- Email support@dumps4free.com
Topic 1: Exam Pool A
env x=’(){ :;};echo exploit’ bash –c ‘cat/etc/passwd’
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?
A.
Removes the passwd file
B.
Changes all passwords in passwd
C.
Add new user to the passwd file
D.
Display passwd content to prompt
Display passwd content to prompt
Suppose your company has just passed a security risk assessment exercise. The results
display that the risk of the breach in the main company application is 50%. Security staff
has taken some measures and
implemented the necessary controls. After that, another security risk assessment was
performed showing that risk has decreased to 10%. The risk threshold for the application is
20%. Which of the following risk decisions will be the best for the project in terms of its
successful continuation with the most business profit?
A.
Accept the risk
B.
Introduce more controls to bring risk to 0%
C.
Mitigate the risk
D.
Avoid the risk
Accept the risk
Explanation:
Risk Mitigation
Risk mitigation can be defined as taking steps to reduce adverse effects. There are four
types of risk mitigation strategies that hold unique to Business Continuity and Disaster
Recovery. When mitigating risk, it’s important to develop a strategy that closely relates to
and matches your company’s profile.
A picture containing diagram
Description automatically generated
Risk Acceptance
Risk acceptance does not reduce any effects; however, it is still considered a strategy. This
strategy is a common option when the cost of other risk management options such as
avoidance or limitation may outweigh the cost of the risk itself. A company that doesn’t
want to spend a lot of money on avoiding risks that do not have a high possibility of
occurring will use the risk acceptance strategy.
Risk Avoidance
Risk avoidance is the opposite of risk acceptance. It is the action that avoids any exposure to the risk whatsoever. It’s important to note that risk avoidance is usually the most
expensive of all risk mitigation options.
Risk Limitation
Risk limitation is the most common risk management strategy used by businesses. This
strategy limits a company’s exposure by taking some action. It is a strategy employing a bit
of risk acceptance and a bit of risk avoidance or an average of both. An example of risk
limitation would be a company accepting that a disk drive may fail and avoiding a long
period of failure by having backups.
Risk Transference
Risk transference is the involvement of handing risk off to a willing third party. For example,
numerous companies outsource certain operations such as customer service, payroll
services, etc. This can be beneficial for a company if a transferred risk is not a core
competency of that company. It can also be used so a company can focus more on its core
competencies.
Which address translation scheme would allow a single public IP address to always
correspond to a single machine on an internal network, allowing "server publishing"?
A.
Overloading Port Address Translation
B.
Dynamic Port Address Translation
C.
Dynamic Network Address Translation
D.
Static Network Address Translation
Static Network Address Translation
The Heartbleed bug was discovered in 2014 and is widely referred to under MITRE’s
Common Vulnerabilities and Exposures (CVE) as CVE-2014-0160. This bug affects the
OpenSSL implementation of the Transport Layer Security (TLS) protocols defined in
RFC6520.
What type of key does this bug leave exposed to the Internet making exploitation of any
compromised system very easy?
A.
Public
B.
Private
C.
Shared
D.
Root
Private
Which of the following represents the initial two commands that an IRC client sends to join
an IRC network?
A.
USER, NICK
B.
LOGIN, NICK
C.
USER, PASS
D.
LOGIN, USER
USER, NICK
| Page 20 out of 114 Pages |
| Previous |