Cyber Security Ethical Hacking and Penetration Testing 2

Question 1

What is SQL injection?

Accepted Answer

Injecting malicious SQL code into input fields to manipulate database queries

Answer

Uploading malicious SQL files to a server

Answer

Cracking database passwords via brute force

Answer

Sniffing SQL traffic on the network

Question 2

What is cross-site scripting (XSS)?

Accepted Answer

Injecting malicious scripts into web pages viewed by other users

Answer

Injecting SQL into web forms

Answer

Forging cross-domain HTTP requests

Answer

Exploiting server-side script execution

Question 3

What does a CVE (Common Vulnerabilities and Exposures) number identify?

Accepted Answer

A publicly known cybersecurity vulnerability with a unique identifier

Answer

A classification of malware families

Answer

A standard for encrypting network traffic

Answer

An authorization level for penetration testers

Question 4

Which Metasploit module type is used to take advantage of a vulnerability to gain access to a target?

Accepted Answer

Exploit

Answer

Auxiliary

Answer

Post

Answer

Encoder

Question 5

What is the purpose of a payload in exploitation?

Accepted Answer

Execute code on the target after a vulnerability is exploited

Answer

Identify open ports on a target

Answer

Encrypt the communication channel

Answer

Generate a vulnerability report

Question 6

What technique does a pentester use to move from one compromised system to other systems on the same network?

Accepted Answer

Lateral movement

Answer

Privilege escalation

Answer

Data exfiltration

Answer

Persistence