You purchased a network scanner six months ago. In spite of regularly conducting scans using this software, you have noticed that attackers have been able to compromise your servers over the last month. Which of the following is the most likely explanation for this problem?
A. The network scanner needs to be replaced.
B. The network scanner is no substitute for scans conducted by an individual.
C. The network scanner has atrojan.
D. The network scanner needs an update.
You have determined that the company Web server has several vulnerabilities, including a buffer overflow that has resulted in an attack. The Web server uses PHP and has direct connections to an Oracle database server. It also uses many CGI scripts. Which of the following is the most effective way to respond to this attack?
A. Installing software updates for the Web server daemon
B. Using the POST method instead of the GET method for a Web form
C. Installing an intrusion detection service to monitor logins
D. Using the GET method instead of the POST method for a Web form
What is the primary drawback of using symmetric-key encryption?
A. Key transport across a network
B. Speed of encryption
C. Denial-of-service attacks
D. Inability to support convergence traffic
Which algorithm can use a 128-bit key, and has been adopted as a standard by various governments and corporations?
A. MARS
B. RC2
C. Advanced Encryption Standard (AES)
D. International Data Encryption Algorithm (IDEA)
Which of the following is a common problem, yet commonly overlooked, in regards to physical security in server rooms?
A. Firewalls that do not have a dedicated backup
B. False ceilings
C. Logic bombs
D. Biometric malfunctions
Consider the following diagram:
Which type of attack is occurring?
A. Polymorphic virus-based attack
B. Denial-of-service attack
C. Distributed denial-of-service attack
D. Man-in-the-middle attack using a packet sniffer
Which of the following is a primary weakness of asymmetric-key encryption?
A. It is slow because it requires extensive calculations by the computer. B. It can lead to the corruption of encrypted data during network transfer.
B. It is reliant on the Secure Sockets Layer (SSL) standard, which has been compromised.
C. It is difficult to transfer any portion of an asymmetric key securely.
What is the primary strength of symmetric-key encryption?
A. It allows easy and secure exchange of the secret key.
B. It creates aash?of a text, enabling data integrity.It creates a ?ash?of a text, enabling data integrity.
C. It can encrypt large amounts of data very quickly.
D. It provides non-repudiation services more efficiently than asymmetric-key encryption.
Consider the following image of a packet capture:
Which of the following best describes the protocol used, along with its primary benefit?
A. It is a passive FTP session, which is easier for firewalls to process.
B. It is an active FTP session, which is necessary in order to support IPv6.
C. It is an extended passive FTP session, which is necessary to support IPv6.
D. It is an active FTP session, which is supported by all FTP clients.
At what layer of the OSI/RM does a packet filter operate?
A. Layer 1
B. Layer 3
C. Layer 5
D. Layer 7
