Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A security engineer has been asked to deploy a secure remote access solution that will allow employees to connect to the company’s internal network. Which of the following can be implemented to minimize the opportunity for the man-in-the-middle attack to occur?

A.

SSL

B.

Mutual authentication

C.

IPSec

D.

Static IP addresses

Which of the following tools would be the best choice for achieving compliance with PCI Requirement 11?

A.

Truecrypt

B.

Sub7

C.

Nessus

D.

Clamwin

A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?

A.

Paros Proxy

B.

BBProxy

C.

BBCrack

D.

Blooover

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?

A.

Port scanning

B.

Banner grabbing

C.

Injecting arbitrary data

D.

Analyzing service response

When setting up a wireless network, an administrator enters a pre-shared key for security. Which of the following is true?

A.

The key entered is a symmetric key used to encrypt the wireless data.

B.

The key entered is a hash that is used to prove the integrity of the wireless data.

C.

The key entered is based on the Diffie-Hellman method.

D.

The key is an RSA key used to encrypt the wireless data.

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

A.

SDLC process

B.

Honey pot

C.

SQL injection

D.

Trap door

An NMAP scan of a server shows port 25 is open.  What risk could this pose?

A.

Open printer sharing

B.

Web portal data leak

C.

Clear text authentication

D.

Active mail relay

Which cipher encrypts the plain text digit (bit or byte) one by one?

A.

Classical cipher

B.

Block cipher

C.

Modern cipher

D.

Stream cipher

A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)

A.

ARP spoofing

B.

MAC duplication

C.

MAC flooding

D.

SYN flood

E.

Reverse smurf attack

F.

ARP broadcasting

What information should an IT system analysis provide to the risk assessor?

A.

Management buy-in

B.

Threat statement

C.

Security architecture

D.

Impact analysis

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

A.

Due to the key size, the time it will take to encrypt and decrypt the message hinders efficient communication.

B.

To get messaging programs to function with this algorithm requires complex configurations.

C.

It has been proven to be a weak cipher; therefore, should not be trusted to protect sensitive data.

D.

It is a symmetric key algorithm, meaning each recipient must receive the key through a different channel than the message.

An NMAP scan of a server shows port 69 is open. What risk could this pose?

A.

Unauthenticated access

B.

Weak SSL version

C.

Cleartext login

D.

Web portal data leak

A botnet can be managed through which of the following?

A.

IRC

B.

E-Mail

C.

Linkedin and Facebook

D.

A vulnerable FTP server

Which system consists of a publicly available set of databases that contain domain name registration contact information?

A.

WHOIS

B.

IANA 

C.

CAPTCHA

D.

IETF

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

A.

Input validation flaw

B.

HTTP header injection vulnerability

C.

0-day vulnerability

D.

Time-to-check to time-to-use flaw

Which set of access control solutions implements two-factor authentication?

A.

USB token and PIN

B.

Fingerprint scanner and retina scanner

C.

Password and PIN

D.

Account and password

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

A.

The web application does not have the secure flag set.

B.

The session cookies do not have the HttpOnly flag set.

C.

The victim user should not have an endpoint security solution.

D.

The victim's browser must have ActiveX technology enabled.

Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP?

A.

Metasploit scripting engine

B.

Nessus scripting engine

C.

NMAP scripting engine

D.

SAINT scripting engine

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

A.

RSA 1024 bit strength

B.

AES 1024 bit strength

C.

RSA 512 bit strength

D.

AES 512 bit strength

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A.

Issue the pivot exploit and set the meterpreter.

B.

Reconfigure the network settings in the meterpreter.

C.

Set the payload to propagate through the meterpreter.

D.

Create a route statement in the meterpreter.