- Email support@dumps4free.com
Topic 1: Volume A
Most cases of insider abuse can be traced to individuals who are introverted, incapable of
dealing with stress or conflict, and frustrated with their job, office politics, and lack of
respect or promotion. Disgruntled employees may pass company secrets and intellectual
property to competitors for monitory benefits.
Here are some of the symptoms of a disgruntled employee:
a. Frequently leaves work early, arrive late or call in sick
b. Spends time surfing the Internet or on the phone
c. Responds in a confrontational, angry, or overly aggressive way to simple requests or
comments
d. Always negative; finds fault with everything
These disgruntled employees are the biggest threat to enterprise security. How do you deal
with these threats? (Select 2 answers)
A.
Limit access to the applications they can run on their desktop computers and enforce
strict work hour rules
B.
By implementing Virtualization technology from the desktop to the data centre,
organizations can isolate different environments with varying levels of access and security
to various employees
C.
Organizations must ensure that their corporate data is centrally managed and delivered
to users just and when needed
D.
Limit Internet access, e-mail communications, access to social networking sites and job
hunting portals
By implementing Virtualization technology from the desktop to the data centre,
organizations can isolate different environments with varying levels of access and security
to various employees
Organizations must ensure that their corporate data is centrally managed and delivered
to users just and when needed
Consider the following code:
URL:http://www.certified.com/search.pl?
text=<script>alert(document.cookie)</script>
If an attacker can trick a victim user to click a link like this, and the Web application does
not validate input, then the victim's browser will pop up an alert showing the users current
set of cookies. An attacker can do much more damage, including stealing passwords,
resetting your home page, or redirecting the user to another Web site.
What is the countermeasure against XSS scripting?
A.
Create an IP access list and restrict connections based on port number
B.
Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts
C.
Disable Javascript in IE and Firefox browsers
D.
Connect to the server using HTTPS protocol instead of HTTP
Replace "<" and ">" characters with "& l t;" and "& g t;" using server scripts
BankerFox is a Trojan that is designed to steal users' banking data related to certain
banking entities.
When they access any website of the affected banks through the vulnerable Firefox 3.5
browser, the Trojan is activated and logs the information entered by the user. All the
information entered in that website will be logged by the Trojan and transmitted to the
attacker's machine using covert channel.
BankerFox does not spread automatically using its own means. It needs an attacking
user's intervention in order to reach the affected computer.
What is the most efficient way an attacker located in remote location to infect this banking
Trojan on a victim's machine?
A.
Physical access - the attacker can simply copy a Trojan horse to a victim's hard disk
infecting the machine via Firefox add-on extensions
B.
Custom packaging - the attacker can create a custom Trojan horse that mimics the
appearance of a program that is unique to that particular computer
C.
Custom packaging - the attacker can create a custom Trojan horse that mimics the
appearance of a program that is unique to that particular computer
D.
Custom packaging - the attacker can create a custom Trojan horse that mimics the
appearance of a program that is unique to that particular computer
E.
Downloading software from a website? An attacker can offer free software, such as
shareware programs and pirated mp3 files
Downloading software from a website? An attacker can offer free software, such as
shareware programs and pirated mp3 files
SNMP is a connectionless protocol that uses UDP instead of TCP packets (True or False)
A.
true
B.
false
true
A common technique for luring e-mail users into opening virus-launching attachments is to
send messages that would appear to be relevant or important to many of their potential
recipients. One way of accomplishing this feat is to make the virus-carrying messages
appear to come from some type of business entity retailing sites, UPS, FEDEX, CITIBANK
or a major provider of a common service.
Here is a fraudulent e-mail claiming to be from FedEx regarding a package that could not
be delivered. This mail asks the receiver to open an attachment in order to obtain the
FEDEX tracking number for picking up the package. The attachment contained in this type
of e-mail activates a virus.
Vendors send e-mails like this to their customers advising them not to open any files
attached with the mail, as they do not include attachments.
Fraudulent e-mail and legit e-mail that arrives in your inbox contain the fedex.com as the
sender of the mail.
How do you ensure if the e-mail is authentic and sent from fedex.com?
A.
Verify the digital signature attached with the mail, the fake mail will not have Digital ID at
all
B.
Check the Sender ID against the National Spam Database (NSD)
C.
Fake mail will have spelling/grammatical errors
D.
Fake mail uses extensive images, animation and flash content
Verify the digital signature attached with the mail, the fake mail will not have Digital ID at
all
| Page 6 out of 175 Pages |
| Previous |