NEW QUESTION 1
Which of the following is designed to protect the Internet resolvers (clients) from forged DNS data created by DNS cache poisoning?

• A. Stub resolver
• B. BINDER
• C. Split-horizon DNS
• D. Domain Name System Extension (DNSSEC)

Answer: D

NEW QUESTION 2
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.

• A. This vulnerability helps in a cross site scripting attack.
• B. 'Printenv' vulnerability maintains a log file of user activities on the Website, which may be useful for the attacker.
• C. The countermeasure to 'printenv' vulnerability is to remove the CGI script.
• D. With the help of 'printenv' vulnerability, an attacker can input specially crafted links and/or other malicious scripts.

Answer: ACD

NEW QUESTION 3
910 ms 15 0.so-7-0-0.XL1.MIA4.ALTER.NET (152.63.86.189) 51.165 ms 49.935 ms

• A. Yes
• B. Not Mastered

Answer: A

NEW QUESTION 4
Which of the following is the process of comparing cryptographic hash functions of system executables and configuration files?

• A. Shoulder surfing
• B. File integrity auditing
• C. Reconnaissance
• D. Spoofing

Answer: B

NEW QUESTION 5
US Garments wants all encrypted data communication between corporate office and remote location.
They want to achieve following results:
l Authentication of users
l Anti-replay
l Anti-spoofing
l IP packet encryption
They implemented IPSec using Authentication Headers (AHs). Which results does this solution provide? (Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a complete solution. Choose all that apply.

• A. Anti-replay
• B. IP packet encryption
• C. Authentication of users
• D. Anti-spoofing

Answer: AD

NEW QUESTION 6
Which of the following types of attacks is mounted with the objective of causing a negative impact on the performance of a computer or network?

• A. Vulnerability attack
• B. Man-in-the-middle attack
• C. Denial-of-Service (DoS) attack
• D. Impersonation attack

Answer: C

NEW QUESTION 7
Which of the following is a method of gaining access to a system that bypasses normal authentication?

• A. Teardrop
• B. Trojan horse
• C. Back door
• D. Smurf

Answer: C

NEW QUESTION 8
Which of the following are based on malicious code?
Each correct answer represents a complete solution. Choose two.

• A. Denial-of-Service (DoS)
• B. Biometrics
• C. Trojan horse
• D. Worm

Answer: CD

NEW QUESTION 9
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to test the network security of the company. He created a webpage to discuss the progress of the tests with employees who were interested in following the test. Visitors were allowed to click on a company's icon to mark the progress of the test. Adam successfully embeds a keylogger. He also added some statistics on the webpage. The firewall protects the network well and allows strict Internet access.
How was security compromised and how did the firewall respond?

• A. The attack was social engineering and the firewall did not detect it.
• B. Security was not compromised as the webpage was hosted internally.
• C. The attack was Cross Site Scripting and the firewall blocked it.
• D. Security was compromised as keylogger is invisible for firewall.

Answer: A

NEW QUESTION 10
Which of the following is a version of netcat with integrated transport encryption capabilities?

• A. Encat
• B. Nikto
• C. Socat
• D. Cryptcat

Answer: D

NEW QUESTION 11
James works as a Database Administrator for Techsoft Inc. The company has a SQL Server 2005 computer. The computer has a database named Sales. Users complain that the performance of the database has deteriorated. James opens the System Monitor tool and finds that there is an increase in network traffic. What kind of attack might be the cause of the performance deterioration?

• A. Denial-of-Service
• B. Injection
• C. Internal attack
• D. Virus

Answer: A

NEW QUESTION 12
Which of the following programs is used for bypassing normal authentication for securing remote access to a computer?

• A. Backdoor
• B. Worm
• C. Adware
• D. Spyware

Answer: A

NEW QUESTION 13
Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords?

• A. Rainbow attack
• B. Brute Force attack
• C. Dictionary attack
• D. Hybrid attack

Answer: A

NEW QUESTION 14
Which of the following statements are correct about spoofing and session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. Spoofing is an attack in which an attacker can spoof the IP address or other identity of the target and the valid user cannot be active.
• B. Spoofing is an attack in which an attacker can spoof the IP address or other identity of the target but the valid user can be active.
• C. Session hijacking is an attack in which an attacker takes over the session, and the valid user's session is disconnected.
• D. Session hijacking is an attack in which an attacker takes over the session, and the valid user's session is not disconnected.

Answer: BD

NEW QUESTION 15
You enter the following URL on your Web browser:
http://www.we-are-secure.com/scripts/..%co%af../..%co%
af../windows/system32/cmd.exe?/c+dir+c:\
What kind of attack are you performing?

• A. Directory traversal
• B. Replay
• C. Session hijacking
• D. URL obfuscating

Answer: A

NEW QUESTION 16
Adam works as a Penetration Tester for Umbrella Inc. A project has been assigned to him check the security of wireless network of the company. He re-injects a captured wireless packet back onto the network. He does this hundreds of times within a second. The packet is correctly encrypted and Adam assumes it is an ARP request packet. The wireless host responds with a stream of responses, all individually encrypted with different IVs.
Which of the following types of attack is Adam performing?

• A. Replay attack
• B. MAC Spoofing attack
• C. Caffe Latte attack
• D. Network injection attack

Answer: A

NEW QUESTION 17
Which of the following attacks allows an attacker to retrieve crucial information from a Web server's database?

• A. Database retrieval attack
• B. PHP injection attack
• C. SQL injection attack
• D. Server data attack

Answer: C

NEW QUESTION 18
Which of the following are types of access control attacks?
Each correct answer represents a complete solution. Choose all that apply.

• A. Spoofing
• B. Brute force attack
• C. Dictionary attack
• D. Mail bombing

Answer: ABC

NEW QUESTION 19
Mark works as a Network Administrator for NetTech Inc. The network has 150 Windows 2000 Professional client computers and four Windows 2000 servers. All the client computers are able to connect to the Internet. Mark is concerned about malware infecting the client computers through the Internet. What will Mark do to protect the client computers from malware?
Each correct answer represents a complete solution. Choose two.

• A. Educate users of the client computers to avoid malware.
• B. Educate users of the client computers about the problems arising due to malware.
• C. Prevent users of the client computers from executing any programs.
• D. Assign Read-Only permission to the users for accessing the hard disk drives of the client computers.

Answer: AB

NEW QUESTION 20
......