Day 1 1-38

Question 1

1.1 Which of these organizations regulates millions of web transactions every day, and provides guidelines for protecting PII (Personally Identifiable Information)?

A.Institute of Electrical and Electronics Engineers (IEEE)

B.Payment Card Industry (PCI)

C.International Security Industry Organization (ISIO)

D.Center for Disease Control (CDC)

Answer 1

B

Question 2

1.2 Which is the best description of a “Blind” SQL Injection vulnerability?

A. The request to the web server is not visible to the administrator of the vulnerable application.

B. The attack is called “Blind” because, although the application properly filters user input, it is still vulnerable to code injection.

C. The successful attack does not show an error message to the administrator of the affected application.

D. The vulnerable application does not display errors with information about the injection results to the attacker.

Answer 2

D

Question 3

1.3 What is the most common place that anti-virus programs check for viruses?

A. Boot Sector

B. Deleted Files

C. Windows Process List

D. Password Protected Files

Answer 3

A

Question 4

1.4 Which is the best way to sanitize user input before passing it to your back-end SQL server?

A. Validate web content input for query strings.

B. Validate web content input with scanning tools.

C. Validate web content input for type, length, and range.

D. Validate web content input for extraneous queries.

Answer 4

C

Question 5

1.5 What is it called when you can type

alert(“Gotchya, sucka!")

into a web page, and afterwards a pop-up box appears on the screen with the text: “Gotchya, sucka!”?

A. Buffer overflow

B. Cross-site request forgery

C. Distributed denial of service

D. Cross-site scripting

Answer 5

D

Question 6

1.6 What is it called when you reduce the attack surface of a system by uninstalling all un-necessary software and services, and install all patches and updates?

A. Stealthing

B. Hardening

C. Windowing

D. Harvesting

Answer 6

B

Question 7

1.7 Which tool would you use to comply with PCI Requirement 11?

A. Truecrypt

B. Sub7

C. Nessus

D. Clamwin

Answer 7

C

Question 8

1.8 Which type of attack can be mitigated by using several layers of anti-virus defense, such as mail-server and desktop anti-virus scanning?

A. Forensic attack

B. ARP spoofing attack

C. Social engineering attack

D. Scanning attack

Answer 8

C

Question 9

1.9 Which condition would make a web application vulnerable to Cross-Site Request Forgery (CSRF)?

A. The victim user must open the malicious link with an Internet Explorer prior to version 8.

B. The session cookies generated by the application do not have the HttpOnly flag set.

C. The victim user must open the malicious link with a Firefox prior to version 3.

D. The web application does not use random tokens.

Answer 9

D

Question 10

1.10 What is the standard that provides testing labs with a set of requirements for evaluating IT products?

A. Blue Book

B. ISO 26029

C. Common Criteria

D. The Wassenaar Agreement

Answer 10

C

Question 11

1.11 How often does the Payment Card Industry Data Security Standard (PCI-DSS) require companies to perform penetration testing?

A. At least once a year and after any significant upgrade or modification

B. At least once every three years or after any significant upgrade or modification

C. At least twice a year or after any significant upgrade or modification

D. At least once every two years and after any significant upgrade or modification

Answer 11

A

Question 12

1.12 What service does the Open Web Application Security Project (OWASP) provide to help us secure our web applications?

A. An extensible security framework named COBIT

B. A list of flaws and how to fix them

C. Web application patches

D. A security certification for hardened web applications

Answer 12

B

Question 13

1.13 If you want to see if a web site is vulnerable to SQL injection attacks, what is the first character you should use?

A. Semicolon

B. Single quote

C. Exclamation mark

D. Double quote

Answer 13

B

Question 14

1.14 Which of the following laws requires the CEO to sign statements verifying the accuracy and completeness of corporate financial reports?

A. Sarbanes-Oxley Act (SOX)

B. Gramm-Leach-Bliley Act (GLBA)

C. Fair and Accurate Credit Transactions Act (FACTA)

D. Federal Information Security Management Act (FISMA)

Answer 14

A

Question 15

1.15 Which type of access control do routers and firewalls use to control network access?

A. Mandatory

B. Discretionary

C. Rule-based

D. Role-based

Answer 15

C

Question 16

1.16 Which of these would be best for determining if your company would benefit from user-awareness training?

A. Vulnerability scanning

B. Social engineering

C. Application security testing

D. Network sniffing

Answer 16

B

Question 17

1.17 To ensure that updates to polices and procedures are made in an organized and controlled manner, you would employ which of these?

A. Regulatory compliance

B. Peer review

C. Change management

D. Penetration testing

Answer 17

C

Question 18

1.18 The Open Source Security Testing Methodology Manual (OSSTMM) recognizes which of these types of compliance?

A. Legal, performance, audit

B. Audit, standards based, regulatory

C. Contractual, regulatory, industry

D. Legislative, contractual, standards based

Answer 18

D

Question 19

1.19 Which of these is an OWASP (Open Web Application Security Project) learning tool comprised of a web application with many known web vulnerabilities?

A. WebBugs

B. WebGoat

C. VULN_HTML

D. WebScarab

Answer 19

B

Question 20

1.20 Which of these describes the way in which a Boot Sector Virus works?

A. Moves the MBR to another location on the RAM and copies itself to the original location of the MBR

B. Moves the MBR to another location on the hard disk and copies itself to the original location of the MBR

C. Modifies directory table entries so that directory entries point to the virus code instead of the actual program

D. Overwrites the original MBR and only executes the new virus code

Answer 20

B

Question 21

1.21 Which is the most efficient/best way to exfiltrate data past your corporate security controls?

A. a bypass regulator

B. steganography

C. a covert channel

D. asymmetric routing

Answer 21

C

Question 22

1.22 A risk assessment must include which of these?

A. Physical security

B. Administrative safeguards

C. DMZ

D. Logical interface

Answer 22

B

Question 23

1.23 What is the best reason that a stored biometric is vulnerable to being attacked?

A. The digital representation of the biometric might not be unique, even if the physical characteristic is unique.

B. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.

C. A stored biometric is no longer “something you are” and instead becomes “something you have”.

D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.

Answer 23

D

Question 24

1.24 Which activities are often used in a risk assessment?

A. Threat identification, vulnerability identification, control analysis

B. Threat identification, response identification, mitigation identification

C. Attack profile, defense profile, loss profile

D. System profile, vulnerability identification, security determination

Answer 24

A

Question 25

1.25 Which approach involves senior-management condoning and supporting the project?

A. A bottom-up approach

B. A top-down approach

C. A senior creation approach

D. An IT assurance approach

Answer 25

B

Question 26

1.26 The term ROSI refers to which of the following?

A. It is a made up term

B. Reach Out for Security Improvement

C. Return on Security Investment

D. Respond Onsight to System Incidents

Answer 26

C

Question 27

1.27 If you are worried about unknowingly hiring a corporate spy from your competitors, what is the best way to protect yourself?

A. It is impossible to block these attacks

B. Hire the people through third-party job agencies who will check them for you

C. Conduct thorough background checks

D. Investigate their social networking profiles

Answer 27

C

Question 28

1.28 A customer is prompted to enter his first and last name into a field on a web page. The query created would then look like this:

SELECT* FROM CustTable WHERE Username = ‘Bob Smith’

How would you delete CustTable from the database using SQL Injection?

A. Bob Smith’; drop table CustTable –

B. Delete table’blah’; CustTable –

C. EXEC; SELECT * CustTable > DROP –

D. cmdshell’; ‘del c:\sql\mydb\CustTable’ //

Answer 28

A

Question 29

1.29 What is it called when you perform a SQL injection attack, but you can’t see the results?

A. Unique SQL Injection

B. Blind SQL Injection

C. Generic SQL Injection

D. Double SQL Injection

Answer 29

B

Question 30

1.30 Buffer Overflow attacks involve which of these registers?

A. EEP

B. ESP

C. EAP

D. EIP

Answer 30

D

Question 31

1.31 Which is the best description of war dialing?

A. War dialing involves the use of a program in conjunction with a modem to penetrate the modem/PBX-based systems

B. War dialing is a vulnerability scanning technique that penetrates Firewalls

C. It is a social engineering technique that uses Phone calls to trick victims

D. Involves IDS Scanning Fragments to bypass Internet filters and stateful Firewalls

Answer 31

A

Question 32

1.32 What is the difference between OSSTMM (Open Source Security Testing Methodology Manual) and OWASP (Open Web Application Security Project)?

A. OWASP is for web applications and OSSTMM does not include web applications.

B. OSSTMM is gray box testing and OWASP is black box testing.

C. OWASP addresses controls and OSSTMM does not.

D. OSSTMM addresses controls and OWASP does not.

Answer 32

A

Question 33

1.33 How do you perform a CSPP attack (Connection String Parameter Pollution)?

A. Injecting parameters into a connection string using semicolons as a separator

B. Inserting malicious Javascript code into input parameters

C. Setting a user’s session identifier (SID) to an explicit known value

D. Adding multiple parameters with the same name in HTTP requests

Answer 33

A

Question 34

1.34 When assessing risks, what information will be gained by an IT system analysis?

A. Management buy-in

B. Threat statement

C. Security architecture

D. Impact analysis

Answer 34

C

Question 35

1.35 Which of these is a valid risk management technique?

A. Reject the risk.

B. Deny the risk.

C. Mitigate the risk.

D. Initiate the risk.

Answer 35

C

Question 36

1.36 Which is the greatest risk to your corporate network?

A. black hat hackers

B. grey hat hackers

C. disgruntled employees

D. script kiddies

Answer 36

C

Question 37

1.37 What type of virus wakes up once a month and executes code?

A. Cavity Virus

B. Macro Virus

C. Boot Sector Virus

D. Metamorphic Virus

E. Sparse Infector Virus

Answer 37

E

Question 38

1.38 An attacker befriends an employee under false pretenses, then later steals and uses that employee’s access badge to gain access to the corporate office building. What type of insider threat would the attacker be considered?

A.He is considered an Insider Affiliate.

B.Because he does not have any legal access himself, he is considered an Outside Affiliate.

C.He is an Insider Associate because he befriended an actual employee.

D.Since he gained access with a legitimate company badge, he is considered a Pure Insider.

Answer 38

A