NEW QUESTION 1

Mark works as a Web Designer for XYZ CORP. The company has a Windows-based network. Mark creates an HTML document that gives the following error on execution: "These hypertext system features are not supported by HTML". Which of the following can be the hypertext system features that are NOT supported by HTML? (Choose three)

• A. Source tracking
• B. Typed link
• C. Hyperlink
• D. Fat link

Answer: ABD

Explanation:

HTML lacks some of the features found in earlier hypertext systems, such as typed links, source tracking, fat links etc. Even some hypertext features that were in early versions of HTML have been ignored by most popular web browsers until recently, such as the link element and in- browser Web page editing. Sometimes Web services or browser manufacturers remedy these shortcomings. Answer C is incorrect. Hyperlink is supported by HTML as well as Hypertext.

NEW QUESTION 2

John works as a Network Administrator for Perfect Solutions Inc. The company has a
Linux-based network. John is working as a root user on the Linux operating system. He has a data.txt file in which each column is separated by the TAB character. Now, he wants to use this file as input for a data mining software he has created. The problem preventing him from accomplishing his task is that with his data mining software, he has used TAB as a delimiter to distinguish between columns. Hence, he is unable to use this file as input for the software. However, if he somehow replaces the TAB characters of the file with SPACE characters, he can use this file as an input file for his data mining software. Which of the following commands will John use to replace the TAB characters of the file with SPACE characters?

• A. expand -t 1 data.txt > data.txt
• B. cat data.txt
• C. chmod 755 data.txt
• D. touch data.txt

Answer: A

Explanation:
According to the scenario, John can replace the TAB characters with single space characters with the expand command. With the expand -t 1 data.txt > data.txt command, the TABs of data.txt are changed into single spaces and are redirected by using the > command into the data.txt file. Now, John can use the data.txt file as the input file for his data mining software.

NEW QUESTION 3

Which of the following methods can be helpful to eliminate social engineering threat? (Choose three)

• A. Data encryption
• B. Data classification
• C. Password policies
• D. Vulnerability assessments

Answer: BCD

Explanation:

The following methods can be helpful to eliminate social engineering threat: Password policies Vulnerability assessments Data classification Password policy should specify that how the password can be shared. Company should implement periodic penetration and vulnerability assessments. These assessments usually consist of using known hacker tools and common hacker techniques to breach a network security. Social engineering should also be used for an accurate assessment. Since social engineers use the knowledge of others to attain information, it is essential to have a data classification model in place that all employees know and follow. Data classification assigns level of sensitivity of company information. Each classification level specifies that who can view and edit data, and how it can be shared.

NEW QUESTION 4

An auditor assesses the database environment before beginning the audit. This includes various key tasks that should be performed by an auditor to identify and prioritize the users, data, activities, and applications to be monitored. Which of the following tasks need to be performed by the auditor manually?

• A. Classifying data risk within the database systems
• B. Monitoring data changes and modifications to the database structure, permission and user changes, and data viewing activities
• C. Analyzing access authority
• D. Archiving, analyzing, reviewing, and reporting of audit information

Answer: AC

Explanation:

The Internal Audit Association lists the following as key components of a database audit: Create an inventory of all database systems and use classifications. This should include production and test data. Keep it up-to-date. Classify data risk within the database systems. Monitoring should be prioritized for high, medium, and low risk data. Implement an access request process that requires database owners to authorize the "roles" granted to database accounts (roles as in Role Based Access and not the native database roles). Analyze access authority. Users with higher degrees of access permission should be under higher scrutiny, and any account for which access has been suspended should be monitored to ensure access is denieA, Dttempts are identified. Assess application coverage. Determine what applications have built-in controls, and prioritize database auditing accordingly. All privileged user access must have audit priority. Legacy and custom applications are the next highest priority to consider, followed by the packaged applications. Ensure technical safeguards. Make sure access controls are set properly. Audit the activities. Monitor data changes and modifications to the database structure, permission and user changes, and data viewing activities. Consider using network-based database activity monitoring appliances instead of native database audit trails. Archive, analyze, review, and report audit information. Reports to auditors and IT managers must communicate relevant audit information, which can be analyzed and reviewed to determine if corrective action is required. Organizations that must retain audit data for long-term use should archive this information with the ability to retrieve relevant data when needed. The first five steps listed are to be performed by the auditor manually. Answer B, D are incorrect. These tasks are best achieved by using an automated solution.

NEW QUESTION 5

You have just set up a wireless network for customers at a coffee shop. Which of the following are good security measures to implement? (Choose two)

• A. Using WPA encryption
• B. MAC filtering the router
• C. Not broadcasting SSID
• D. Using WEP encryption

Answer: AD

Explanation:

With either encryption method (WEP or WPA) you can give the password to customers who need it, and even change it frequently (daily if you like). So this won't be an inconvenience for customers.

NEW QUESTION 6

In which of the following is absolute size of frames expressed?

• A. Bits
• B. Percentage
• C. Inches
• D. Pixels

Answer: D

Explanation:

Absolute size of frames is expressed in pixels. Size is expressed in terms of the number of pixels in a frame. Therefore, a change in the screen area of a display device does not affect the absolute frame size of a Web page.

NEW QUESTION 7

You work as a Software Developer for UcTech Inc. You want to ensure that a class is informed whenever an attribute is added, removed, or replaced in a session. Which of the following is the event that you will use to accomplish the task?

• A. HttpSessionBindingEvent
• B. HttpAttributeEvent
• C. HttpSessionEvent
• D. HttpSessionAttributeEvent

Answer: A

Explanation:

To be informed whenever an attribute is added, removed, or replaced in a session, a class must have a method with HttpSessionBindingEvent as its attribute. The HttpSessionBindingEvent class extends the HttpSessionEvent class. The HttpSessionBindingEvent class is used with the following listeners: HttpSessionBindingListener: It notifies the attribute when it is bound or unbound from a session. HttpSessionAttributeListener: It notifies the class when an attribute is bound, unbound, or replaced in a session. The session binds the object by a call to the HttpSession.setAttribute() method and unbinds the object by a call to the HttpSession.removeAttribute() method. Answer C is incorrect. The HttpSessionEvent is associated with the HttpSessionListener interface and HttpSessionActivationListener.

NEW QUESTION 8

The employees of CCN Inc. require remote access to the company's proxy servers. In order to provide solid wireless security, the company uses LEAP as the authentication protocol. Which of the following is supported by the LEAP protocol?

• A. Dynamic key encryption
• B. Public key certificate for server authentication
• C. Strongest security level
• D. Password hash for client authentication

Answer: AD

Explanation:

LEAP can use only password hash as the authentication technique. Not only LEAP, but EAP-TLS, EAP-TTLS, and PEAP also support dynamic key encryption and mutual authentication. Answer C is incorrect. LEAP provides only a moderate level of security. Answer B is incorrect. LEAP uses password hash for server authentication.

NEW QUESTION 9

You work as a Java Programmer for JavaSkills Inc. You are working with the Linux operating system. Nowadays, when you start your computer, you notice that your OS is taking more time to boot than usual. You discuss this with your Network Administrator. He suggests that you mail him your Linux bootup report. Which of the following commands will you use to create the Linux bootup report?

• A. touch bootup_report.txt
• B. dmesg > bootup_report.txt
• C. dmesg | wc
• D. man touch

Answer: B

Explanation:

According to the scenario, you can use dmesg > bootup_report.txt to create the bootup file. With this command, the bootup messages will be displayed and will be redirected towards bootup_report.txt using the > command.

NEW QUESTION 10

John works as a Network Administrator for We-are-secure Inc. The We-are-secure server is based on Windows Server 2003. One day, while analyzing the network security, he receives an error message that Kernel32.exe is encountering a problem. Which of the following steps should John take as a countermeasure to this situation?

• A. He should download the latest patches for Windows Server 2003 from the Microsoft site, so that he can repair the kernel.
• B. He should restore his Windows settings.
• C. He should observe the process viewer (Task Manager) to see whether any new process is running on the computer or no
• D. If any new malicious process is running, he should kill that process.
• E. He should upgrade his antivirus program.

Answer: CD

Explanation:

In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.

NEW QUESTION 11

Which of the following statements is true about a relational database?

• A. It is difficult to extend a relational database.
• B. The standard user and application program interface to a relational database is Programming Language (PL).
• C. It is a collection of data items organized as a set of formally-described tables.
• D. It is a set of tables containing data fitted into runtime defined categories.

Answer: C

Explanation:

A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. Answer B is incorrect. The standard user and application program interface to a relational database is the structured query language (SQL). Answer A is incorrect. In addition to being relatively easy to create and access, a relational database has the important advantage of being easy to extend. Answer D is incorrect. A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns.

NEW QUESTION 12

Mark works as the Network Administrator for XYZ CORP. The company has a Unix-based network. Mark wants to scan one of the Unix systems to detect security vulnerabilities. To accomplish this, he uses TARA as a system scanner. What can be the reasons that made Mark use TARA?

• A. It has a very specific function of seeking paths to root.
• B. It is composed mostly of bash scripts
• C. It works on a wide variety of platforms.
• D. It is very modular.

Answer: BCD

Explanation:

Tiger Analytical Research Assistant (TARA) is a set of scripts that scans a Unix system for security problems. Following are the pros and cons of using TARA. Pros:
It is open source. It is very modular. It can work on a wide variety of platforms. It is composed mostly of bash scripts; hence, it can run on any Unix platform with little difficulty. Cons: It has a very specific function of seeking paths to root. Answer A is incorrect. It is a limitation of TARA that reduces its flexibility to be used for different purposes.

NEW QUESTION 13

Which of the following methods is used to get a cookie from a client? Note: Here, request is a reference of type HttpServletRequest, and response is a reference of type HttpServletResponse.

• A. Cookie [] cookies = request.getCookies();
• B. Cookie [] cookies = request.getCookie(String str)
• C. Cookie [] cookies = response.getCookie(String str)
• D. Cookie [] cookies = response.getCookies()

Answer: A

Explanation:

The getCookies() method of the HttpServletRequest interface is used to get the cookies from a client. This method returns an array of cookies. Answer B, C are incorrect. The getCookie(String str) method does not exist. Answer D is incorrect. The getCookies() method is present in the HttpServletRequest interface and not in the HttpServletResponse interface.

NEW QUESTION 14

An executive in your company reports odd behavior on her PDA. After investigation you discover that a trusted device is actually copying data off the PDA. The executive tells you that the behavior started shortly after accepting an e-business card from an unknown person. What type of attack is this?

• A. Session Hijacking
• B. Bluesnarfing
• C. Privilege Escalation
• D. PDA Hijacking

Answer: B

Explanation:

Bluesnarfing is a rare attack in which an attacker takes control of a bluetooth enabled device. One way to do this is to get your PDA to accept the attacker's device as a trusted device.

NEW QUESTION 15

Which of the following statements about session tracking is true?

• A. When using cookies for session tracking, there is no restriction on the name of the session tracking cookie.
• B. When using cookies for session tracking, the name of the session tracking cookie must be jsessionid.
• C. A server cannot use cookie as the basis for session tracking.
• D. A server cannot use URL rewriting as the basis for session tracking.

Answer: B

Explanation:
If you are using cookies for session tracking, the name of the session tracking cookie must be jsessionid. A jsessionid can be placed only inside a cookie header. You can use HTTP cookies to store information about a session. The servlet container takes responsibility of generating the session ID, making a new cookie object, associating the session ID into the cookie, and setting the cookie as part of response.

NEW QUESTION 16

The employees of EWS Inc. require remote access to the company's Web servers. In order to provide solid wireless security, the company uses EAP-TLS as the authentication protocol. Which of the following statements are true about EAP-TLS?

• A. It uses password hash for client authentication.
• B. It uses a public key certificate for server authentication.
• C. It is supported by all manufacturers of wireless LAN hardware and software.
• D. It provides a moderate level of security.

Answer: BC

Explanation:

EAP-TLS can use only a public key certificate as the authentication technique. It is supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP- TLS its authentication strength and illustrates the classic convenience vs. security trade-off. Answer D is incorrect. EAP-TLS provides the highest level of security. Answer A is incorrect. EAP-TLS uses a public key certificate for server authentication.

NEW QUESTION 17

You work as a Network Administrator for Blue Well Inc. The company has a TCP/IP-based routed network. Two segments have been configured on the network as shown below:

One day, the switch in Subnet B fails. What will happen?

• A. Communication between the two subnets will be affected.
• B. The whole network will collapse.
• C. Workstations on Subnet A will become offline
• D. Workstations on Subnet B will become offline.

Answer: AD

Explanation:

According to the question, the network is a routed network where two segments have been divided and each segment has a switch. These switches are connected to a common router. All workstations in a segment are connected to their respective subnet's switches. Failure of the switch in Subnet B will make all workstations connected to it offline. Moreover, communication between the two subnets will be affected, as there will be no link to connect to Subnet B.

NEW QUESTION 18

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?

• A. WEPCrack
• B. Kismet
• C. Snadboy's Revelation
• D. NetStumbler

Answer: B

Explanation:

According to the scenario, John will use Kismet. Kismet is a Linux-based 802.11 wireless network sniffer and intrusion detection system. It can work with any wireless card that supports raw monitoring (rfmon) mode. Kismet can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet can be used for the following tasks: To identify networks by passively collecting packets To detect standard named networks To detect masked networks
To collect the presence of non-beaconing networks via data traffic Answer D is incorrect. NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. It detects wireless networks and marks their relative position with a GPS. Answer A is incorrect. WEPCrack is an open source tool that breaks IEEE 802.11 WEP secret keys. Answer C is incorrect. Snadboy's Revelation is not a sniffer. It is used to see the actual password behind the asterisks.

NEW QUESTION 19

You have been assigned a project to develop a Web site for a construction company. You plan to develop a Web site and want to get more control over the appearance and presentation of the Web pages. You also want to increase your ability to precisely specify the position and appearance of the elements on a page and create special effects. You plan to use cascading style sheets (CSS). You want to define styles only for the active page. Which type of style sheet will you use?

• A. Embedded Style Sheet
• B. Inline Style Sheet
• C. Internal Style Sheet
• D. External Style Sheet

Answer: A

Explanation:

To define styles only for the active page you should use embedded style sheet. Cascading style sheets (CSS) are used so that the Web site authors can exercise greater control on the appearance and presentation of their Web pages. And also because they increase the ability to precisely point to the location and look of elements on a Web page and help in creating special effects. Cascading Style Sheets have codes, which are interpreteA, Dpplied by the browser on to the Web pages and their elements. There are three types of cascading style sheets. External Style Sheets Embedded Style Sheets Inline
Style Sheets External Style Sheets are used whenever consistency in style is required throughout a Web site. A typical external style sheet uses a .css file extension, which can be edited using a text editor such as a Notepad. Embedded Style Sheets are used for defining styles for an active page. Inline Style Sheets are used for defining individual elements of a page. Reference: TechNet, Contents: Microsoft Knowledgebase, February 2000 issue PSS ID Number: Q179628 You want to enable Host A to access the Internet. For this, you need to configure the default gateway settings. Choose the appropriate address to accomplish the task.

NEW QUESTION 20
......