 |
 |
|
|
A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?
IP Security (IPSEC)
Pretty Good Privacy (PGP)
Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)
SHOW ANSWERMX record priority increases as the number increases. (True/False.)
True
False
SHOW ANSWERWhich of the following is a low-tech way of gaining unauthorized access to systems?
Social Engineering
Sniffing
Eavesdropping
Scanning
SHOW ANSWERBob is acknowledged as a hacker of repute and is popular among visitors of "underground" sites. Bob is willing to share his knowledge with those who are willing to learn, and many have expressed their interest in learning from him. However, this knowledge has a risk associated with it, as it can be used for malevolent attacks as well. In this context, what would be the most effective method to bridge the knowledge gap between the "black" hats or crackers and the "white" hats or computer security professionals? (Choose the test answer.)
Educate everyone with books, articles and training on risk analysis, vulnerabilities and safeguards.
Hire more computer security monitoring personnel to monitor computer systems and networks.
Make obtaining either a computer security certification or accreditation easier to achieve so more individuals feel that they are a part of something larger than life.
Train more National Guard and reservist in the art of computer security to help out in times of emergency or crises
SHOW ANSWERWhat statement is true regarding LM hashes?
LM hashes consist in 48 hexadecimal characters.
LM hashes are based on AES128 cryptographic standard.
Uppercase characters in the password are converted to lowercase.
LM hashes are not generated when the password length exceeds 15 characters.
SHOW ANSWERWhat information should an IT system analysis provide to the risk assessor?
Management buy-in
Threat statement
Security architecture
Impact analysis
SHOW ANSWERAn attacker has captured a target file that is encrypted with public key cryptography. Which of the attacks below is likely to be used to crack the target file?
Timing attack
Replay attack
Memory trade-off attack
Chosen plain-text attack
SHOW ANSWERInternational Organization for Standardization (ISO) standard 27002 provides guidance for compliance by outlining
guidelines and practices for security controls.
financial soundness and business viability metrics.
standard best practice for configuration management.
contract agreement writing standards.
SHOW ANSWERWhich of the following is the primary objective of a rootkit?
It opens a port to provide an unauthorized service
It creates a buffer overflow
It replaces legitimate programs
It provides an undocumented opening in a program
SHOW ANSWERThe "gray box testing" methodology enforces what kind of restriction?
The internal operation of a system is only partly accessible to the tester.
The internal operation of a system is completely known to the tester.
Only the external operation of a system is accessible to the tester.
Only the internal operation of a system is known to the tester
SHOW ANSWERAn attacker changes the profile information of a particular user (victim) on the target website. The attacker uses this string to update the victim's profile to a text file and then submit the data to the attacker's database. < iframe src="http://www.vulnweb.com/updateif.php" style="display:none"> What is this type of attack (that can use either HTTP GET or HTTP POST) called?
Cross-Site Request Forgery
Cross-Site Scripting
SQL Injection
Which of the following tools are used for enumeration? (Choose three.)
SolarWinds
USER2SID
Cheops
SID2USER
DumpSec
SHOW ANSWERA pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?
Issue the pivot exploit and set the meterpreter.
Reconfigure the network settings in the meterpreter.
Set the payload to propagate through the meterpreter.
Create a route statement in the meterpreter.
SHOW ANSWERWhich of the following describes the characteristics of a Boot Sector Virus?
Moves the MBR to another location on the RAM and copies itself to the original location of the MBR
Modifies directory table entries so that directory entries point to the virus code instead of the actual program
Overwrites the original MBR and only executes the new virus code
SHOW ANSWER
