Download CySA+ (CS0-003) Web Vulnerability Scanning Exercises and Questions and more Exams Computer Science in PDF only on Docsity!
25: APPLIED LAB: Performing Web Vulnerability Scanning
CySA+ (Exam CS0-003)
Congratulations, you passed! Duration: 1 hour, 10 minutes Use a script to confirm the existence of /root/nikto-scan.txt Select the Score button to validate this task. Path found ... checking contents Contents matched .. Task complete What are the web server type and the version number discovered by Nikto? (Select two) IIS nginx Apache 10.0. 2.4. 1.23. Congratulations, you have answered the question correctly. Which of the following issues were discovered on the targeted website by Nikto? (Select all that apply) uncommon header: x-content-security-policy anti-clickjacking X-Frame-Options header not present PHPSESSID creation without httponly flag robots.txt file contains entries that need to be reviewed Root page redirects to login.php OSVDB-3268 - Directory indexing found RFC-1918 IP addresses found in the 'location' header Configuration information may be available remotely OSVDB-630 - Web server may reveal its real IP address in headers Congratulations, you have answered the question correctly. Score: 1 Score: 1 Score: 1 Score: 1
Use a script to confirm the existence of /root/.wapiti/generated_report/ dvwa.structureality.com_*.html Select the Score button to validate this task. Path found ... checking contents Contents matched .. Task complete
Which of the following issues were discovered by the Wapiti scan? (Select all that Score: 1
apply) XSS vulnerability found CSP is not set X-Frame-Options is not set HTTP authentication is not available Strict-Transport-Security is not set SQL injection risk detected Secure flag is not set in the cookie Congratulations, you have answered the question correctly. Your company has a strict web policy that only TLSv1.2 and TLSv1.3 versions areto Score: 1 be enabled on websites. Does the www.515support.com website comply with this policy and why? Yes, only TLSv1.2 and TLSv.3 are enabled. No, SSLv3.0 is enabled. ¢ No. TLSv1.0 and TLSv1.1 are enabled. No, SSLv.30 is disabled. Congratulations, you have answered the question correctly.
The SSL Labs service ranks websites and assigns a grade or score. This grade is Score: 1
composed of results from four categories of tests. What are those test categories? Certificate Web server version Protocol Support Key Exchange Patch level Cipher Strength Congratulations, you have answered the question correctly. The Pentest Tool's Website Scanner report(Light) categorizes the findings of concern Score: 1 about the target website. Discovered issues may be categorized by which of the following labels? Critical High
Congratulations, you have answered the question correctly. You are the security manager for a website and have just received a report from a Score: 1 vulnerability scanner. You are required to adhere to best security practices and run only the most current versions of code, services, and products. Which of the following items need to be removed or disabled to comply? (Select all that apply) SSLv3. TLSv1. TLSv1. TLSv1. TLSv1. Congratulations, you have answered the question correctly. The output from a vulnerability scanner may include issues that do not need to be Score: 1 mitigated or resolved. What is the standard term used to reference these types of items? True Positive True Negative « False Positive False Negative Congratulations, you have answered the question correctly.
