Pentest questions

What types of cross-site scripting are there?

Gibson

Reflected

Neglected

Persistent

Server-based

DOM-based

MOD-based

How can you prevent circumventing XSS?

Input validation

Output validation

Output encoding

Stop signs

Input encoding

Input data should be output directly

How can you avoid SQL injections?

Stored procedures

Prepared procedures

Stored statements

Prepared statements

Parameterization

Name three or more important points that describe a working buffer overflow exploit:

Identify the EIP offset

Pointer to 0xDEADBEEF

Identify the ESP address after the exploit

ASP to 0x00031337

Identify the ESP address during the exploit

Identify invalid characters

Use any bytecode

Use bytecode efficiently

Questions about information security

Why is information a valuable asset?

The General Data Protection Regulation (GDPR) obliges companies to protect their information.

Under collective bargaining agreements, companies are required to keep data confidential.

Information is the foundation of any company’s business activities and protecting it secures the potential success of a business.

What are the primary goals of information security? (multiple answers may be correct)

Confidentiality

Technical reliability

Compliance

Integrity

Availability

Indisputability

Accountability

Privacy

What is not a recognized information security standard? (multiple answers may be correct)

ISO/IEC 27001

DIN/ISO 27001

KRITIS

COBIT

KonTraG

IT-Grundschutz

IDW PS 340

NIST SP 800-53

Directive 2006/42/EC

What do the following people have in common: Alan Turing, Snow White, and Issac Newton?

Quince

Apple

Pear

Orange