- Email support@dumps4free.com
Topic 1: Exam Pool A
Code injection is a form of attack in which a malicious user:
A.
Inserts text into a data field that gets interpreted as code
B.
Gets the server to execute arbitrary code using a buffer overflow
C.
Inserts additional code into the JavaScript running in the browser
D.
Gains access to the codebase on the server and inserts new code
Inserts text into a data field that gets interpreted as code
Which of the following scanning method splits the TCP header into several packets and
makes it difficult for packet filters to detect the purpose of the packet?
A.
ICMP Echo scanning
B.
SYN/FIN scanning using IP fragments
C.
ACK flag probe scanning
D.
IPID scanning
SYN/FIN scanning using IP fragments
Steve, a scientist who works in a governmental security agency, developed a technological
solution to identify people based on walking patterns and implemented this approach to a
physical control access.
A camera captures people walking and identifies the individuals using Steve’s approach.
After that, people must approximate their RFID badges. Both the identifications are
required to open the door.
In this case, we can say:
A.
Although the approach has two phases, it actually implements just one authentication
factor
B.
The solution implements the two authentication factors: physical object and physical
characteristic
C.
The solution will have a high level of false positives
D.
Biological motion cannot be used to identify people
The solution implements the two authentication factors: physical object and physical
characteristic
You need to deploy a new web-based software package for your organization. The
package requires three separate servers and needs to be available on the Internet. What is
the recommended architecture in terms of server placement?
A.
All three servers need to be placed internally
B.
A web server facing the Internet, an application server on the internal network, a
database server on the internal network
C.
A web server and the database server facing the Internet, an application server on the
internal network
D.
All three servers need to face the Internet so that they can communicate between
themselves
A web server facing the Internet, an application server on the internal network, a
database server on the internal network
What type of analysis is performed when an attacker has partial knowledge of innerworkings
of the application?
A.
Black-box
B.
Announced
C.
White-box
D.
Grey-box
Grey-box
| Page 16 out of 147 Pages |
| Previous |