Which of the following is most likely to pose a security threat to a Web server?
A. CGI scripts
B. Database connections
C. Flash or Silverlight animation files
D. LDAP servers
Irina has contracted with a company to provide Web design consulting services. The company has asked her to use several large files available via an HTTP server. The IT department has provided Irina with user name and password, as well as the DNS name of the HTTP server. She then used this information to obtain the files she needs to complete her task using Mozilla Firefox. Which of the following is a primary risk factor when authenticating with a standard HTTP server?
A. HTTP usescleartext transmission during authentication, which can lead to a man-in-the- middle attack.
B. Irina has used the wrong application for this protocol, thus increasing the likelihood of a man-in- the-middle attack.
C. A standard HTTP connection uses public-key encryption that is not sufficiently strong, inviting the possibility of a man-in-the-middle attack.
D. Irina has accessed the Web server using a non-standard Web browser.
You have discovered that the ls, su and ps commands no longer function as expected. They do not return information in a manner similar to any other Linux system. Also, the implementation of Tripwire you have installed on this server is returning new hash values. Which of the following has most likely occurred?
A. Atrojan has attacked the system.
B. A SQL injection attack has occurred.
C. A spyware application has been installed. D. A root kit has been installed on the system.
Which of the following is the most likely first step to enable a server to recover from a denial-of- service attack in which all hard disk data is lost?
A. Enable virtualization
B. Contact the backup service
C. Contact a disk recovery service
D. Rebuild your RAID 0 array
Which of the following standards is used for digital certificates?
A. DES
B. Diffie-Hellman
C. X.509
D. RC5
The best way to thwart a dictionary attack is by enforcing a:
A. strong password policy.
B. restricted access policy.
C. firewall configuration policy.
D. proxy server policy.
Which of the following details should be included in documentation of an attack?
A. An overview of the security policy and suggestions for the next response plan
B. Estimates of how much the attack cost the company, and a list of the applications used by the attacker
C. The time and date of the attack, and the names of employees who were contacted during the response
D. The network resources involved in the attack, and recommendations for thwarting future attacks
Which of the following describes the practice of stateful multi-layer inspection?
A. Using a VLAN on a firewall to enable masquerading of private IP addresses
B. Prioritizing voice and video data to reduce congestion
C. Inspecting packets in all layers of the OSI/RM with a packet filter
D. Using Quality of Service (QoS) on a proxy-oriented firewall
Which of the following applications can help determine whether a denial-of-service attack is occurring against a network host?
A. Thenetstat command and a packet sniffer
B. Theps command and a network scanner
C. The ping command and User Manager
D. Theiptables command and Windows desktop firewall
Consider the following image of a packet capture:


Which of the following best describes the protocol used, along with its primary benefit?
A. It is a passive FTP session, which is easier for firewalls to process.
B. It is an active FTP session, which is necessary in order to support IPv6.
C. It is an extended passive FTP session, which is necessary to support IPv6.
D. It is an active FTP session, which is supported by all FTP clients.