← Back to exam page

SEC504 Hacker Tools, Techniques, Exploits and Incident Handling

Loading demo links...

Showing 1–3 of 15 questions

Question 1 (Volume C)

Which of the following languages are vulnerable to a buffer overflow attack?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • Java

  • C++

  • C

  • Action script
Question 2 (Volume C)

Which of the following are the limitations for the cross site request forgery (CSRF) attack?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • The attacker must determine the right values for all the form inputs.

  • The attacker must target a site that doesn't check the referrer header.

  • The target site should have limited lifetime authentication cookies.

  • The target site should authenticate in GET and POST parameters, not only cookies.
Question 3 (Volume A)

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:

C:\whisker.pl -h target_IP_address

-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =

= Host: target_IP_address

= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1

mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22

+ 200 OK: HEAD /cgi-bin/printenv

John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?

Each correct answer represents a complete solution. Choose all that apply.

Select all that apply, then click Submit answer.

  • This vulnerability helps in a cross site scripting attack.

  • 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.

  • The countermeasure to 'printenv' vulnerability is to remove the CGI script.

  • With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.