Which one of the following acts related to the information security in the US fix the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting?
Answer : B
TCP/IP model isa framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. This functionality has been organized into four abstraction layers which are used to sort all related protocols according to the scope of networking involved.
Answer : C
A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.
Answer : C
In the process of hacking a web application, attackers manipulate the HTTP requests to subvert the application authorization schemes by modifying input fields that relate to the user ID, username, access group, cost, file names, file identifiers,etc. They first access the web application using a low privileged account and then escalate privileges to access protected resources. What attack has been carried out?
Answer : B
Reference:http://luizfirmino.blogspot.com/2011_09_01_archive.html(see authorization attack)
DMZ is a network designed to give the public access to the specific internal resources and you might want to do the same thing for guests visiting organizations without compromising the integrity of the internal resources. In general, attacks on the wireless networks fall into four basic categories. Identify the attacks that fall under Passive attacks category.(Select all that apply)
Answer : A
Identify the policy that defines the standards for the organizational network connectivity and security standards for computers that are connected in the organizational network.
Answer : C
Packet filtering firewalls are usually a part of a router. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded.
Depending on the packet and the criteria, the firewall can:
i)Drop the packet
ii)Forward it or send a message to the originator
Answer : D
Reference:http://books.google.com.pk/books?id=KPjLAyA7HgoC&pg=PA208&lpg=PA208& dq=At+which+level+of+the+OSI+model+do+the+packet+filtering+firewalls+work&source=bl
&ots=zRrbcmY3pj&sig=I3vuS3VA7r-
3VF8lC6xq_c_r31M&hl=en&sa=X&ei=wMcfVMetI8HPaNSRgPgD&ved=0CC8Q6AEwAg#v
=onepage&q=At%20which%20level%20of%20the%20OSI%20model%20do%20the%20pa cket%20filtering%20firewalls%20work&f=false(packet filters)
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the Active Directory database in domains. Passwords are never stored in clear text; passwords are hashed and the results are stored in the SAM.
NTLM and LM authentication protocols are used to securely store a user's password in the
SAM database using different hashing methods.
Answer : A
During the process of fingerprinting a web application environment, what do you need to do in order to analyze HTTP and HTTPS request headers and the HTML source code?
Answer : D
John, a penetration tester, was asked for a document that defines the project, specifies goals, objectives, deadlines, the resources required, and the approach of the project.
Which of the following includes all of these requirements?
Answer : A
Explanation: Rfere -
http://books.google.com.pk/books?id=7dwEAAAAQBAJ&pg=SA4-PA14&lpg=SA4-
PA14&dq=penetration+testing+document+that+defines+the+project,+specifies+goals,+obje ctives,+deadlines,+the+resources+required,+and+the+approach+of+the+project&source=b l&ots=SQCLHNtthN&sig=kRcccmtDtCdZgB7hASShxSRbfOM&hl=en&sa=X&ei=hyMfVOKz
GYvmarvFgaAL&ved=0CB0Q6AEwAA#v=onepage&q=penetration%20testing%20docume nt%20that%20defines%20the%20project%2C%20specifies%20goals%2C%20objectives%
2C%20deadlines%2C%20the%20resources%20required%2C%20and%20the%20approac h%20of%20the%20project&f=false
Black-box testing is a method of software testing that examines the functionality of an application (e.g. what the software does) without peering into its internal structures or workings. Black-box testing is used to detect issues in SQL statements and to detect SQL injection vulnerabilities.
Answer : D
Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?
Answer : C
Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?
Answer : A
Which of the following protocols cannot be used to filter VoIP traffic?
Answer : D
From where can clues about the underlying application environment can be collected?
Answer : A
Explanation:
QUESTIONNO: 16 -
Which of the following information gathering techniques collects information from an organizations web-based calendar and email services?
A. Anonymous Information Gathering
B. Private Information Gathering
C. Passive Information Gathering
D. Active Information Gathering -
Answer:D -
Reference:http://luizfirmino.blogspot.com/2011/09/footprinting-terminologies.html