15 Jan Stateless
COM546 Advanced Penetration Testing
Module 8 Exam 4
Question 1 Which of the following is the interface that determines how a Web server passes data to a Web browser?
Question 1 options:
Perl
ASP
CGI
PHP
Question 2 Which type of vulnerabilities can result from a server accepting untrusted, unvalidated input?
Question 2 options:
redirection
spoofing
injection
insertion
Question 3 Which of the following is a programming interface for connecting a Web application to a database and defines technologies that allow applications, such as Word or Excel, to interact with the Web?
Question 3 options:
ADOSQL
ADO
SQL
SNAOLEDB
Question 4 Which of the following does Object Linking and Embedding Database (OLE DB) rely on that allows an application to access data stored on an external device?
Question 4 options:
connection strings
program strings
SQL strings
string interfaces
Question 5 Which specific type of tag do All CFML tags begin with?
Question 5 options:
#
CF
CFML
%
Question 6 Which of the following resources is an excellent starting point for security professionals when investigating VBScript vulnerabilities?
Question 6 options:
CVE Web site
CERT
Microsoft Security Bulletin
Macromedia security
Question 7 Which of the following refers to the flow a user is expected to follow in an application to accomplish a goal?
Question 7 options:
error handling
delay logic
client flow
business logic
Question 8 Adobe System’s ColdFusion uses its proprietary tags, which are written in which of the following languages?
Question 8 options:
XML
DHTML
PHP
CFML
Question 9 What is the specific act of checking a user’s privileges to understand if they should or should not have access to a page, field, resource, or action in an application?
Question 9 options:
authentication
authorization
auditing
discovery
Question 10 OLE DB relies on connection strings that enable the application to access the data stored on an external device.
Question 10 options:
True
False
Question 11 What type of modulation spreads data across a large-frequency bandwidth instead of traveling across just one frequency band?
Question 11 options:
Infrared (IR)
Narrowband
Spread spectrum
Microwave
Question 12 The 802.11 standard applies to the Physical layer of the OSI model, which deals with wireless connectivity issues of fixed, portable, and moving stations in a local area, and the Media Access Control (MAC) sublayer of which OSI model layer?
Question 12 options:
Network Link layer
Data Link layer
transport layer
session layer
Question 13 Which of the following terms is the rate at which a sound wave repeat?
Question 13 options:
frequency
amplitude
channel
link
Question 14 What standard specifically defines the process of authenticating and authorizing users on a network?
Question 14 options:
802.11
802.1
802.1X
WEP
Question 15 Which frequency band is used by commercial AM radio stations?
Question 15 options:
extremely low frequency (ELF)
very low frequency (VLF)
medium frequency (MF)
high frequency (HF)
Question 16 Which of the following is a flawed wireless authentication standard created to allow users to easily add devices to a wireless network securely?
Question 16 options:
WPS
WSS
WEP
AES
Question 17 What protocol improves WPA encryption by adding Message Integrity Checks, Extended Initialization Vectors, Per-packet key mixing, and a Re-keying mechanism to improve encryption?
Question 17 options:
WEP
TKIP
802.1X
RADIUS
Question 18 What type of encryption is currently used to secure WPA2?
Question 18 options:
Radius
TKIP
WEP
AES
Question 19 Which IEEE standard can achieve a throughput of 54 Mbps?
Question 19 options:
802.11b
802.11e
802.11g
802.11d
Question 20 In 802.11, which of the following is an addressable unit?
Question 20 options:
host
Data Terminal Equipment (DTE)
station (STA)
wireless NIC (WNIC)
Question 21 Asymmetric algorithms are more scalable than symmetric algorithms.
Question 21 options:
True
False
Question 22 Which function ensures that a sender and receiver cannot deny sending or receiving a specific message?
Question 22 options:
Authentication
Nonrepudiation
Availability
Integrity
Question 23 ECC is an efficient algorithm requiring few hardware resources, so it’s a perfect candidate for wireless devices and cell phones.
Question 23 options:
True
False
Question 24 When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?
Question 24 options:
brute force
replay
ciphertext-only
dictionary
Question 25 Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?
Question 25 options:
ciphered
single
asymmetric
symmetric
Question 26 Which of the following is a range of allowable values that is used to generate an encryption key?
Question 26 options:
algorithm area
key range
keyspace
keyarea
Question 27 In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?
Question 27 options:
chosen-ciphertext
chosen-plaintext
known plaintext
ciphertext-only
Question 28 What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?
Question 28 options:
brute force
replay
ciphertext-only
dictionary
Question 29 Which of the following is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking?
Question 29 options:
John the Ripper
Hydra (THC)
Pwdump3v2
EXPECT
Question 30 What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
Question 30 options:
chosen-ciphertext
chosen-plaintext
known plaintext
ciphertext-only
Question 31 What type of an IDS is being used when it does not take any action to stop or prevent an activity occurring?
Question 31 options:
dormant system
nondynamic system
passive system
active system
Question 32 Which type of device monitors a network’s hardware so that security administrators can identify attacks in progress and stop them?
Question 32 options:
Firewall
DMZ
Router
IDS
Question 33 A large organization that is responsible for sensitive or critical data may elect to create which of the following to do damage assessment, risk remediation, and legal consultation?
Question 33 options:
Security Information Center
Security Operations Center
Firewall Team
Security Event Team
Question 34 Which of the following sits between the Internet and the internal network and is sometimes referred to as a perimeter network?
Question 34 options:
firewall
DMZ
honeypot
IDS
Question 35 Which of the following is a computer placed on the network perimeter with the main goal of distracting hackers from attacking legitimate network resources?
Question 35 options:
IDS
router
honeypot
firewall
Question 36 Which IDS system uses a baseline of normal activity and then sends an alert if the activity deviates significantly from this baseline?
Question 36 options:
System-based IDS
Anomaly-based IDS
Host-based IDS
Network-based IDS
Question 37 When Web site visitors are involved in downloading malicious code without their knowledge, they may be unknowingly involved in what type of process?
Question 37 options:
drive-by download
Web download attack
Web filtering
download filtering
Question 38 What type of IDSs/IPSs monitors activity on network segments by sniffing traffic as it flows over the network and alerting a security administrator when something suspicious occurs?
Question 38 options:
Passive
Active
Network-based
Host-based
Question 39 Routers operate at the Network layer of the TCP/IP protocol stack.
Question 39 options:
True
False
Question 40 What type of packet filtering records session-specific information about a network connection, including the ports a client uses?
Question 40 options:
Stateful
Stateless
Static
Dynamic
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
Do you need help with this question?
Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.
WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.
With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Chat with us today! We are always waiting to answer all your questions.