Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

Which among the following information is not furnished by the Rules of Engagement (ROE) document?

A.

Techniques for data collection from systems upon termination of the test

B.

Techniques for data exclusion from systems upon termination of the test

C.

Details on how data should be transmitted during and after the test

D.

Details on how organizational data is treated throughout and after the test

A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications.

Which of the following frameworks helps an organization in the evaluation of the company’s information security with that of the industrial standards?

A.

Microsoft Internet Security Framework

B.

Information System Security Assessment Framework

C.

The IBM Security Framework

D.

Nortell’s Unified Security Framework

Kyle is performing the final testing of an application he developed for the accounting department. His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command. What is he testing at this point?

include

#include

int main(int argc, char *argv[])

{

char buffer[10];

if (argc < 2)

{

fprintf(stderr, "USAGE: %s string\n", argv[0]);

return 1;

}

strcpy(buffer, argv[1]);

return 0;

}

A.

Buffer overflow

B.

Format string bug

C.

Kernal injection

D.

SQL injection

Variables are used to define parameters for detection, specifically those of your local network and/or specific servers or ports for inclusion or exclusion in rules. These are simple substitution variables set with the var keyword.

Which one of the following operator is used to define meta-variables?

A.

“$”

B.

“#”

C.

“*”

D.

“?”

The framework primarily designed to fulfill a methodical and organized way of addressing five threat classes to network and that can be used to access, plan, manage, and maintain secure computers and communication networks is:

A.

Nortells Unified Security Framework

B.

The IBM Security Framework

C.

Bell Labs Network Security Framework

D.

Microsoft Internet Security Framework

In the context of penetration testing, what does blue teaming mean?

A.

A penetration test performed with the knowledge and consent of the organization's IT staff

B.

It is the most expensive and most widely used

C.

It may be conducted with or without warning

D.

A penetration test performed without the knowledge of the organization's IT staff but with permission from upper management

In a virtual test environment, Michael is testing the strength and security of BGP using multiple routers to mimic the backbone of the Internet. This project will help him write his doctoral thesis on "bringing down the Internet".

Without sniffing the traffic between the routers, Michael sends millions of RESET packets to the routers in an attempt to shut one or all of them down. After a few hours, one of the routers finally shuts itself down.

What will the other routers communicate between themselves?

A.

More RESET packets to the affected router to get it to power back up

B.

RESTART packets to the affected router to get it to power back up

C.

The change in the routing fabric to bypass the affected router

D.

STOP packets to all other routers warning of where the attack originated

The Web parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc.

Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations.

Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

What is the best way to protect web applications from parameter tampering attacks?

A.

Validating some parameters of the web application

B.

Minimizing the allowable length of parameters

C.

Using an easily guessable hashing algorithm

D.

Applying effective input field filtering parameters

You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology you will be using to test the company's network.

How would you answer?

A.

IBM Methodology

B.

LPT Methodology

C.

Google Methodology

D.

Microsoft Methodology

Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.

Which of the following factors is NOT considered while preparing a price quote to perform pen testing?

A.

Total number of employees in the client organization

B.

Type of testers involved

C.

The budget required

D.

Expected time required to finish the project