NEW QUESTION 1
Which of the following procedures is designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denialof-service, or unauthorized changes to system hardware, software, or data?

• A. Disaster Recovery Plan
• B. Cyber Incident Response Plan
• C. Crisis Communication Plan
• D. Occupant Emergency Plan

Answer: B

NEW QUESTION 2
You are concerned about rootkits on your network communicating with attackers outside your network. Without using an IDS how can you detect this sort of activity?

• A. By examining your domain controller server logs.
• B. You cannot, you need an IDS.
• C. By examining your firewall logs.
• D. By setting up a DMZ.

Answer: C

NEW QUESTION 3
Which of the following refers to applications or files that are not classified as viruses or Trojan horse programs, but can still negatively affect the performance of the computers on your network and introduce significant security risks to your organization?

• A. Hardware
• B. Grayware
• C. Firmware
• D. Melissa

Answer: B

NEW QUESTION 4
In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

• A. TCP FIN
• B. FTP bounce
• C. XMAS
• D. TCP SYN

Answer: A

NEW QUESTION 5
Your network is being flooded by ICMP packets. When you trace them down they come from multiple different IP addresses. What kind of attack is this?

• A. Syn flood
• B. Ping storm
• C. Smurf attack
• D. DDOS

Answer: D

NEW QUESTION 6
When you conduct the XMAS scanning using Nmap, you find that most of the ports scanned do not give a response. What can be the state of these ports?

• A. Filtered
• B. Open
• C. Closed

Answer: B

NEW QUESTION 7
Buffer overflows are one of the major errors used for exploitation on the Internet today. A buffer overflow occurs when a particular operation/function writes more data into a variable than the variable was designed to hold.
Which of the following are the two popular types of buffer overflows?
Each correct answer represents a complete solution. Choose two.

• A. Dynamic buffer overflows
• B. Stack based buffer overflow
• C. Heap based buffer overflow
• D. Static buffer overflows

Answer: BC

NEW QUESTION 8
Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?

• A. Demon dialing
• B. Warkitting
• C. War driving
• D. Wardialing

Answer: D

NEW QUESTION 9
Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?

• A. Traceport
• B. Tracefire
• C. Tracegate
• D. Traceroute

Answer: D

NEW QUESTION 10
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

• A. Replay
• B. Firewalking
• C. Session fixation
• D. Cross site scripting

Answer: A

NEW QUESTION 11
What is the major difference between a worm and a Trojan horse?

• A. A worm spreads via e-mail, while a Trojan horse does not.
• B. A worm is a form of malicious program, while a Trojan horse is a utility.
• C. A worm is self replicating, while a Trojan horse is not.
• D. A Trojan horse is a malicious program, while a worm is an anti-virus software.

Answer: C

NEW QUESTION 12
Which of the following are the rules by which an organization operates?

• A. Acts
• B. Policies
• C. Rules
• D. Manuals

Answer: B

NEW QUESTION 13
Which of the following are open-source vulnerability scanners?

• A. Nessus
• B. Hackbot
• C. NetRecon
• D. Nikto

Answer: ABD

NEW QUESTION 14
Which of the following statements are true about session hijacking?
Each correct answer represents a complete solution. Choose all that apply.

• A. Use of a long random number or string as the session key reduces session hijacking.
• B. It is used to slow the working of victim's network resources.
• C. TCP session hijacking is when a hacker takes over a TCP session between two machines.
• D. It is the exploitation of a valid computer session to gain unauthorized access to information or services in a computer system.

Answer: ACD

NEW QUESTION 15
You are responsible for security at a company that uses a lot of Web applications. You are most concerned about flaws in those applications allowing some attacker to get into your network. What method would be best for finding such flaws?

• A. Manual penetration testing
• B. Code review
• C. Automated penetration testing
• D. Vulnerability scanning

Answer: D

NEW QUESTION 16
......