During a recent security assessment, you discover the organization has one Domain Name Server (DNS) in a Demilitarized Zone (DMZ) and a second DNS server on the internal Network.
What is this type of DNS configuration commonly called?
A. DNS Scheme
B. DynDNS
C. Split DNS
D. DNSSEC
One of the better features of NetWare is the use of packet signature that includes cryptographic signatures. The packet signature mechanism has four levels from 0 to 3.
In the list below which of the choices represent the level that forces NetWare to sign all packets?
A. 0 (zero)
B. 1
C. 2
D. 3
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?
A. Drops the packet and moves on to the next one
B. Continues to evaluate the packet until all rules are checked
C. Stops checking rules,sends an alert,and lets the packet continue
D. Blocks the connection with the source IP address in the packet
A XYZ security System Administrator is reviewing the network system log files.
He notes the following:
What should he assume has happened and what should he do about the situation?
A. He should contact the attacker's ISP as soon as possible and have the connection disconnected.
B. He should log the event as suspicious activity,continue to investigate,and take further steps according to site security policy.
C. He should log the file size,and archive the information,because the router crashed.
D. He should run a file system check,because the Syslog server has a self correcting file system problem.
E. He should disconnect from the Internet discontinue any further unauthorized use,because an attack has taken place.
A consultant has been hired by the V.P. of a large financial organization to assess the company's security posture. During the security testing, the consultant comes across child pornography on the V.P.'s computer.
What is the consultant's obligation to the financial organization?
A. Say nothing and continue with the security testing.
B. Stop work immediately and contact the authorities.
C. Delete the pornography,say nothing,and continue security testing.
D. Bring the discovery to the financial organization's human resource department.
While testing the company's web applications, a tester attempts to insert the following test script into the search area on the company's web sitE.
Afterwards, when the tester presses the search button, a pop-up box appears on the screen with the text:
"Testing Testing Testing".
Which vulnerability has been detected in the web application?
A. Buffer overflow
B. Cross-site request forgery
C. Distributed denial of service
D. Cross-site scripting
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?
A. Drops the packet and moves on to the next one
B. Continues to evaluate the packet until all rules are checked
C. Stops checking rules,sends an alert,and lets the packet continue
D. Blocks the connection with the source IP address in the packet
Which of the following encryption is NOT based on block cipher?
A. DES
B. Blowfish
C. AES (Rijndael)
D. RC4
Joel and her team have been going through tons of garbage, recycled paper, and other rubbish in order to find some information about the target they are attempting to penetrate.
How would you call this type of activity?
A. Dumpster Diving
B. Scanning
C. CI Gathering
D. Garbage Scooping
Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.
Choose the attack type from the choices given below.
A. Database Fingerprinting
B. Database Enumeration
C. SQL Fingerprinting
D. SQL Enumeration
