What type of authentication uses physical characteristics to verify a user's identity?

Which type of authentication is quite common on the Internet and uses an electronic "credit card" that establishes user credentials?

Which tool captures the passwords that pass through a network adapter, displays them on the screen instantly, and is used to recover lost Web/FTP/e-mail passwords?

Which type of web-based attack uses the GET and POST functions of an HTML form?

Which type of authentication uses a one-way cryptographic function that is easily computed in one direction but computationally impossible to reverse?

Which of the following is a brute-force password cracker for Web-based e-mail addresses that comes with pseudo-POST support, meaning data is not URL encoded?

Which Microsoft-proprietary protocol authenticates users and computers based on an authentication challenge and response?

Which tool is an automated vulnerability scanning application that scans for the presence of exploitable files on remote Web servers?

Which technology allows programmers to uniformly develop applications to access many types of databases, specifically SQL?

Which of the following is a technique to increase web werver security?

Which type of attack is usually the result of bad programming practices?

Which of the following is a security weakness in a system that may be exploited by an attack?

Which set of HTTP extensions allows clients to search the content and properties of files?

Which of the following is a technology that allows retrieval of data from a remote database server, alteration of that data in some way, and the return of the altered data for further processing by the remote database server?

Which of the following is a technique that takes advantage of nonvalidated input vulnerabilities and allows attackers to inject database query commands through a Web application?

Where is the first port of call made once the Oracle database server has been traced?

Which of the following is a secure method of posting data to the database.

What do the majority of SQL injection attacks use to terminate a string?

Which method of hacking an SQL server uses tools such as SQLPing and AppDetective?

What type of error are attackers looking for when they fill in the username and password fields with a single quote to test for SQL injection vulnerabilities?

In an HTML form, what statement appends data in the URL field but allows attackers to see the parameters in the URL?

What can an attacker use to allow packets to slip by devices that only inspect packets rather than the entire session?

Which protocol should typically NOT be used to ensure confidentiality of data as it traverses a network?

Which attack method involves encoding portions of the attack with Unicode, UTF-8, or URL encoding?

Which tool combines Web crawling with the capability of a personal proxy?

Which Web application threat uses Web applications to send malicious JavaScript code to end users?

Which tool offers protection to the Web environment by blocking HTTP requests that match an attack pattern?

Which of the following is NOT one of the three-layered architectures in basic Web applications?

Which of the following is a programming language that permits Web site designers to run applications on the user's computer?

What should you look for in the Firefox browser in the bottom right corner of the window that indicates the web site is secure?

What tool automatically scans a computer, looking for cookies created by Internet Explorer, Mozilla Firefox, and Netscape Navigator, and then displays the data stored in each one?

In the Firefox browser, which tool allows cookies to be protected and includes a Remove All button that will delete only unprotected cookies?

Which protocol statement in a URL specifies that an email document should be retrieved?

In Internet Explorer, what warns the user about potential or known fraudulent Web sites, and blocks the sites if appropriate?

In Firefox, what option should you select to ensure that your personal information such as passwords and usernames are deleted?

In which form of TCP/IP hijacking can the hacker can reset the victim's connection if it uses an accurate acknowledgment number?

At what layer do routers allow the datagram to hop from the source to the destination, one hop at a time?

Which of the following is a best practice to try to prevent session hijacking?

Which of the following is a process that allows the sender to specify a specific route for an IP packet to take to the destination?

Which layer communicates with the physical hardware and is responsible for the delivery of signals from the source to the destination over a physical communication platform?