Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

Which of the following lists are valid data-gathering activities associated with a risk assessment?

A.

Threat identification, vulnerability identification, control analysis

B.

Threat identification, response identification, mitigation identification

C.

Attack profile, defense profile, loss profile

D.

System profile, vulnerability identification, security determination

Which property ensures that a hash function will not produce the same hashed value for two different messages?

A.

Collision resistance

B.

Bit length

C.

Key strength

D.

Entropy

In order to show improvement of security over time, what must be developed?

A.

Reports

B.

Testing tools

C.

Metrics

D.

Taxonomy of vulnerabilities

A developer for a company is tasked with creating a program that will allow customers to update their billing and shipping information. The billing address field used is limited to 50 characters. What pseudo code would the developer use to avoid a buffer overflow attack on the billing address field?

A.

if (billingAddress = 50) {update field} else exit

B.

if (billingAddress != 50) {update field} else exit

C.

if (billingAddress >= 50) {update field} else exit

D.

if (billingAddress <= 50) {update field} else exit

A company has five different subnets: 192.168.1.0, 192.168.2.0, 192.168.3.0, 192.168.4.0 and 192.168.5.0. How can NMAP be used to scan these adjacent Class C networks?

A.

NMAP -P 192.168.1-5.

B.

NMAP -P 192.168.0.0/16

C.

NMAP -P 192.168.1.0,2.0,3.0,4.0,5.0

D.

NMAP -P 192.168.1/17

A pentester is using Metasploit to exploit an FTP server and pivot to a LAN. How will the pentester pivot using Metasploit?

A.

Issue the pivot exploit and set the meterpreter.

B.

Reconfigure the network settings in the meterpreter.

C.

Set the payload to propagate through the meterpreter.

D.

Create a route statement in the meterpreter.

The following is part of a log file taken from the machine on the network with the IP address of 192.168.1.106:

What type of activity has been logged?

A.

Port scan targeting 192.168.1.103

B.

Teardrop attack targeting 192.168.1.106

C.

Denial of service attack targeting 192.168.1.103

D.

Port scan targeting 192.168.1.106

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

A.

Recipient's private key

B.

Recipient's public key

C.

Master encryption key

D.

Sender's public key

A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

A.

IP Security (IPSEC)

B.

Multipurpose Internet Mail Extensions (MIME)

C.

Pretty Good Privacy (PGP)

D.

Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

Smart cards use which protocol to transfer the certificate in a secure manner?

A.

Extensible Authentication Protocol (EAP)

B.

Point to Point Protocol (PPP)

C.

Point to Point Tunneling Protocol (PPTP)

D.

Layer 2 Tunneling Protocol (L2TP)

A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?

A.

Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389

B.

Permit 217.77.88.12 11.12.13.50 RDP 3389

C.

Permit 217.77.88.12 11.12.13.0/24 RDP 3389

D.

Permit 217.77.88.0/24 11.12.13.50 RDP 3389

A newly discovered flaw in a software application would be considered which kind of security vulnerability?

A.

Input validation flaw

B.

HTTP header injection vulnerability

C.

0-day vulnerability

D.

Time-to-check to time-to-use flaw

Which tool can be used to silently copy files from USB devices?

A.

USB Grabber

B.

USB Dumper

C.

USB Sniffer

D.

USB Snoopy

Least privilege is a security concept that requires that a user is

A.

limited to those functions required to do the job.

B.

given root or administrative privileges.

C.

trusted to keep all data and access to that data under their sole control.

D.

given privileges equal to everyone else in the department.

What is the name of the international standard that establishes a baseline level of confidence in the security functionality of IT products by providing a set of requirements for evaluation?

A.

Blue Book

B.

ISO 26029

C.

Common Criteria

D.

The Wassenaar Agreement