701-750

Question 1

Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings.

Which of the following is the FIRST step of action recommended in this scenario?

Answer 1

C.

Code Review

Question 2

Which of the following is a penetration testing method?

Answer 2

D.

Calling the target’s helpdesk, requesting a password reset

Question 3

Which of the following would MOST likely involve GPS?

Answer 3

A.

Wardriving

Question 4

The system administrator is reviewing the following logs from the company web server:

12: 34:56 GET /directory_listing.php?user=admin&pass=admin1
12: 34:57 GET /directory_listing.php?user=admin&pass=admin2
12: 34:58 GET /directory_listing.php?user=admin&pass=1admin
12: 34:59 GET /directory_listing.php?user=admin&pass=2admin

Which of the following is this an example of?

Answer 4

D.

Online hybrid attack

Question 5

A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface.

Which of the following security techniques would be BEST suited for this?

Answer 5

C.

External vulnerability scan

Question 6

Which of the following attacks impact the availability of a system? (Choose two.)

Answer 6

A.
Smurf

D.
DDoS

Question 7

Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?

Answer 7

A.

Honeynet

Question 8

A computer is found to be infected with malware and a technician re-installs the operating system. The computer remains infected with malware. This is an example of:

Answer 8

B.

a MBR infection.

Question 9

A user has plugged in a wireless router from home with default configurations into a network jack at the office. This is known as:

Answer 9

C.

a rogue access point.

Question 10

Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal.

Which of the following kind of IDS is in use?

Answer 10

D.

Anomaly based

Question 11

A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack.

Which of the following could be utilized to provide protection from this type of attack?

Answer 11

C.

Configure flood guards on the switch.

Question 12

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information.

Which of the following controls can further secure the data in the central storage system?

Answer 12

A.

Data encryption

Question 13

Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system.

Which of the following does he need to estimate NEXT in order to complete his risk calculations?

Answer 13

A.

Vulnerabilities

Question 14

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation.

Which of the following is the MOST likely reason for the incident?

Answer 14

D.

Zero-day

Question 15

A security administrator must implement a network that is immune to ARP spoofing attacks.

Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?

Answer 15

B.

IPv6

Question 16

After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version.

Which of the following types of malware is the laptop MOST likely infected with?

Answer 16

A.

Ransomware

Question 17

An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet.

Which of the following is the reason the malicious user is able to intercept and see the clear text communication?

Answer 17

C.

The malicious user is able to capture the wired communication.

Question 18

Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?

Answer 18

D.

Rainbow tables

Question 19

Which of the following attacks involves the use of previously captured network traffic?

Answer 19

A.

Replay

Question 20

An attacker crafts a message that appears to be from a trusted source, but in reality it redirects the recipient to a malicious site where information is harvested. The message is narrowly tailored so it is effective on only a small number of victims.

Which of the following describes this?

Answer 20

A.

Spear phishing

Question 21

An administrator is instructed to disable IP-directed broadcasts on all routers in an organization.

Which of the following attacks does this prevent?

Answer 21

B.

Smurf

Question 22

An administrator has to determine host operating systems on the network and has deployed a transparent proxy.

Which of the following fingerprint types would this solution use?

Answer 22

D.

Passive

Question 23

An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time.

Which of the following could have aided the investigation?

Answer 23

A.

Testing controls

Question 24

Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:

Answer 24

D.

Fuzzing.

Question 25

Which of the following application security testing techniques is implemented when an automated system generates random input data?

Answer 25

A.

Fuzzing

Question 26

Which of the following security concepts identifies input variables which are then used to perform boundary testing?

Answer 26

D.

Fuzzing

Question 27

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

Answer 27

D.

Fuzzing

Question 28

A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability.

Which of the following should be implemented to accomplish this task?

Answer 28

B.

Fuzzing

Question 29

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions:

Answer 29

A.

Unexpected input

Question 30

Which of the following application security principles involves inputting random data into a program?

Answer 30

C.

Fuzzing

Question 31

An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?

Answer 31

C.

Fuzzing

Question 32

Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

Answer 32

B.

Application fuzzing

Question 33

Which of the following pseudocodes can be used to handle program exceptions?

Answer 33

C.
If program module crashes, then restart program module.

Question 34

Which of the following is an application security coding problem?

Answer 34

A.

Error and exception handling

Question 35

Sara, an application developer, implemented error and exception handling alongside input validation.

Which of the following does this help prevent?

Answer 35

A.

Buffer overflow

Question 36

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

Answer 36

C.

Error handling

Question 37

A program displays:

ERROR: this program has caught an exception and will now terminate.

Which of the following is MOST likely accomplished by the program’s behavior?

Answer 37

A.

Operating system’s integrity is maintained

Question 38

Which of the following is the best practice for error and exception handling?

Answer 38

A.

Log detailed exception but display generic error message

Question 39

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

Answer 39

D.

It should be performed on the server side.

Question 40

Which of the following is the below pseudo-code an example of?

IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

Answer 40

B.

Input validation

Question 41

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:

`Please only use letters and numbers on these fields’

Which of the following is this an example of?

Answer 41

B.

Proper input validation

Question 42

In regard to secure coding practices, why is input validation important?

Answer 42

A.

It mitigates buffer overflow attacks.

Question 43

Input validation is an important security defense because it:

Answer 43

A.

rejects bad or malformed data.

Question 44

Which of the following is a common coding error in which boundary checking is not performed?

Answer 44

A.

Input validation

Question 45

One of the most consistently reported software security vulnerabilities that leads to major exploits is:

Answer 45

D.

Poor input validation.

Question 46

Without validating user input, an application becomes vulnerable to all of the following EXCEPT:

Answer 46

C.

Spear phishing.

Question 47

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

Answer 47

A.

Input validation

Question 48

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to ____________. (Choose two.)

Answer 48

C.
validate and filter input on the server side and client side.

E.
restrict and sanitize use of special characters in input and URLs.

Question 49

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window:

Which of the following has MOST likely occurred?

Answer 49

C.

XSRF

Question 50

Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

Answer 50

A.

Check the referrer field in the HTTP header