New Questions 1

A distributed denial-of-service (DDOS) attack has occurred where both ICMP and TCP packets have crashed the company's Web server. Which of the following techniques will best help reduce the severity of this attack?

A. Filtering traffic at the firewall

B. Changing your ISP

C. Installing Apache Server rather than Microsoft IIS

D. Placing the database and the Web server on separate systems

View Answer

New Questions 2

Which of the following will best help you ensure a database server can withstand a recently discovered vulnerability?

A. Updating the company vulnerability scanner and conducting a new scan

B. Adding a buffer overflow rule to the intrusion detection system

C. Reconfiguring the firewall

D. Installing a system update

View Answer

New Questions 3

Consider the following image:

From the information in this image, what type of attack is occurring?

A. A man-in-the-middle attack

B. A brute-force attack

C. A connection-hijacking attackC.A connection-hijacking attack

D. A spoofing attackD.A spoofing attack

View Answer

New Questions 4

Which of the following applications can help determine whether a denial-of-service attack is

A. The netstat command and a packet sniffer

B. The ps command and a network scanner

C. The ping command and User Manager

D. The iptables command and Windows desktop firewall

View Answer

New Questions 5

Which tool is best suited for identifying applications and code on a Web server that can lead to a SQL injection attack?

A. A vulnerability scanner

B. A packet sniffer

C. An intrusion-detection system

D. A network switch

View Answer

New Questions 6

Irina has contracted with a company to provide Web design consulting services. The company has asked her to use several large files available via an HTTP server. The IT department has provided Irina with user name and password, as well as the DNS name of the HTTP server. She then used this information to obtain the files she needs to complete her task using Mozilla Firefox. Which of the following is a primary risk factor when authenticating with a standard HTTP server?

A. HTTP uses cleartext transmission during authentication, which can lead to a man-in-the- middle attack.

B. Irina has used the wrong application for this protocol, thus increasing the likelihood of a man-in-the-middle attack.

C. A standard HTTP connection uses public-key encryption that is not sufficiently strong, inviting the possibility of a man-in-the-middle attack.

D. Irina has accessed the Web server using a non-standard Web browser.

View Answer

New Questions 7

You have determined that an attack is currently underway on your database server. An attacker is currently logged in, modifying data. You want to preserve logs, caching and other data on this affected server. Which of the following actions will best allow you to stop the attack and still preserve data?

A. Pull the server network cable

B. Shut down the server

C. Back up the system logs

D. Force an instant password reset

View Answer

New Questions 8

Which choice lists typical firewall functions?

A. Creating a VLAN and configuring the intrusion-detection system

B. Issuing alerts and limiting host access

C. Logging traffic and creating a choke point

D. Implementing the security policy and scanning the internal network

View Answer

New Questions 9

Which of the following is most likely to address a problem with an operating system's ability to withstand an attack that attempts to exploit a buffer overflow?

A. Firewall

B. Software update

C. Intrusion detection system

D. Network scanner

View Answer

New Questions 10

You are creating an information security policy for your company. Which of the following activities will help you focus on creating policies for the most important resources?

A. Auditing the firewall

B. Implementing non-repudiation

C. Logging users

D. Classifying systems

View Answer