Question 1

Which JavaScript function is a &#34;method&#34; or sequence of statements that perform a routine or task?&#10;A) getElementById()&#10;B) document.write()&#10;C) CFLOCATION()&#10;D)

Accepted Answer

getElementById() is a method that returns the element with the specified ID.

Question 2

Web applications written in CFML can also contain other client-side technologies,such as HTML and JavaScript.

Accepted Answer

CFML web applications can include other client-side technologies such as HTML and JavaScript to enhance the user interface and functionality.

Question 3

OLE DB relies on connection strings that enable the application to access the data stored on an external device.

Accepted Answer

This statement is true. """
OLE DB relies on connection strings that enable the application to access the data stored on an external device."""

Question 4

Adobe System's ColdFusion uses its proprietary tags,which are written in which of the following languages?&#10;A) XML&#10;B) DHTML&#10;C) PHP&#10;D) CFML

Accepted Answer

Adobe System's ColdFusion uses its proprietary tags, which are written in CFML (ColdFusion Markup Language), not XML, DHTML, or PHP. CFML is a scripting language used for rapid web application development.

Question 5

CGI programs can be written in many different programming and scripting languages,such as C/C++,Perl,UNIX shells,Visual Basic,and FORTRAN.

Accepted Answer

CGI programs can indeed be written in various programming and scripting languages, including C/C++, Perl, UNIX shells, Visual Basic, and FORTRAN.

Question 6

Visual Basic Script (VBScript)is a scripting language developed by which of the following companies?&#10;A) Sun Microsystems&#10;B) Symantec&#10;C) Macromedia&#10;D) Microsoft

Accepted Answer

VBScript was developed by Microsoft as a scripting language for Microsoft Windows. It is commonly used for programming web applications and is similar to JavaScript in syntax and functionality.

Question 7

Which of the following interfaces,developed by Microsoft,is a set of interfaces that enable applications to access data stored in a database management system (DBMS)?&#10;A) OLE DB&#10;B) ODBC&#10;C) ADO&#10;D) JDBC

Accepted Answer

OLE DB (Object Linking and Embedding Database) is a set of interfaces that allows applications to access data stored in a variety of relational, object-oriented, and non-relational databases. ODBC (Open Database Connectivity) is a similar interface, but is not exclusive to Microsoft and is designed to be platform-independent. ADO (ActiveX Data Objects) is an object-oriented interface that builds on top of OLE DB and is optimized for working with SQL Server databases on Windows platforms. JDBC (Java Database Connectivity) is a Java API for connecting to relational databases.

Question 8

To check whether a CGI program works,you can test the URL in your Web browser.Which of the following directories should you save the program to on your Web server before you check the URL in your Web browser?

A) bin
B) cgi-bin
C) cgi
D) scripts

Accepted Answer

The CGI program should be saved in the cgi-bin directory on your Web server. This is because the cgi-bin directory is specifically designated for CGI scripts to be executed by the server. The other directories listed (bin, cgi, and scripts) are not typically used for CGI scripts and may not be configured to properly execute them.

Question 9

Which of the following interfaces is a standard database access method,developed by SQL Access Group,that allows an application to access data stored in a database management system (DBMS)?&#10;A) OLE DB&#10;B) ODBC&#10;C) ADO&#10;D) JDBC

Accepted Answer

ODBC (Open Database Connectivity) is a standard database access method for accessing data stored in a DBMS. It was developed by SQL Access Group and provides a standard API for accessing relational database management systems (RDBMS). OLE DB is a Microsoft technology for data access and ADO (ActiveX Data Objects) is a Microsoft technology for accessing data from multiple sources, including databases. JDBC (Java Database Connectivity) is a Java API for connecting to a database.

Question 10

Which of the following is an alternative term used when referring to Application Security?&#10;A) SecAPP&#10;B) Apps&#10;C) AppSec&#10;D) SQLSec

Accepted Answer

AppSec is the commonly used alternative term for Application Security. The other options (A, B, D) are not widely used or recognized in the industry.

Question 11

Which of the following cross-site scripting vulnerabilities types relies on social engineering to trick a user into visiting a maliciously crafted link or URL?&#10;A) reflected&#10;B) injected&#10;C) unvalidated&#10;D) Stored

Accepted Answer

The answer of Which of the following cross-site scripting vulnerabilities...

Question 12

JavaScript is a server-side scripting language that is embedded in an HTML Web page.

Accepted Answer

The answer of JavaScript is a server-side scripting language that...

Question 13

Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications,such as Word or Excel,to interact with the Web?&#10;A) ADOSQL&#10;B) ADO&#10;C) SQL&#10;D) SNAOLEDB

Accepted Answer

The answer of Which of the following is a programming...

Question 14

Which of the following is the interface that determines how a Web server passes data to a Web browser?&#10;A) Perl&#10;B) ASP&#10;C) CGI&#10;D) PHP

Accepted Answer

The answer of Which of the following is the interface...

Question 15

A user can view the source code of a PHP file by using their Web browser's tools.

Accepted Answer

The answer of A user can view the source code...

Question 16

Which of the following programming languages was originally used primarily on UNIX systems,but is used more widely now on many platforms,such as Macintosh and Windows?&#10;A) HTML&#10;B) JScript&#10;C) VBScript&#10;D) PHP

Accepted Answer

The answer of Which of the following programming languages was...

Question 17

Connecting to an MS SQL Server database with Microsoft's Object Linking and Embedding Database (OLE DB)requires using which of the following providers?&#10;A) ADSDSOOBJECT&#10;B) MySQLProv&#10;C) SQLOLEDB&#10;D) SNAOLEDB

Accepted Answer

The answer of Connecting to an MS SQL Server database...

Question 18

Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?&#10;A) CVE Web site&#10;B) CERT&#10;C) Microsoft Security Bulletin&#10;D) Macromedia security

Accepted Answer

The answer of Which of the following resources is an...

Question 19

Which of the following does Object Linking and Embedding Database (OLE DB)rely on that allows an application to access data stored on an external device?&#10;A) connection strings&#10;B) program strings&#10;C) SQL strings&#10;D) string interfaces

Accepted Answer

The answer of Which of the following does Object Linking...

Question 20

Which specific type of tag do All CFML tags begin with?&#10;A) #&#10;B) CF&#10;C) CFML&#10;D) %

Accepted Answer

The answer of Which specific type of tag do All...

Question 21

Why should security professionals have at least a little knowledge about the Apache Web Server?

Accepted Answer

The answer of Why should security professionals have at least...

Question 22

What is ColdFusion and which company owns the rights to ColdFusion?

Accepted Answer

The answer of What is ColdFusion and which company owns...

Question 23

What is the specific act of filtering,rejecting,or sanitizing a user's untrusted input before the application processes it?&#10;A) input validation&#10;B) authorization&#10;C) input auditing&#10;D) discovery

Accepted Answer

The answer of What is the specific act of filtering,rejecting,or...

Question 24

What is ODBC,and how can it be utilized?

Accepted Answer

The answer of What is ODBC,and how can it be...

Question 25

Which of the following cross-site scripting vulnerabilities types is especially harmful because it can be delivered to subsequent users of the application?&#10;A) reflected&#10;B) injected&#10;C) unvalidated&#10;D) Stored

Accepted Answer

The answer of Which of the following cross-site scripting vulnerabilities...

Question 26

What is VBScript,and how can it be utilized?

Accepted Answer

The answer of What is VBScript,and how can it be...

Question 27

What type of useful tools can a security tester find available in both Firefox and Chrome Web browsers?&#10;A) security tools&#10;B) scan tools&#10;C) developer tools&#10;D) SQL tools

Accepted Answer

The answer of What type of useful tools can a...

Question 28

What is the main difference between HTML pages and Active Server Pages (ASP)?

Accepted Answer

The answer of What is the main difference between HTML...

Question 29

Which type of vulnerabilities can result from a server accepting untrusted,unvalidated input?&#10;A) redirection&#10;B) spoofing&#10;C) injection&#10;D) insertion

Accepted Answer

The answer of Which type of vulnerabilities can result from...

Question 30

As a security professional,what should you do after identifying that a Web server you are testing is using PHP?

Accepted Answer

The answer of As a security professional,what should you do...

Question 31

What is the specific act of checking a user's privileges to understand if they should or should not have access to a page,field,resource,or action in an application?&#10;A) authentication&#10;B) authorization&#10;C) auditing&#10;D) discovery

Accepted Answer

The answer of What is the specific act of checking...

Question 32

What is ActiveX Data Objects (ADO),and name an application that uses ADO to interact with the Web?

Accepted Answer

The answer of What is ActiveX Data Objects (ADO),and name...

Question 33

Which of the following application tests analyzes an application's source code for vulnerabilities,and is therefore only possible when the source code of an application is available?&#10;A) Static Application Security Testing&#10;B) Fast Application Security Testing&#10;C) Dynamic Application Security Testing&#10;D) Executable Application Security Testing

Accepted Answer

The answer of Which of the following application tests analyzes...

Question 34

Dynamic Web pages need special components for displaying information that changes depending on user input or information obtained from a back-end server.What kind of components can Web pages use to achieve this?

Accepted Answer

The answer of Dynamic Web pages need special components for...

Question 35

Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?&#10;A) error handling&#10;B) delay logic&#10;C) client flow&#10;D) business logic

Accepted Answer

The answer of Which of the following refers to the...

Question 36

Which of the following results from poorly configured technologies that a Web application runs on top of?&#10;A) reflected corruption&#10;B) stored misconfigurations&#10;C) reflected misconfigurations&#10;D) security misconfigurations

Accepted Answer

The answer of Which of the following results from poorly...

Question 37

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 38

What is OWASP?

Accepted Answer

The answer of What is OWASP?...

Question 39

What features does the current version of Wfetch offer?

Accepted Answer

The answer of What features does the current version of...

Question 40

Which of the following application tests analyzes a running application for vulnerabilities?&#10;A) Static Application Security Testing&#10;B) Fast Application Security Testing&#10;C) Dynamic Application Security Testing&#10;D) Executable Application Security Testing

Accepted Answer

The answer of Which of the following application tests analyzes...

Question 41

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Standard database access method developed by the SQL Access Group and allows interoperability between back-end DBMSs

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 42

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 43

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 44

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 45

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Standard database access method developed by the SQL Access Group and allows interoperability between back-end DBMSs

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 46

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The attacker supplies SQL commands when prompted to fill in a Web application field

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 47

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
The interface that determines how a Web server passes data to a Web browser

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 48

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Open-source server-side scripting language that runs on a server and enables Web developers to create dynamic Web pages

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Question 49

Match each item with a statement below.a.ASP
b.SQLi
c.ODBC
d.PHP
e.CGI
f.virtual directory
g.DAST
h.dynamic Web pages
i.static Web pages
j.SAST
Standard database access method developed by the SQL Access Group and allows interoperability between back-end DBMSs

Accepted Answer

The answer of Match each item with a statement below.a.ASP&#10;b.SQLi&#10;c.ODBC&#10;d.PHP&#10;e.CGI&#10;f.virtual...

Deck 10: Hacking Web Servers