 |
 |
|
|
A company's Web development team has become aware of a certain type of security vulnerability in their Web software. To mitigate the possibility of this vulnerability being exploited, the team wants to modify the software requirements to disallow users from entering HTML as input into their Web application. What kind of Web application vulnerability likely exists in their software?
Cross-site scripting vulnerability
Cross-site Request Forgery vulnerability
SQL injection vulnerability
Web site defacement vulnerability
SHOW ANSWERWhich of the following defines the role of a root Certificate Authority (CA) in a Public Key Infrastructure (PKI)?
The root CA is the recovery agent used to encrypt data when a user's certificate is lost.
The root CA stores the user's hash value for safekeeping.
The CA is the trusted root that issues certificates.
The root CA is used to encrypt email messages to prevent unintended disclosure of data.
SHOW ANSWERWhich service in a PKI will vouch for the identity of an individual or company?
KDC
CA
CR
CBC
SHOW ANSWERIt is a vulnerability in GNU's bash shell, discovered in September of 2014, that gives attackers access to run remote commands on a vulnerable system. The malicious software can take control of an infected machine, launch denial-of-service attacks to disrupt websites, and scan for other vulnerable devices (including routers). Which of the following vulnerabilities is being described?
Shellshock
Rootshock
Rootshell
Shellbash
SHOW ANSWERWhat is the term coined for logging, recording and resolving events in a company?
Internal Procedure
Security Policy
Incident Management Process
Metrics
SHOW ANSWERWindows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?
Cross-site scripting
SQL injection
Missing patches
CRLF injection
SHOW ANSWERPassword cracking programs reverse the hashing process to recover passwords. (True/False.)
True
False
SHOW ANSWERWhat does a firewall check to prevent particular ports and applications from getting packets into an organization?
Transport layer port numbers and application layer headers
Presentation layer headers and the session layer port numbers
Network layer headers and the session layer port numbers
Application layer port numbers and the transport layer headers
SHOW ANSWER_________ is a tool that can hide processes from the process list, can hide files, registry entries, and intercept keystrokes
Trojan
RootKit
DoS tool
Scanner
Backdoor
SHOW ANSWERWhich of the following is a client-server tool utilized to evade firewall inspection?
tcp-over-dns
kismet
nikto
hping
SHOW ANSWERWhich of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?
Microsoft Security Baseline Analyzer
Retina
Core Impact
Microsoft Baseline Security Analyzer
SHOW ANSWERWhich set of access control solutions implements two-factor authentication?
USB token and PIN
Fingerprint scanner and retina scanner
Password and PIN
Account and password
SHOW ANSWERAn attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?
The sequence does not matter. Both steps have to be performed against all hosts.
First the port scan to identify interesting services and then the ping sweep to find hosts responding to icmp echo requests.
First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he saves time.
The port scan alone is adequate. This way he saves time.
SHOW ANSWERWhich type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
Detective
Passive
Intuitive
Reactive
SHOW ANSWER
