Which of the following processes evaluates the adherence of an organization to its stated security policy?
You are trying to hijack a telnet session from a victim machine with IP address 10.0.0.5 to Cisco router at 10.0.0.1. You sniff the traffic and attempt to predict the sequence and acknowledgement numbers to successfully hijack the telnet session.
Here is the captured data in tcpdump.
What are the next sequence and acknowledgement numbers that the router will send to the victim machine?
Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?
A majority of attacks come from insiders, people who have direct access to a company's computer system as part of their job function or a business relationship. Who is considered an insider?
Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?
What are the three types of authentication?
Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)
Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?
During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?
A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)
In the context of password security, a simple dictionary attack involves loading a dictionary file (a text file full of dictionary words) into a cracking application such as L0phtCrack or John the Ripper, and running it against user accounts located by the application. The larger the word and word fragment selection, the more effective the dictionary attack is. The brute force method is the most inclusive, although slow. It usually tries every possible letter and number combination in its automated exploration.
If you would use both brute force and dictionary methods combined together to have variation of words, what would you call such an attack?
Which of the following display filters will you enable in Ethereal to view the three-way handshake for a connection from host 192.168.0.1?
What is the goal of a Denial of Service Attack?
How would you describe a simple yet very effective mechanism for sending and receiving unauthorized information or data between machines without alerting any firewalls and IDS's on a network?
John wishes to install a new application onto his Windows 2000 server.
He wants to ensure that any application he uses has not been Trojaned.
What can he do to help ensure this?
What is the proper response for a NULL scan if the port is open?
As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security? Select the best answers.
Fingerprinting an Operating System helps a cracker because:
Assuring two systems that are using IPSec to protect traffic over the internet, what type of general attack could compromise the data?
PDF + Testing Engine
|
---|
$66 |
Testing Engine
|
---|
$50 |
PDF (Q&A)
|
---|
$42 |
GAQM Free Exams |
---|
![]() |