- All Exams Instant Download
Code injection is a form of attack in which a malicious user:
Code injection is a form of attack in which a malicious user:A . Inserts text into a data field that gets interpreted as codeB . Gets the server to execute arbitrary code using a buffer overflowC . Inserts additional code into the JavaScript running in the browserD . Gains access...
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?
The establishment of a TCP connection involves a negotiation called three-way handshake. What type of message does the client send to the server in order to begin this negotiation?A . ACKB . SYNC . RSTD . SYN-ACKView AnswerAnswer: B
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
Which of the following is a serious vulnerability in the popular OpenSSL cryptographic software library? This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.A . SSL/TLS Renegotiation VulnerabilityB . ShellshockC . Heartbleed BugD . POODLEView AnswerAnswer: C
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?
Shellshock allowed an unauthorized user to gain access to a server. It affected many Internet-facing services, which OS did it not directly affect?A . LinuxB . UnixC . OS XD . WindowsView AnswerAnswer: D
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?
Which of the following options represents a conceptual characteristic of an anomaly-based IDS over a signature-based IDS?A . Produces less false positivesB . Can identify unknown attacksC . Requires vendor updates for a new threatD . Cannot deal with encrypted network trafficView AnswerAnswer: B
Which of the following will perform an Xmas scan using NMAP?
Which of the following will perform an Xmas scan using NMAP?A . nmap -sA 192.168.1.254B . nmap -sP 192.168.1.254C . nmap -sX 192.168.1.254D . nmap -sV 192.168.1.254View AnswerAnswer: C
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?
When does the Payment Card Industry Data Security Standard (PCI-DSS) require organizations to perform external and internal penetration testing?A . At least twice a year or after any significant upgrade or modificationB . At least once a year and after any significant upgrade or modificationC . At least once every...
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve’s approach. After that, people must approximate their RFID badges....
What is not a PCI compliance recommendation?
What is not a PCI compliance recommendation?A . Use a firewall between the public network and the payment card data.B . Use encryption to protect all transmission of card holder data over any public network.C . Rotate employees handling credit card transactions on a yearly basis to different departments.D ....
Which command would you use?
You are logged in as a local admin on a Windows 7 system and you need to launch the Computer Management Console from command line. Which command would you use?A . c:gpeditB . c:compmgmt.mscC . c:cpa.cpD . c:services.mscView AnswerAnswer: B
