- All Exams Instant Download
What should Bob do to avoid this problem?
Bob, a network administrator at BigUniversity, realized that some students are connecting their notebooks in the wired network to have Internet access. In the university campus, there are many Ethernet ports available for professors and authorized visitors but not for students. He identified this when the IDS alerted for malware...
Which of the following requests best illustrates an attempt to exploit an insecure direct object reference vulnerability?
Insecure direct object reference is a type of vulnerability where the application does not verify if the user is authorized to access the internal object via its name or key. Suppose a malicious user Rob tries to get access to the account of a benign user Ned. Which of the...
Using Wire shark to examine the captured traffic, which command can be used as a display filter to find unencrypted file transfers?
A company's policy requires employees to perform file transfers using protocols which encrypt traffic. You suspect some employees are still performing file transfers using unencrypted protocols because the employees do not like changes. You have positioned a network sniffer to capture traffic from the laptops used by employees in the...
Which of the following steps for risk assessment methodology refers to vulnerability identification?
Which of the following steps for risk assessment methodology refers to vulnerability identification?A . Determines if any flaws exist in systems, policies, or proceduresB . Assigns values to risk probabilities; Impact values.C . Determines risk probability that vulnerability will be exploited (High. Medium, Low)D . Identifies sources of harm to...
This proves that Company XYZ's email gateway doesn't prevent what?
Company XYZ has asked you to assess the security of their perimeter email gateway. From your office in New York, you craft a specially formatted email message and send it across the Internet to an employee of Company XYZ. The employee of Company XYZ is aware of your test. Your...
What process would help him?
A hacker named Jack is trying to compromise a bank’s computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?A . Banner GrabbingB . IDLE/IPID ScanningC . SSDP ScanningD . UDP ScanningView AnswerAnswer: A
Which three flags are set?
An attacker scans a host with the below command. Which three flags are set? (Choose three.) #nmap CsX host.domain.comA . This is ACK scan. ACK flag is setB . This is Xmas scan. SYN and ACK flags are setC . This is Xmas scan. URG, PUSH and FIN are setD...
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?
A pen tester is configuring a Windows laptop for a test. In setting up Wireshark, what river and library are required to allow the NIC to work in promiscuous mode?A . LibpcapB . AwinpcapC . WinpromD . WinpcapView AnswerAnswer: D
Which of the following types of firewalls can protect against SQL injection attacks?
Firewalls are the software or hardware systems that are able to control and monitor the traffic coming in and out the target network based on pre-defined set of rules. Which of the following types of firewalls can protect against SQL injection attacks?A . Data-driven firewallB . Stateful firewallC . Packet...
Why should the security analyst disable/remove unnecessary ISAPI filters?
Why should the security analyst disable/remove unnecessary ISAPI filters?A . To defend against social engineering attacksB . To defend against webserver attacksC . To defend against jailbreakingD . To defend against wireless attacksView AnswerAnswer: B
