NEW QUESTION 1

Which of the following statements about the <web-resource-collection> element are true?

• A. It has <web-resource-name> as one of its sub-elements.
• B. If there is no <http-method> sub-element, no HTTP method will be constrained.
• C. It can have at the most one <url-pattern> sub-element.
• D. It is a sub-element of the <security-constraint> element.

Answer: AD

Explanation:

The <web-resource-collection> element is a sub-element of the <security-
constraint> element and specifies the resources that will be constrained. Each <security- constraint> element should have one or more <web-resource-collection> sub-elements. The syntax of the <web-resource-collection> element is as follows: <security-constraint>
<web-resource-collection> <web-resource-name>ResourceName</web-resource-name>
<http-method>GET</http-method> <url-pattern>PatternName</url-pattern> </web- resource-collection> </security-constraint> The sub-elements of the <web-resource- collection> element are as follows: <web-resource-name>: This mandatory sub-element is the name of the Web resource collection. <description>: This is an optional sub-element that specifies a text description of the current security constraint. <http-method>: This optional sub-element specifies HTTP methods that are constrained. <url-pattern>: This sub-element specifies the URL to which the security constraint applies. There should be atleast one url-pattern element; otherwise, the <web-resource-collection> will be ignored. Answer C is incorrect. The <web-resource-collection> element can have any number of
<url-pattern> sub-elements. Answer B is incorrect. If there is no <http-method> sub- element, no HTTP methods will be allowed.

NEW QUESTION 2

Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?

• A. Protective controls
• B. Reactive controls
• C. Detective controls
• D. Preventive controls

Answer: C

Explanation:

Audit trail or audit log comes under detective controls. Detective controls are the audit controls that are not needed to be restricted. Any control that performs a monitoring activity can likely be defined as a Detective Control. For example, it is possible that mistakes, either intentional or unintentional, can be made. Therefore, an additional Protective control is that these companies must have their financial results audited by an independent Certified Public Accountant. The role of this accountant is to act as an auditor. In fact, any auditor acts as a Detective control. If the organization in question has not properly followed the rules, a diligent auditor should be able to detect the deficiency which indicates that some control somewhere has failed. Answer B is incorrect. Reactive or corrective controls typically work in response to a detective control, responding in such a way as to alert or otherwise correct an unacceptable condition. Using the example of account rules, either the internal Audit Committee or the SEC itself, based on the report generated by the external auditor, will take some corrective action. In this way, they are acting as a Corrective or Reactive control. Answer A, D are incorrect. Protective or preventative controls serve to proactively define and possibly enforce acceptable behaviors. As an example, a set of common accounting rules are defined and must be followed by any publicly traded company. Each quarter, any particular company must publicly state its current financial standing and accounting as reflected by an application of these rules. These accounting rules and the SEC requirements serve as protective or preventative controls.

NEW QUESTION 3

You work as a Database Administrator for BigApple Inc. The Company uses Oracle as its database. You enabled standard database auditing. Later, you noticed that it has a huge impact on performance of the database by generating a large amount of audit data. How will you keep control on this audit data?

• A. By implementing principle of least privilege.
• B. By removing some potentially dangerous privileges.
• C. By setting the REMOTE_LOGIN_PASSWORDFILE instance parameter to NONE.
• D. By limiting the number of audit records generated to only those of interest.

Answer: D

Explanation:

Auditing is the process of monitoring and recording the actions of selected users in a database. Auditing is of the following types: Mandatory auditing Standard auditing Fine-grained auditing By focusing the audits as narrow as possible, you will get audit records for events that are of significance. If it is possible then try doing audit by session, not by access. When auditing a database the SYS.AUD$ table may grow many
gigabytes. You may delete or truncate it periodically to control the load of audit data. minimum set of privileges that are just sufficient to accomplish their requisite roles, so that even if the users try, they cannot perform those actions that may critically endanger the safety of data in the event of any malicious attacks. It is important to mention that some damage to data may still be unavoidable. Therefore, after identifying the scope of their role, users are allocated only those minimal privileges just compatible with that role. This helps in minimizing the damage to data due to malicious attacks. Grant of more privileges than necessary may make data critically vulnerable to malicious exploitation. The principle of least privilege is also known as the principle of minimal privilege and is sometimes also referred to as POLA, an abbreviation for the principle of least authority. The principle of least privilege is implemented to enhance fault tolerance, i.e. to protect data from malicious attacks. While applying the principle of least privilege, one should ensure that the parameter 07_DICTIONARY_ACCESSIBILITY in the data dictionary is set to FALSE, and revoke those packages and roles granted to a special pseudo-user known as Public that are not necessary to perform the legitimate actions, after reviewing them. This is very important since every user of the database, without exception, is automatically allocated the Public pseudo-user role. Some of the packages that are granted to the special pseudo- user known as Public are as follows: UTL_TCP UTL_SMTP UTL_HTTP UTL_FILE REMOTE_LOGIN_PASSWORDFILE is an initialization parameter used to mention whether or not Oracle will check for a password file and by which databases a password file can be used. The various properties of this initialization parameter are as follows: Parameter type: String Syntax: REMOTE_LOGIN_PASSWORDFILE = {NONE | SHARED | EXCLUSIVE}
Default value: NONE Removing some potentially dangerous privileges is a security option. All of the above discussed options are security steps and are not involved in standard database auditing.

NEW QUESTION 4

You work as a Network Analyst for XYZ CORP. The company has a Unix-based network. You want to view the directories in alphabetical order. Which of the following Unix commands will you use to accomplish the task?

• A. cat
• B. chmod
• C. cp
• D. ls

Answer: D

Explanation:

In Unix, the ls command is used to view the directories in alphabetical order. Answer A is incorrect. In Unix, the cat command in Unix is used to create or display short files. Answer B is incorrect. In Unix, the chmod command is used to change permissions. Answer C is incorrect. In Unix, the cp command is used for copying files.

NEW QUESTION 5

Data mining is a process of sorting through data to identify patterns and establish relationships. Which of the following data mining parameters looks for patterns where one event is connected to another event?

• A. Sequence or path analysis
• B. Forecasting
• C. Clustering
• D. Association

Answer: D

Explanation:

Data mining is a process of sorting through data to identify patterns and establish relationships. Following are the data mining parameters: Association: Looking for patterns where one event is connected to another event. Sequence or path analysis: Looking for patterns where one event leads to another later event. Classification: Looking for new patterns (may result in a change in the way the data is organized but is acceptable). Clustering: Finding and visually documenting groups of facts not previously known. Forecasting: Discovering patterns in data that can lead to reasonable predictions about the future (This area of data mining is known as predictive analytics).

NEW QUESTION 6

You work as a Desktop Support Technician for XYZ CORP. The company uses a Windows-based network comprising 50 Windows XP Professional computers. You want to
include the Safe Mode with Command Prompt feature into the boot.ini file of a Windows XP Professional computer. Which of the following switches will you use?

• A. /safeboot:network /sos /bootlog /noguiboot
• B. /safeboot:minimal /sos /bootlog /noguiboot
• C. /safeboot:minimal(alternateshell) /sos /bootlog /noguiboot
• D. /safeboot:dsrepair /sos

Answer: C

Explanation:

Safe-mode boot switches are used in the Windows operating systems to use the afe-mode boot feature. To use this feature the user should press F8 during boot. These modes are available in the Boot.ini file. Users can also automate the boot process using this feature. Various switches used for various modes are given below:

NEW QUESTION 7

Which of the following security policies will you implement to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs? (Choose two)

• A. Using personal firewall software on your Laptop.
• B. Using a protocol analyzer on your Laptop to monitor for risks.
• C. Using portscanner like nmap in your network.
• D. Using an IPSec enabled VPN for remote connectivity.

Answer: AD

Explanation:

According to the scenario, you want to implement a security policy to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs. For this, you will use the following two options:
* 1. Using IPSec enabled VPN for remote connectivity: Internet Protocol Security (IPSec) is a
standard-based protocol that provides the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password.
* 2. Using personal firewall software on your Laptop: You can also create a firewall rule to block malicious packets so that you can secure your network. Answer C is incorrect. Portscanner is used for scanning port and tells which ports are open. However, this tool is very much useful in information gathering step of the attacking process, it cannot be used to protect a WLAN network. Answer B is incorrect. You cannot use the packet analyzer to protect your network. Packet analyzer is used to analyze data packets flowing in the network.

NEW QUESTION 8

In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a DNS zone transfer?

• A. DSniff
• B. Dig
• C. Host
• D. NSLookup

Answer: BCD

Explanation:

An attacker can use Host, Dig, and NSLookup to perform a DNS zone transfer. Answer A is incorrect. DSniff is a sniffer that can be used to record network traffic. Dsniff is a set of tools that are used for sniffing passwords, e-mail, and HTTP traffic. Some of the tools of Dsniff include dsniff, arpredirect, macof, tcpkill, tcpnice, filesnarf, and mailsnarf. Dsniff is highly effective for sniffing both switched and shared networks. It uses the arpredirect and macof tools for switching across switched networks. It can also be used to capture authentication information for FTP, telnet, SMTP, HTTP, POP, NNTP, IMAP, etc.

NEW QUESTION 9

Adam works on a Linux system. He is using Sendmail as the primary application to transmit e-mails. Linux uses Syslog to maintain logs of what has occurred on the system. Which of the following log files contains e-mail information such as source and destination IP addresses, date and time stamps etc?

• A. /var/log/mailog
• B. /var/log/logmail
• C. /log/var/mailog
• D. /log/var/logd

Answer: A

Explanation:

/var/log/mailog ?le generally contains the source and destination IP addresses, date and time stamps, and other information that may be used to check the information contained within an e-mail header. Linux uses Syslog to maintain logs of what has occurred on the system. The configuration file /etc/syslog.conf is used to determine where the Syslog service (Syslogd) sends its logs. Sendmail can create event messages and is usually configured to record the basic information such as the source and destination addresses, the sender and recipient addresses, and the message ID of e-mail. The syslog.conf will display the location of the log file for e-mail. Answer B, C, D are incorrect. All these files are not valid log files.

NEW QUESTION 10

Which of the following are the goals of risk management? (Choose three)

• A. Identifying the risk
• B. Assessing the impact of potential threats
• C. Finding an economic balance between the impact of the risk and the cost of the countermeasure
• D. Identifying the accused

Answer: ABC

Explanation:

There are three goals of risk management as follows: Identifying the risk Assessing the impact of potential threats Finding an economic balance between the impact of the risk and the cost of the countermeasure Answer D is incorrect. Identifying the accused does not come under the scope of risk management.

NEW QUESTION 11

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is configuring the Apache Web server settings. He does not want the commands being used in the settings to be stored in the history. Which of the following commands can he use to disable history?

• A. history !!
• B. set +o history
• C. history !N
• D. set -o history

Answer: B

Explanation:

According to the scenario, John can use the set +o history command to disable history. Answer D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history.
Answer A is incorrect. John cannot use the history !! command to accomplish his task. This command is used to see the most recently typed command. Answer C is incorrect. John cannot use the history !N command to accomplish his task. This command is used to display the Nth history command.

NEW QUESTION 12

Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?

• A. Tiny
• B. NetBus
• C. Trojan Man
• D. EliteWrap

Answer: C

Explanation:

The Trojan Man is a Trojan wrapper that not only combines two programs, but also encrypts the resulting package in an attempt to foil antivirus programs.

NEW QUESTION 13

Patricia joins XYZ CORP., as a Web Developer. While reviewing the company's Web site, she finds that many words including keywords are misspelled. How will this affect the Web site traffic?

• A. Leave a bad impression on users.
• B. Search engine relevancy may be altered.
• C. Link exchange with other sites becomes difficult.
• D. The domain name cannot be registered.

Answer: B

Explanation:

Web site traffic depends upon the number of users who are able to locate a Web site. Search engines are one of the most frequently used tools to locate Web sites. They perform searches on the basis of keywords contained in the Web pages of a Web site. Keywords are simple text strings that are associated with one or more topics of a Web page. Misspelled keywords prevent Web pages from being displayed in the search results.

NEW QUESTION 14

You work as a Software Developer for UcTech Inc. You want to create a new session. Which of the following methods can you use to accomplish the task?

• A. getNewSession(true)
• B. getSession(false)
• C. getSession()
• D. getSession(true)
• E. getNewSession()

Answer: CD

Explanation:
The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new session if no session exists. The method has two syntaxes as follows: public HttpSession getSession(): This method creates a new session if it does not exist. public HttpSession getSession(boolean create): This method becomes similar to the above method if create is true, and returns the current session if create is false. It returns null if no session exists. Answer B is incorrect. The getSession(false) method returns a pre-existing session. It returns null if the client has no session associated with it.

NEW QUESTION 15

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to allow direct access to the filesystems data structure. Which of the following Unix commands can you use to accomplish the task?

• A. debugfs
• B. dosfsck
• C. du
• D. df

Answer: A

Explanation:

In Unix, the debugfs command is used to allow direct access to the filesystems data structure. Answer D is incorrect. In Unix, the df command shows the disk free space on one or more filesystems. Answer B is incorrect. In Unix, the dosfsck command checks and repairs MS-Dos filesystems. Answer C is incorrect. In Unix, the du command shows how much disk space a directory and all its files contain.

NEW QUESTION 16

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against .

• A. NetBIOS NULL session
• B. DNS zone transfer
• C. IIS buffer overflow
• D. SNMP enumeration

Answer: C

Explanation:
Removing the IPP printing capability from a server is a good countermeasure against an IIS buffer overflow attack. A Network Administrator should take the following steps to prevent a Web server from IIS buffer overflow attacks: Conduct frequent scans for server vulnerabilities. Install the upgrades of Microsoft service packs. Implement effective firewalls. Apply URLScan and IISLockdown utilities. Remove the IPP printing capability. Answer B is incorrect. The following are the DNS zone transfer countermeasures: Do not allow DNS zone transfer using the DNS property sheet:
* a. Open DNS.
* b. Right-click a DNS zone and click Properties.
* c. On the Zone Transfer tab, clear the Allow zone transfers check box.
Configure the master DNS server to allow zone transfers only from secondary DNS servers:
* a. Open DNS.
* b. Right-click a DNS zone and click Properties.
* c. On the zone transfer tab, select the Allow zone transfers check box, and then do one of the following:
To allow zone transfers only to the DNS servers listed on the name servers tab, click on the Only to the servers listed on the Name Server tab. To allow zone transfers only to specific DNS servers, click Only to the following servers, and add the IP address of one or more servers. Deny all unauthorized inbound connections to TCP port 53. Implement DNS keys and encrypted DNS payloads. Answer D is incorrect. The following are the countermeasures against SNMP enumeration:
* 1. Removing the SNMP agent or disabling the SNMP service
* 2. Changing the default PUBLIC community name when 'shutting off SNMP' is not an option
* 3. Implementing the Group Policy security option called Additional restrictions for anonymous connections
* 4. Restricting access to NULL session pipes and NULL session shares
* 5. Upgrading SNMP Version 1 with the latest version 6.Implementing Access control list filtering to allow only access to the read-write community from approved stations or subnets Answer A is incorrect.
NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the infrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities: 1.Removing the SNMP agent or disabling the SNMP service 2.Changing the default PUBLIC community name when 'shutting off SNMP' is not an option 3.Implementing the Group Policy security option called Additional restrictions for anonymous connections 4.Restricting access to NULL session pipes and NULL session shares 5.Upgrading SNMP Version 1 with the latest version 6.Implementing
Access control list filtering to allow only access to the read-write community from approved stations or subnets nswer option A is incorrect. NetBIOS NULL session vulnerabilities are hard to prevent, especially if NetBIOS is needed as part of the nfrastructure. One or more of the following steps can be taken to limit NetBIOS NULL session vulnerabilities:
* 1. Null sessions require access to the TCP 139 or TCP 445 port, which can be disabled by a Network Administrator.
* 2. A Network Administrator can also disable SMB services entirely on individual hosts by unbinding WINS Client TCP/IP from the interface.
* 3. A Network Administrator can also restrict the anonymous user by editing the registry values:
* a.Open regedit32, and go to HKLM\SYSTEM\CurrentControlSet\LSA. b.Choose edit > add value. Value name: RestrictAnonymous Data Type: REG_WORD Value: 2

NEW QUESTION 17

You work as a Network Administrator for XYZ CORP. The company has a Linux-based network. The company needs to provide secure network access. You have configured a firewall to prevent certain ports and applications from forwarding the packets to the company's intranet. What does a firewall check to prevent these ports and applications
from forwarding the packets to the intranet?

• A. The network layer headers and the session layer port numbers
• B. The application layer port numbers and the transport layer headers
• C. The transport layer port numbers and the application layer headers
• D. The presentation layer headers and the session layer port numbers

Answer: C

Explanation:
A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer D, A, and B are incorrect. These are not checked by a firewall.

NEW QUESTION 18

In which of the following social engineering attacks does an attacker first damage any part
of the target's equipment and then advertise himself as an authorized person who can help fix the problem.

• A. Reverse social engineering attack
• B. Impersonation attack
• C. Important user posing attack
• D. In person attack

Answer: A

Explanation:

A reverse social engineering attack is a person-to-person attack in which an attacker convinces the target that he or she has a problem or might have a certain problem in the future and that he, the attacker, is ready to help solve the problem. Reverse social engineering is performed through the following steps: An attacker first damages the target's equipment. He next advertises himself as a person of authority, ably skilled in solving that problem. In this step, he gains the trust of the target and obtains access to sensitive information.
If this reverse social engineering is performed well enough to convince the target, he often calls the attacker and asks for help. Answer B, C, D are incorrect. Person-to-Person social engineering works on the personal level. It can be classified as follows: Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's friend, a repairman, or a delivery person. In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker. Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works because there is a common belief that it is not good to question authority. Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This works because people believe that most people are good and they are being truthful about what they are saying.

NEW QUESTION 19
......