Question 151
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of
www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully
logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PGIAC script.
Which of the following suggestions can John give to improve the security of the we-are-secure Website login page
from the SQL injection attack?
Question 152
John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network.
The company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks can be prevented by dropping the user-defined URLs?
Question 153
You work as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network.
You are working as a root user on the Linux operating system. Your company is facing an IP spoofing attack.
Which of the following tools will you use to get an alert saying that an upcoming IP packet is being spoofed?
Question 154
Which of the following are the rules by which an organization operates?
Question 155
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?
