 |
 |
|
|
How is sniffing broadly categorized?
Active and passive
Broadcast and unicast
Unmanaged and managed
Filtered and unfiltered
SHOW ANSWERTo send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?
Recipient's private key
Recipient's public key
Master encryption key
Sender's public key
SHOW ANSWERShellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?
Windows
Unix
Linux
OS X
SHOW ANSWERThe Open Web Application Security Project (OWASP) testing methodology addresses the need to secure web applications by providing which one of the following services?
An extensible security framework named COBIT
A list of flaws and how to fix them
Web application patches
A security certification for hardened web applications
SHOW ANSWEREmail is transmitted across the Internet using the Simple Mail Transport Protocol. SMTP does not encrypt email, leaving the information in the message vulnerable to being read by an unauthorized person. SMTP can upgrade a connection between two mail servers to use TLS. Email transmitted by SMTP over TLS is encrypted. What is the name of the command used by SMTP to transmit email over TLS?
OPPORTUNISTICTLS STARTTLS
FORCETLS
UPGRADETLS
SHOW ANSWERWhich of the below hashing functions are not recommended for use?
SHA-1.ECC
MD5, SHA-1
SHA-2. SHA-3
MD5. SHA-5
SHOW ANSWERWhich solution can be used to emulate computer services, such as mail and ftp, and to capture information related to logins or actions?
Firewall
Honeypot
Core server
Layer 4 switch
SHOW ANSWERAn IT employee got a call from one of our best customers. The caller wanted to know about the company's network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?
Since the company's policy is all about Customer Service, he/she will provide information.
Disregarding the call, the employee should hang up.
The employee should not provide any information without previous management authorization.
he employees can not provide any information; but, anyway, he/she will provide the name of the person in charge.
SHOW ANSWERWhich of the following items is unique to the N-tier architecture method of designing software applications?
Application layers can be separated, allowing each layer to be upgraded independently from other layers.
It is compatible with various databases including Access, Oracle, and SQL.
Data security is tied into each layer and must be updated for all layers when any upgrade is performed.
Application layers can be written in C, ASP.NET, or Delphi without any performance loss.
SHOW ANSWERThis TCP flag instructs the sending system to transmit all buffered data immediately
SYN
RST
PSH
URG
FIN
SHOW ANSWERIdentify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?
123
161
69
113
SHOW ANSWERA large mobile telephony and data network operator has a data that houses network elements. These are essentially large computers running on Linux. The perimeter of the data center is secured with firewalls and IPS systems. What is the best security policy concerning this setup?
Network elements must be hardened with user ids and strong passwords. Regular security tests and audits should be performed.
As long as the physical access to the network elements is restricted, there is no need for additional measures.
There is no need for specific security measures on the network elements as long as firewalls and IPS systems exist.
The operator knows that attacks and down time are inevitable and should have a backup site.
SHOW ANSWERWhich of the following attacks exploits web age vulnerabilities that allow an attacker to force an unsuspecting user's browser to send malicious requests they did not intend?
Command Injection Attacks
File Injection Attack
Cross-Site Request Forgery (CSRF)
Hidden Field Manipulation Attack
SHOW ANSWERThe company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?
The document can be sent to the accountant using an exclusive USB for that document.
The CFO can use a hash algorithm in the document once he approved the financial statements.
The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.
The CFO can use an excel file with a password.
SHOW ANSWER
