- Email support@dumps4free.com
Topic 1: Exam Pool A
PGP, SSL, and IKE are all examples of which type of cryptography?
A.
Digest
B.
Secret Key
C.
Public Key
D.
Hash Algorithm
Public Key
The “Gray-box testing” methodology enforces what kind of restriction?
A.
Only the external operation of a system is accessible to the tester.
B.
The internal operation of a system in only partly accessible to the tester
C.
Only the internal operation of a system is known to the tester.
D.
The internal operation of a system is completely known to the tester.
The internal operation of a system is completely known to the tester.
White-box testing (also known as clear box testing, glass box testing, transparent box
testing, and structural testing) is a method of software testing that tests internal structures
or workings of an application, as opposed to its functionality (i.e. black-box testing). In
white-box testing, an internal perspective of the system, as well as programming skills, are
used to design test cases. The tester chooses inputs to exercise paths through the code
and determine the expected outputs. This is analogous to testing nodes in a circuit, e.g. incircuit
testing (ICT). White-box testing can be applied at the unit, integration and system
levels of the software testing process. Although traditional testers tended to think of whitebox
testing as being done at the unit level, it is used for integration and system testing
more frequently today. It can test paths within a unit, paths between units during
integration, and between subsystems during a system-level test. Though this method of
test design can uncover many errors or problems, it has the potential to miss
unimplemented parts of the specification or missing requirements. Where white-box testing
is design-driven,[1] that is, driven exclusively by agreed specifications of how each
component of the software is required to behave (as in DO-178C and ISO 26262
processes) then white-box test techniques can accomplish assessment for unimplemented
or missing requirements.
White-box test design techniques include the following code coverage criteria:
· Control flow testing
· Data flow testing
· Branch testing
· Statement coverage
· Decision coverage
· Modified condition/decision coverage
· Prime path testing
· Path testing
What is the role of test automation in security testing?
A.
It is an option but it tends to be very expensive.
B.
It should be used exclusively. Manual testing is outdated because of low speed and
possible test setup inconsistencies.
C.
Test automation is not usable in security due to the complexity of the tests.
D.
It can accelerate benchmark tests and repeat them with a consistent test setup. But it
cannot replace manual testing completely.
It can accelerate benchmark tests and repeat them with a consistent test setup. But it
cannot replace manual testing completely.
As a securing consultant, what are some of the things you would recommend to a company
to ensure DNS security?
A.
Use the same machines for DNS and other applications
B.
Harden DNS servers
C.
Use split-horizon operation for DNS servers
D.
Restrict Zone transfers
E.
Have subnet diversity between DNS servers
Harden DNS servers
Use split-horizon operation for DNS servers
Restrict Zone transfers
Have subnet diversity between DNS servers
Your company performs penetration tests and security assessments for small and mediumsized
business in the local area. During a routine security assessment, you discover
information that suggests your client is involved with human trafficking.
What should you do?
A.
Confront the client in a respectful manner and ask her about the data.
B.
Copy the data to removable media and keep it in case you need it.
D.
Ignore the data and continue the assessment until completed as agreed
E.
Immediately stop work and contact the proper legal authorities.
Ignore the data and continue the assessment until completed as agreed
| Page 12 out of 114 Pages |
| Previous |