Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)

A.

Invalid Username

B.

Invalid Password

C.

Authentication Failure

D.

Login Attempt Failed

E.

Access Denied

In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.

If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?

A.

Full Blown

B.

Thorough

C.

Hybrid

D.

BruteDics

Global deployment of RFC 2827 would help mitigate what classification of attack?

A.

Sniffing attack

B.

Denial of service attack

C.

Spoofing attack

D.

Reconnaissance attack

E.

Prot Scan attack

Sniffing is considered an active attack.

A.

True

B.

False

Which of the following are well know password-cracking programs?(Choose all that apply.

A.

L0phtcrack

B.

NetCat

C.

Jack the Ripper

D.

Netbus

E.

John the Ripper

Which of the following Exclusive OR transforms bits is NOT correct?

A.

0 xor 0 = 0

B.

1 xor 0 = 1

C.

1 xor 1 = 1

D.

0 xor 1 = 1

How do you defend against ARP Poisoning attack? (Select 2 answers)

A.

Enable DHCP Snooping Binding Table

B.

Restrict ARP Duplicates

C.

Enable Dynamic ARP Inspection

D.

Enable MAC snooping Table

In the software security development life cyle process, threat modeling occurs in which phase?

A.

Design

B.

Requirements

C.

Verification

D.

Implementation

SSL has been seen as the solution to a lot of common security problems. Administrator will often time make use of SSL to encrypt communications from points A to point B. Why do you think this could be a bad idea if there is an Intrusion Detection System deployed to monitor the traffic between point A and B?

A.

SSL is redundant if you already have IDS's in place

B.

SSL will trigger rules at regular interval and force the administrator to turn them off

C.

SSL will slow down the IDS while it is breaking the encryption to see the packet content

D.

SSL will blind the content of the packet and Intrusion Detection Systems will not be able to detect them

What do you call a pre-computed hash?

A.

Sun tables

B.

Apple tables

C.

Rainbow tables

D.

Moon tables

What type of port scan is represented here.

A.

Stealth Scan

B.

Full Scan

C.

XMAS Scan

D.

FIN Scan

SOAP services use which technology to format information?

A.

SATA

B.

PCI

C.

XML

D.

ISDN

WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing. How will you stop web spiders from crawling certain directories on your website?

A.

Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled

B.

Place authentication on root directories that will prevent crawling from these spiders

C.

Enable SSL on the restricted directories which will block these spiders from crawling

D.

Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index

You are writing security policy that hardens and prevents Footprinting attempt by Hackers. Which of the following countermeasures will NOT be effective against this attack?

A.

Configure routers to restrict the responses to Footprinting requests

B.

Configure Web Servers to avoid information leakage and disable unwanted protocols

C.

Lock the ports with suitable Firewall configuration

D.

Use an IDS that can be configured to refuse suspicious traffic and pick up Footprinting patterns

E.

Evaluate the information before publishing it on the Website/Intranet

F.

Monitor every employee computer with Spy cameras, keyloggers and spy on them

G.

Perform Footprinting techniques and remove any sensitive information found on DMZ sites

Which of the following Registry location does a Trojan add entries to make it persistent on Windows 7? (Select 2 answers)

A.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

B.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\System32\CurrentVersion\ Run

C.

HKEY_CURRENT_USER\Software\Microsoft\Windows\System32\CurrentVersion\Run

D.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

What is the broadcast address for the subnet 190.86.168.0/22?

A.

190.86.168.255

B.

190.86.255.255

C.

190.86.171.255

D.

190.86.169.255

Blane is a security analyst for a law firm. One of the lawyers needs to send out an email to a client but he wants to know if the email is forwarded on to any other recipients. The client is explicitly asked not to re-send the email since that would be a violation of the lawyer's and client's agreement for this particular case. What can Blane use to accomplish this?

A.

He can use a split-DNS service to ensure the email is not forwarded on.

B.

A service such as HTTrack would accomplish this.

C.

Blane could use MetaGoofil tracking tool.

D.

Blane can use a service such as ReadNotify tracking tool.

An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?

A.

Birthday attack

B.

Plaintext attack

C.

Meet in the middle attack

D.

Chosen ciphertext attack

One way to defeat a multi-level security solution is to leak data via

A.

a bypass regulator.

B.

steganography.

C.

a covert channel.

D.

asymmetric routing.

Low humidity in a data center can cause which of the following problems?

A.

Heat

B.

Corrosion

C.

Static electricity

D.

Airborne contamination