CompTIA Mastery Course

Question 1

Cross-site request forgery (CSRF)

Answer 1

Cross-Site Request Forgery (CSRF) is an attack that tricks a user’s browser into performing unwanted actions on a trusted web application where the user is authenticated, without their consent. It exploits the trust that a site has in the user’s browser.

Question 2

Cross-site scripting (XSS)

Answer 2

the attacker executes a malicious script on the victim’s browser after the victim accesses a compromised web application.

Question 3

Is Prowler open source?

Answer 3

Yes

Question 4

What benchmarks does Prowler use?

Answer 4

CIS

Question 5

Prowler is an audit for?

Answer 5

AWS

Question 6

What can Prowler do?

Answer 6

it can detect misconfigurations and security issues

Question 7

Is Arachni open source?

Answer 7

Yes

Question 8

What is Arachni?

Answer 8

is a web application security scanner

Question 9

What is the dispatcher tab in Arachni for?

Answer 9

dispatcher tab is for remote agents to provide a list of instances to perform scans

Question 10

What does the input section in Arachni show?

Answer 10

input section show the web input field with an id or user name entry for XSS

Question 11

What is the profiles section in Arachni for?

Answer 11

profiles section provides a way to manage different scans. They can be personal profiles, shared profiles, and global profiles.

Question 12

Is Arachni command line?

Answer 12

Yes

Question 13

What does Nikto do?

Answer 13

web application scanner

Question 14

Is Nikto command line?

Answer 14

Yes

Question 15

What does Nikto discover?

Answer 15

discovers the type of HTTP server and web applications running on a host.

Question 16

Is ScoutSuite open source?

Answer 16

Yes

Question 17

What does ScoutSuite do?

Answer 17

it is a security auditing tool to assess cloud infractructure security

Question 18

What is the EC2 dashboard in AWS?

Answer 18

EC2 dashboard is where you find compute instances

Question 19

What does ZAP do?

Answer 19

attack websites

Question 20

Is ZAP command line?

Answer 20

No

Question 21

Is ZAP open source?

Answer 21

Yes

Question 22

What does ZAP have preconfigured?

Answer 22

a preconfigured browser for testing

Question 23

Is recon-ng opensource?

Answer 23

Yes

Question 24

What does recon-ng do?

Answer 24

is a reconnaissance framework tool to map an organization’s network

Question 25

Is recon-ng command line?

Answer 25

Yes

Question 26

What is the aquired data in recon-ng?

Answer 26

Acquired data would include IP addresses, subdomains, software versions, and many other attributes.

Question 27

Is Pacu open source?

Answer 27

Yes

Question 28

What is PACU for?

Answer 28

AWS pent testing tool

Question 29

Is PACU command line?

Answer 29

Yes

Question 30

What does a module in PACU look like?

Answer 30

iam__enum_permissions module

Question 31

How does PACU work?

Answer 31

It has modules that can exploit application programming interfaces (APIs) and virtual machine (VM) instances.

Question 32

What does the intruder section in Burp Suite do?

Answer 32

intruder section is a tool for automating attacks against web application

Question 33

What does the repeater section in Burp Suite do?

Answer 33

repeater section is a tab that can send a series of HTTP requests

Question 34

What does the target section in Burp Suite do?

Answer 34

target section records recent target URL information and gathered content

Question 35

What does the extender section in Burp suite do?

Answer 35

extender section allows administrators to add thrid-party exterders

Question 36

What does Burp Suite do?

Answer 36

analyzes and exploits web applications