SEC 1: SEC 2: |. Compare between HTML Injection and XSS? & Daffodil International University Department of Software Engineering Faculty of Science & Information Technology Final Examination, Fall-2021 Course Code: C8334, Course Title: Ethical Hacking and Countermeasures with Lab Level: 3 Term: 3 Section: A Course Instructor: SB Date: Thursday 23 December, 2021 Time: 12:30pm-2:30pm ‘Two hour (2:00) assessment; Total Marks: 40 Illustrate Xmas Scan and how does it work? (1+3)=4 [CLO2, Level 3] Define reconnaissance and why it’s important in hacking? (4) [CLO4, Level 3] ‘Show how does (intitle:"Index of" | intitle:"Directory Listing For") AND site:example.com dorking will. Work. (2) (CLO3, Level 1} Define DNS zone transfer, and classify the types of DNS zone transfer. (1+3)=4 [CLOI, Level 4] ‘As a hacker sometimes you may need to do firewall bypass. Explain a method which you can use ‘to bypass firewall using nmap. (4) [CLO2, Level 2] Define broken authentication, and show how you can exploit this vulnerability after proper identification. (2+4}=6 [CLO3, Level 1] We bypass admin panel using conditional query string, note a query and explain how it works? (2+4)=6 [CLO2, Level 2] Explain client and server side vulnerability (3 differences), now create a list of 3 server side and 3 client side vulnerability. (3+3)=6 [CLO2, Level 5] (4) (CLO2, Level 5]