54444. lab 5, 6,7

5(A))L

Lab Assessment Questions & Answers

  1. Why is it critical to perform a penetration test on a web application and a web server prior to production implementation?
  2. What is a cross-site scripting attack? Explain in your own words.
  3. What is a reflective cross-site scripting attack?
  4. Based on the tests you performed in this lab, which web application attack is more likely to extract privacy data elements out of a database?
  5. If you can monitor when SQL injections are performed on an SQL database, what would you recommend as a security countermeasure to monitor your production SQL databases?
  6. Given that Apache and Internet Information Services (IIS) are the two most popular web application servers for Linux and Microsoft® Windows platforms, what would you do to identify known software vulnerabilities and exploits?
  7. What can you do to ensure that your organization incorporates penetration testing and

page1image7851008page1image7851200

web application testing as part of its implementation procedures?

8. What is the purpose of setting the DVWA security level to low before beginning the remaining lab steps?

6(B))

Lab Assessment Questions & Answers

  1. Whyisitrecommendedtoupdatetheantivirussoftware┬ĺssignaturedatabasebefore performing an antivirus scan on your computer?
  2. Whataretypicalindicatorsthatyourcomputersystemiscompromised?
  3. WheredoesAVGAntiVirusBusinessEditionplaceviruses,Trojans,worms,and other malicious software when it finds them?
  4. Whatotherviruses,Trojans,worms,ormalicioussoftwarewereidentifiedand quarantined by AVG within the Virus Vault?
  5. WhatisthedifferencebetweenthecompletescanandtheResidentShield?

page1image8230144page1image8235520

7(c))

Lab Assessment Questions & Answers

  1. BothWiresharkandNetWitnessInvestigatorcanbeusedforpacketcapturesand analysis. Which tool is preferred for each task, and why?
  2. WhatisthesignificanceoftheTCPthree-wayhandshakeforapplicationsthat utilize TCP as transport protocol?
  3. HowmanydifferentsourceIPhostaddressesdidyoucaptureinyourprotocol captures?
  4. HowmanydifferentprotocolsdidyourWiresharkcapturesessionhave?What function in Wireshark provides you with a breakdown of the different protocol types on the LAN segment?
  5. HowcanyoufindWiresharknetworktrafficpacketsizecounts?Howandwhere? Are you able to distinguish how many of each packet size was transmitted on your LAN segment? Why is this important to know?

page1image7554176page1image7554368

  1. Whyisitimportanttouseprotocolcapturetoolsandprotocolanalyzersasan information systems security professional?
  2. Whataresomechallengestobaselineanalysis?
  3. Whywouldaninformationsystemssecuritypractitionerwanttoseenetworktraffic on both internal and external network traffic?
  4. WhichtransactionsinthelabusedTCPasatransportprotocol?Whichused UDP? Which ports were used in the lab?

54444. lab 5, 6,7

We offer the best custom writing paper services. We have answered this question before and we can also do it for you.

GET STARTED TODAY AND GET A 20% DISCOUNT coupon code DISC20

Leave a Comment