- All Exams Instant Download
is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.
is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.A . DNSSECB . Resource recordsC . Resource transferD . Zone transferView AnswerAnswer: A Explanation: The Domain...
What type of key does this bug leave exposed to the Internet making exploitation of any compromised system very easy?
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in RFC6520. What type of key does this bug leave exposed to the Internet making...
Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?
Why would you consider sending an email to an address that you know does not exist within the company you are performing a Penetration Test for?A . To determine who is the holder of the root accountB . To perform a DoSC . To create needless SPAMD . To illicit...
What is the proper response for a NULL scan if the port is closed?
What is the proper response for a NULL scan if the port is closed?A . SYNB . ACKC . FIND . PSHE . RSTF . No responseView AnswerAnswer: E
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?A . Use the same machines for DNS and other applicationsB . Harden DNS serversC . Use split-horizon operation for DNS serversD . Restrict Zone transfersE . Have subnet diversity between...
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access.
Steve, a scientist who works in a governmental security agency, developed a technological solution to identify people based on walking patterns and implemented this approach to a physical control access. A camera captures people walking and identifies the individuals using Steve’s approach. After that, people must approximate their RFID badges....
What is not a PCI compliance recommendation?
What is not a PCI compliance recommendation?A . Use a firewall between the public network and the payment card data.B . Use encryption to protect all transmission of card holder data over any public network.C . Rotate employees handling credit card transactions on a yearly basis to different departments.D ....
Which of the following options can be useful to ensure the integrity of the data?
The company ABC recently contracts a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information...
“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hot-spot by posing as a legitimate provider. This type of attack may be used to steal the passwords of unsuspecting users by either snooping the communication link or by phishing, which involves setting up a fraudulent web site and luring people there.”
“........is an attack type for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. It is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop...
The “Gray-box testing” methodology enforces what kind of restriction?
The “Gray-box testing” methodology enforces what kind of restriction?A . Only the external operation of a system is accessible to the tester.B . The internal operation of a system in only partly accessible to the tester.C . Only the internal operation of a system is known to the tester.D ....
