Scanning Segment -02

7. A closed port can be vulnerable to an attack

8 / 100

Category: Vulnerability Assessment and Scanning Segment -02

8. Wireshark capture performance is inversely proportional to packet size

9 / 100

Category: Vulnerability Assessment and Scanning Segment -02

9. Wireshark detects TCP retransmissions using which of the following methods?

10 / 100

Category: Vulnerability Assessment and Scanning Segment -02

10. Which of the following is NOT mitigated by Network Security?

11 / 100

Category: Vulnerability Assessment and Scanning Segment -02

11. which command below will perform a ping scan on a host’s IP address?

12 / 100

Category: Vulnerability Assessment and Scanning Segment -02

12. How are hosts identified?

13 / 100

Category: Vulnerability Assessment and Scanning Segment -02

13. A ______________ is a simple network scanning technique used for determining which range of IP address map to live hosts.

14 / 100

Category: Vulnerability Assessment and Scanning Segment -02

14. Wireshark is a ____________ tool

15 / 100

Category: Vulnerability Assessment and Scanning Segment -02

15. The TCP handshake consists of SYN, SYN/ACK and ACK packets

16 / 100

Category: Vulnerability Assessment and Scanning Segment -02

16. The filter ip.addr == 10.10.10.10 can be used as a capture filter

17 / 100

Category: Vulnerability Assessment and Scanning Segment -02

17. Which of this Nmap do not check?

18 / 100

Category: Vulnerability Assessment and Scanning Segment -02

18. Port number 443 and 23 is used by which of the following?

19 / 100

Category: Vulnerability Assessment and Scanning Segment -02

19. ICMP is used in

20 / 100

Category: Vulnerability Assessment and Scanning Segment -02

20. What type of scan is defined by following command: nmap -O 192.168.0.101

21 / 100

Category: Vulnerability Assessment and Scanning Segment -02

21. Which command provides all port scanning function:

22 / 100

Category: Vulnerability Assessment and Scanning Segment -02

22. Scanning is performed in which phase of a pen test?

23 / 100

Category: Vulnerability Assessment and Scanning Segment -02

23. In port scanning, a _________ is always associated with an IP address (usually of the host system) & the type of protocol (UDP or TCP) employed for communication

24 / 100

Category: Vulnerability Assessment and Scanning Segment -02

24. Which of them is not a standard scanning type or terminology?

25 / 100

Category: Vulnerability Assessment and Scanning Segment -02

25. ____________ scanning is a procedure to identify active hosts on your network

26 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

1. According to OWASP what is the most dangerous web vulnerability?

27 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

2. What is sql injection? 

28 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

3. SQL injection is an attack in which _________ code is inserted into strings that are later passed to an instance of SQL Server

29 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

4. _______________ is time based SQL injection attack

30 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

5. Which of the following is NOT a characteristic of a SQL injection attack?

31 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

6. All of the following are SQL vulnerabilities EXCEPT _____

32 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

7. Point out the wrong statement

33 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

8. Which of the following script is an example of Quick detection in the SQL injection attack?

34 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

9. Which statement is used to extract data from a database?

35 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

10. With SQL, how do you select all the columns from a table named "Persons"?

36 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

11. Which character returns all the data found in a table?

37 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

12. Where can we use SQL injection ?(Choose all applicable answers)

38 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

13. SQL injection is used in web application only

39 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

14. How does SQL Injection Work?

40 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

15. Why is SQL Injection Significant?

41 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

16. What is it called when we move from privileges to privileges in a database server?

42 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

17. Which character is most likely to be used for an SQL injection attack

43 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

18. Which of the following is NOT a SQL command?

44 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

19. SQL injection is not that common and does not cause much damage when launched against a website

45 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

20. Which of the following automated tools are used for SQLi attack ?

46 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

21. Database errors should:

47 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

22. An SQL injection is often used to attack what?

48 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

23. What types of attack can not be occur using SQL injection?

49 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

24. Which type of sql injection is this: http : // example.com / index . php ? id = 1 ' and 0 union select 1,2,3-- -

50 / 100

Category: SQL Injection -01 (Introduction & Basic SQLi)

25. How can we prevent SQL Injection? (Choose all applicable answers)

51 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

1. Which of the following script is example of SQL injection attack?

52 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

2. Select the firewall bypass method during sql injection in MySQL : (Choose all applicable answers)

53 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

3. Which of the following code can enable xp_cmdshell?

54 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

4. Input validation is used to prevent which of the following?

55 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

5. Which of the following challenges can be solved by firewalls?

56 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

6. Databases can be a victim of code exploits depending on which of the following?

57 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

7. In addition to relational databases, there is also what kind of database?

58 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

8. Which of the following is a scripting language?

59 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

9. __________ is used to audit databases.

60 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

10. Browsers do not display __________.

61 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

11. Proper input validation can prevent what from occurring?

62 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

12. __________ can be used to attack databases.

63 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

13. Which command can be used to access the command prompt in SQL Server?

64 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

14. Which command is used to query data in SQL Server?

65 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

15. Which statement is used to limit data in SQL Server?

66 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

16. Which command is used to remove a table from a database?

67 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

17. SQL injection attacks are aimed at which of the following?

68 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

18. Which of the following is another name for a record in a database?

69 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

19. What type of database has its information spread across many disparate systems?

70 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

20. What type of database uses multiple tables linked together in complex relationships?

71 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

21. A blind SQL injection attack is used when which of the following is true?

72 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

22. Which of the following command is used to detect waf?(Choose all applicable answers)

73 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

23. “%55nion %53eLEct” is a waf bypass technique:

74 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

24. What is the importance of bypass waf during sql injection?

75 / 100

Category: SQL Injection 02 (Firewall & Firewall Bypassing Techniques)

25. Xpath injection is a technique of bypass waf:

76 / 100

Category: SQL Injection -03 (Getting Administrative Access)

1. What is SQL stand for?

77 / 100

Category: SQL Injection -03 (Getting Administrative Access)

2. Which string is appropriate to bypass an admin panel?

78 / 100

Category: SQL Injection -03 (Getting Administrative Access)

3. What types of data generally we needed to enter into a panel?(Choose all applicable answers)

79 / 100

Category: SQL Injection -03 (Getting Administrative Access)

4. Which is the possible table name of administrator credentials?

80 / 100

Category: SQL Injection -03 (Getting Administrative Access)

5. If there are 4 tables in a website, which would be the appropriate query to find the vulnerable column? Vulnerable parameter is: http://vulnerable.com/vul.php?id=1

81 / 100

Category: SQL Injection -03 (Getting Administrative Access)

6. There are 7 tables in a website, the name of the table that contains administrator credentials named administrator. If we want to extract all username of all admin, what would be the appropriate query?(Choose all applicable answers)
Vulnerable parameter is: http://test.com/test.php?nid=3 and only vulnerable column is 6.

82 / 100

Category: SQL Injection -03 (Getting Administrative Access)

7. Which are the SQL Injection Authentication Bypass Cheat Sheet?(Choose all applicable answers)

83 / 100

Category: SQL Injection -03 (Getting Administrative Access)

8. Which one is a hash cracking tool?

84 / 100

Category: SQL Injection -03 (Getting Administrative Access)

9. Hash decryption is not possible in reverse technique.

85 / 100

Category: SQL Injection -03 (Getting Administrative Access)

10. Which one is a type of hash?

86 / 100

Category: SQL Injection -03 (Getting Administrative Access)

11. Which is an md5 hash value?

87 / 100

Category: SQL Injection -03 (Getting Administrative Access)

12. How to find an administrator panel page?

88 / 100

Category: SQL Injection -03 (Getting Administrative Access)

13. Which one is a directory listing tool of web application?(Choose all applicable answers)

89 / 100

Category: SQL Injection -03 (Getting Administrative Access)

14. Select the correct option of online password hash cracking service:

90 / 100

Category: SQL Injection -03 (Getting Administrative Access)

15. Salted hash is more secure than sha256.

91 / 100

Category: SQL Injection -03 (Getting Administrative Access)

16. We can find admin panel from: (Choose all applicable answers)

92 / 100

Category: SQL Injection -03 (Getting Administrative Access)

17. By which technique we can find administrator panel?

93 / 100

Category: SQL Injection -03 (Getting Administrative Access)

18. There may some differences of privileges between “admin” and “superadmin”.

94 / 100

Category: SQL Injection -03 (Getting Administrative Access)

19. What is the appropriate term of using “group_concat” function?

95 / 100

Category: SQL Injection -03 (Getting Administrative Access)

20. Which database shows this type of error -> “Msg 105, Level 15, State 1, Line 1 Unclosed quotation mark after the character string ''.?

96 / 100

Category: SQL Injection -03 (Getting Administrative Access)

21. Which one is a mysql error message?

97 / 100

Category: SQL Injection -03 (Getting Administrative Access)

22. Password could be found in the database as both “Plain Text” and as “hash”.

98 / 100

Category: SQL Injection -03 (Getting Administrative Access)

23. Choose the correct query

99 / 100

Category: SQL Injection -03 (Getting Administrative Access)

24. Find a proper injection for SELECT user,pass FROM tbl_users WHERE user="$username" AND pass="$passwrd";

100 / 100

Category: SQL Injection -03 (Getting Administrative Access)

25. How do prepared statements sent user data to the database server?

0%