NEW QUESTION 1

You have just taken over as the Network Administrator for a medium sized company. You want to check to see what services are exposed to the outside world. What tool would you use to accomplish this?

• A. Network mapper
• B. Protocol analyzer
• C. A port scanner
• D. Packet sniffer

Answer: C

Explanation:

A port scanner is often used on the periphery of a network by either administrators or hackers. It will tell you what ports are open. By determining what ports are open, you know what services are exposed to the outside world. For example, if port 80 is open, then HTTP traffic is allowed, meaning there should be a Web server on the network. Answer: A is incorrect. Network mappers give a topography of the network, letting you know what is on your network and where it is connected. Answer: B is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment, thus would detect services working on that segment. However, a port scanner is a better tool for detecting all the ports that are open. Answer: D is incorrect. Packet sniffers are used to intercept traffic and to detect the contents of that traffic.

NEW QUESTION 2

You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN. Which of the following is the required information that you will need to configure the client computer? (Choose two)

• A. SSID of the WLAN
• B. WEP key
• C. IP address of the router
• D. MAC address of the router

Answer: AB

Explanation:

In order to connect a client computer to a secured Wireless LAN (WLAN), you are required to provide the following information: SSID of the WLAN WEP key rticlesItemsReportsHelp

NEW QUESTION 3

Which of the following types of authentication tokens forms a logical connection to the client computer but does not require a physical connection?

• A. Virtual token
• B. Connected token
• C. Disconnected token
• D. Contactless token

Answer: D

Explanation:

Contactless tokens are the third main type of physical tokens. Unlike connected tokens, they form a logical connection to the client computer but do not require a physical connection. The absence of the need for physical contact makes them more convenient than both connected and disconnected tokens. As a result, contactless tokens are a popular choice for keyless entry systems and electronic payment solutions such as Mobil Speedpass, which uses RFID to transmit authentication information from a keychain token. However, there have been various security concerns raised about RFID tokens after researchers at Johns Hopkins University and RSA Laboratories discovered that RFID tags could be easily cracked and cloned. Another downside is that contactless tokens have relatively short battery lives, usually only 3-5 years, which is low compared to USB tokens which may last up to 10 years. However, some tokens do allow the batteries to be changed, thus reducing costs. Answer A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer B is incorrect. Connected tokens are tokens that must be physically connected to the client computer. Tokens in this category will automatically transmit the authentication information to the client computer once a physical connection is made, eliminating the need for the user to manually enter the authentication information. However, in order to use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens, which require a smart card reader and a USB port, respectively. Answer C is incorrect. Disconnected tokens have neither a physical nor logical connection to the client computer. They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually via a keyboard or keypad.
Disconnected tokens are the most common type of security token used (usually in combination with a password) in two-factor authentication for online identification.

NEW QUESTION 4

Which of the following is the most secure place to host a server that will be accessed publicly through the Internet?

• A. A DNS Zone
• B. An Intranet
• C. A stub zone
• D. A demilitarized zone (DMZ)

Answer: D

Explanation:

A demilitarized zone (DMZ) is the most secure place to host a server that will be accessed publicly through the Internet. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer B is incorrect. Hosting a server on the intranet for public access will not be good from a security point of view.

NEW QUESTION 5

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. Which of the following statements are true about SARA? (Choose two)

• A. It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS.
• B. It cannot be used to perform exhaustive XSS tests.
• C. It cannot be used to perform SQL injection tests.
• D. It supports plug-in facility for third party apps.

Answer: AD

Explanation:

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. It has the following functions: It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS. It integrates the National Vulnerability Database (NVD). It can be used to perform SQL injection tests. It can be used to perform exhaustive XSS tests. It can be adapted to multiple firewalled environments. It supports remote self scan and API facilities. It is used for CIS benchmark initiatives. It also supports plug-in facility for third party apps. It supports CVE standards. It works as an enterprise search module. It works in both standalone or demo mode. Answer C is incorrect. SARA can be used to perform SQL injection tests. Answer B is incorrect. SARA can be used to perform exhaustive XSS tests.

NEW QUESTION 6

You check performance logs and note that there has been a recent dramatic increase in the amount of broadcast traffic. What is this most likely to be an indicator of?

• A. Misconfigured router
• B. DoS attack
• C. Syn flood
• D. Virus

Answer: B

Explanation:

There are several denial of service (DoS) attacks that specifically use broadcast traffic to flood a targeted computer. Seeing an unexplained spike in broadcast traffic could be an indicator of an attempted denial of service attack. Answer D is incorrect. Viruses can cause an increase in network traffic, and it is possible for that to be broadcast traffic. However, a DoS attack is more likely than a virus to cause this particular problem. Answer C is incorrect. A syn flood does not cause increased broadcast traffic. Answer A is incorrect. A misconfigured router could possibly cause an increase in broadcast traffic. However, this a recent problem, the router is unlikely to be the issue.

NEW QUESTION 7

Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?

• A. HTTP 1.1
• B. JAVA
• C. HTML
• D. VPN

Answer: A

Explanation:

HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer D is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company's LAN for extended periods.
Answer B is incorrect. Java is an object oriented programming language developed by Sun Microsystems. It allows the creation of platform independent executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM). Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. Answer C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page.

NEW QUESTION 8

You work as a Security manager for Qualoxizz Inc. Your company has number of network switches in the site network infrastructure. Which of the following actions will you perform to ensure the security of the switches in your company?

• A. Open up all the unused management ports.
• B. Set similar passwords for each management port.
• C. Set long session timeouts.
• D. Ignore usage of the default account settings.

Answer: D

Explanation:

A switch with a management port using a default user account permits an attacker to intrude inside by making connections using one or more of the well-known default user accounts (e.g., administrator, root, security). Therefore, the default account settings should not be used. Answer A is incorrect. The unused management ports on a switch should always be blocked to prevent port scanning attacks from the attackers. Answer B is incorrect. Setting similar passwords on all management ports increases the vulnerability of password cracking. The matching passwords on all ports can be used by the attacker to break into all ports once the password of one of the ports is known. Answer C is incorrect. Short timeout sessions should always be set to reduce the session period. If the connections to a management port on a switch do not have a timeout period set or have a large timeout period (greater than 9 minutes), then the connections will be more available for an attacker to hijack them.

NEW QUESTION 9

You work as a Network Administrator for BetaTech Inc. You have been assigned the task of designing the firewall policy for the company. Which of the following statements is unacceptable in the 'acceptable use statement' portion of the firewall policy?

• A. The computers and their applications should be used for organizational related activities only.
• B. Computers may not be left unattended with a user account still logged on.
• C. Applications other than those supplied or approved by the company can be installed on any computer.
• D. The installed e-mail application can only be used as the authorized e-mail service.

Answer: C

Explanation:

Applications other than those supplied or approved by the company shall not be installed on any computer. Answer A, B, D are incorrect. All of these statements stand true in the 'acceptable use statement' portion of the firewall policy.

NEW QUESTION 10

Which of the following features of a switch helps to protect network from MAC flood and MAC spoofing?

• A. Multi-Authentication
• B. Port security
• C. MAC Authentication Bypass
• D. Quality of Service (QoS)

Answer: B

Explanation:
If a switch has the ability to enable port security, this will help to protect network from both the MAC Flood and MAC Spoofing attacks. Answer D is incorrect. Quality of Service (QoS) feature is useful for prioritizing VOIP traffic. Switches are offering the ability to assign a device a Quality of Service (QoS) value or a rate limiting value based on the RADIUS response. Answer A is incorrect. Multi-Authentication feature is used to allow multiple devices to use a single port. Answer C is incorrect. MAC Authentication Bypass feature is used to allow the RADIUS server to specify the default VLAN/ACL for every device that doesn't authenticate by 802.1X.

NEW QUESTION 11

You are concerned about war driving bringing hackers attention to your wireless network. What is the most basic step you can take to mitigate this risk?

• A. Implement WPA
• B. Implement WEP
• C. Don't broadcast SSID
• D. Implement MAC filtering

Answer: C

Explanation:

By not broadcasting your SSID some simple war driving tools won't detect your network. However you should be aware that there are tools that will still detect networks that are not broadcasting their SSID across your network. Answer D is incorrect. While MAC filtering may help prevent a hacker from accessing your network, it won't keep him or her from finding your network.

NEW QUESTION 12

In which of the following social engineering attacks does an attacker first damage any part
of the target's equipment and then advertise himself as an authorized person who can help fix the problem.

• A. Reverse social engineering attack
• B. Impersonation attack
• C. Important user posing attack
• D. In person attack

Answer: A

Explanation:

A reverse social engineering attack is a person-to-person attack in which an attacker convinces the target that he or she has a problem or might have a certain problem in the future and that he, the attacker, is ready to help solve the problem. Reverse social engineering is performed through the following steps: An attacker first damages the target's equipment. He next advertises himself as a person of authority, ably skilled in solving that problem. In this step, he gains the trust of the target and obtains access to sensitive information.
If this reverse social engineering is performed well enough to convince the target, he often calls the attacker and asks for help. Answer B, C, D are incorrect. Person-to-Person social engineering works on the personal level. It can be classified as follows: Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's friend, a repairman, or a delivery person. In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker. Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works because there is a common belief that it is not good to question authority. Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This works because people believe that most people are good and they are being truthful about what they are saying.

NEW QUESTION 13

Every network device contains a unique built in Media Access Control (MAC) address, which is used to identify the authentic device to limit the network access. Which of the
following addresses is a valid MAC address?

• A. A3-07-B9-E3-BC-F9
• B. F936.28A1.5BCD.DEFA
• C. 1011-0011-1010-1110-1100-0001
• D. 132.298.1.23

Answer: A

Explanation:

The general format for writing MAC addresses is to use six group of two hexadecimal digits, each separated by hyphen (-). Another standard method is also used for writing MAC addresses as three groups of four hexadecimal digits separated by dots. Answer C is incorrect. Binary numbers are not used to denote MAC address. Answer D is incorrect. This is an example of IP address. Answer B is incorrect. This is not a valid MAC address as there four groups of four hexadecimal digits exist.

NEW QUESTION 14

Which of the following is a prevention-driven activity to reduce errors in the project and to help the project meet its requirements?

• A. Audit sampling
• B. Asset management
• C. Access control
• D. Quality assurance

Answer: D

Explanation:

Quality assurance is the application of planned, systematic quality activities to ensure that the project will employ all processes needed to meet requirements. It is a prevention-driven activity to reduce errors in the project and to help the project meet its requirements. Answer A is incorrect. Audit sampling is an application of the audit procedure that enables the IT auditor to evaluate audit evidence within a class of transactions for the purpose of forming a conclusion concerning the population. When designing the size and structure of an audit sample, the IT auditor should consider the audit objectives determined when planning the audit, the nature of the population, and the sampling and selection methods. Answer C is incorrect. The process of limiting access to the resources of a Web site is called access control. Access control can be performed in the following ways: Registering the user in order to access the resources of the Web site. This can be confirmed by the user name and password. Limiting the time during which resources of the Web site can be used. For example, the Web site can be viewed between certain hours of a day. Answer B is incorrect. It is the practice of managing the whole life cycle (design, construction, commissioning, operating, maintaining, repairing, modifying, replacing and decommissioning/disposal) of physical and infrastructure assets such as structures, production, distribution networks, transport systems, buildings, and other physical assets.

NEW QUESTION 15

You want to change the number of characters displaying on the screen while reading a txt file. However, you do not want to change the format of the txt file. Which of the following commands can be used to view (but not modify) the contents of the text file on the terminal screen at a time?

• A. cat
• B. tail
• C. less
• D. more

Answer: D

Explanation:

The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,

Answer A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,

Answer B is incorrect. The tail command is used to display the last few lines of a text file or piped data.

NEW QUESTION 16

In a network, a data packet is received by a router for transmitting it to another network. In order to make decisions on where the data packet should be forwarded, the router checks with its routing table. Which of the following lists does a router check in a routing table?

• A. Available networks
• B. Available packets
• C. Available protocols
• D. Available paths

Answer: AD

Explanation:

A Routing table stores the actual routes to all destinations; the routing table is populated from the topology table with every destination network that has its successor and optionally feasible successor identified (if unequal-cost load-balancing is enabled using the variance command). The successors and feasible successors serve as the next hop routers for these destinations. Unlike most other distance vector protocols, EIGRP does not rely on periodic route dumps in order to maintain its topology table. Routing information is exchanged only upon the establishment of new neighbor adjacencies, after which only changes are sent. Answer C is incorrect. A routing table does not contain any list of protocols. Answer B is incorrect. A routing table does not contain any list of packets.

NEW QUESTION 17

Mark works as a Web Developer for XYZ CORP. He is developing a Web site for the company. He wants to use frames in the Web site. Which of the following is an HTML tag used to create frames?

• A. <REGION>
• B. <TABLESET>
• C. <FRAMEWINDOW>
• D. <FRAMESET>

Answer: D

Explanation:

<FRAMESET> tag specifies a frameset used to organize multiple frames and nested framesets in an HTML document. It defines the location, size, and orientation of frames. An HTML document can either contain a <FRAMESET> tag or a <BODY> tag. Answer A, B, C are incorrect. There are no HTML tags such as <TABLESET>,
<FRAMEWINDOW>, and <REGION>.

NEW QUESTION 18

What is the extension of a Cascading Style Sheet?

• A. .hts
• B. .cs
• C. .js
• D. .css

Answer: D

Explanation:

A Cascading Style Sheet (CSS) is a separate text file that keeps track of design and formatting information, such as colors, fonts, font sizes, and margins, used in Web pages. CSS is used to provide Web site authors greater control on the appearance and presentation of their Web pages. It has codes that are interpreteA, Dpplied by the browser on to the Web pages and their elements. CSS files have .css extension. There are three types of Cascading Style Sheets: External Style Sheet Embedded Style Sheet Inline Style Sheet

NEW QUESTION 19

Which of the following statements about a session are true? (Choose two)

• A. The creation time can be obtained using the getSessionCreationTime() method of the HttpSession.
• B. The getAttribute() method of the HttpSession interface returns a String.
• C. The time for the setMaxInactiveInterval() method of the HttpSession interface is specified in seconds.
• D. The isNew() method is used to identify if the session is new.

Answer: CD

Explanation:

The setMaxInactiveInterval() method sets the maximum time in seconds before a session becomes invalid. The syntax of this method is as follows: public void
setMaxInactiveInterval(int interval) Here, interval is specified in seconds. The isNew() method of the HttpSession interface returns true if the client does not yet know about the session, or if the client chooses not to join the session. This method throws an IllegalStateException if called on an invalidated session. Answer B is incorrect. The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name is bound to the session. This method throws an IllegalStateException if it is called on an invalidated session. Answer A is incorrect. The creation time of a session can be obtained using the getCreationTime() method of the HttpSession.

NEW QUESTION 20
......