Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Cybersecurity Concepts and Principles, Exams of Computer Science

This comprehensive document covers a wide range of cybersecurity topics, including cryptography, access controls, network security, application security, and incident response. It provides an overview of key security principles and best practices essential for protecting information systems and data. The document delves into various security mechanisms, security concepts, and security controls, as well as secure software development practices. It serves as a valuable resource for students, IT professionals, and anyone interested in enhancing their knowledge in the field of cybersecurity.

Typology: Exams

2024/2025

Available from 10/16/2024

Academician
Academician 🇺🇸

4.2

(15)

3.9K documents

Partial preview of the text

Download Cybersecurity Concepts and Principles and more Exams Computer Science in PDF only on Docsity!

CASP Practice Exam 1 Complete Questions And Answers

Latest Quiz

Several of your organization's users have requested permission to install certificates from a third party. Company policy states that before users can install these certificates, you must verify that the certificates are still valid. You need to check for revocation. What could you check to verify this information? (Choose all that apply.) A. CRL B. OCSP C. DNSSEC D. DRM ✔✔Answer: A, B Explanation: You can use either a certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) to check for certificate revocation, depending on which type of PKI is deployed. Your company has an intrusion detection system (IDS) and firewall deployed on the perimeter of the network to detect attacks against internal resources. Yesterday, the IDS alerted you that SSL sessions are under attack, using an older exploit against SSLv2. Your organization's web server must use encryption for all financial transactions. You need to prevent such an attack from being successful in the future. What should you do? A. Block SSLv2 on the firewall. B. Block SSLv2 on the web server. C. Disable SSLv2 and enable SSLv3 on the web server. D. Update the web server with the latest patches and updates. ✔✔Answer: C Explanation: You should disable SSLv2 and enable SSLv3 on the web server. This will prevent the use of SSLv2, which is the problem. The research department for your company needs to carry out a web conference with a third party. The manager of the research department has requested that you ensure that the web conference is encrypted because of the sensitive nature of the topic that will be discussed. Which of the following should you deploy? A. SSL B. SET

C. IPsec D. RC4 ✔✔Answer: D Explanation: RC4 is a stream-based cipher and could be used to encrypt web conference traffic. Your company has recently decided to merge with another company. Each company has its own Internet PKI that deploys certificates to users within that network. You have been asked to deploy a solution that allows each company to trust the other's certificates. What should you do? A. Issue a policy certificate accepting both trust paths. B. Deploy a new PKI for all users and import the current user certificates to the new PKI. C. Use a cross-certification certificate. D. Add the root certificate to both of the root certification authorities (CAs). ✔✔Answer: C Explanation: You should use a cross-certification certificate to ensure that each company trusts the other company's certificates. Your company has a single, centralized web-based retail sales system. Orders come in 12 hours per day, 364 days per year. Sales average $500,000 per day. Attacks against the retail sales system occur on a daily basis. For the retail sales system, there is a 1% chance of a hacker bringing the system down. The mean time to restore the system is 6 hours. What is the ALE for this system? A. $912, B. $250, C. $500, D. $910,000 ✔✔Answer: D Explanation: The annualized loss expectancy (ALE) for the system is $910,000. The asset value (AV) is $500,000. The exposure factor (EF) is 0.5 (6 hours/12 hours). Single loss expectancy (SLE) = AV × EF = $500,000 × 0.5 = $250,

Annualized rate of occurrence (ARO) = 0.01 × 364 = 3. Annualized loss expectancy (ALE) = SLE × ARO = $250,000 × 3.64 = $910, Your organization has recently implemented several new security policies in response to a recent risk analysis. One of the new policies states that controls must be configured to protect files from unauthorized or accidental deletion. Which aspect of security does this new policy address? A. confidentiality B. integrity C. availability D. authorization ✔✔Answer: B Explanation: Configuring controls that will protect files from unauthorized or accidental deletion addresses data integrity. Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. What is risk mitigation? A. risk that is left over after safeguards have been implemented B. terminating the activity that causes a risk or choosing an alternative that is not as risky C. passing the risk on to a third party D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level ✔✔Answer: D Explanation: Risk mitigation is defining the acceptable risk level the organization can tolerate and reducing the risk to that level. Your company completes a risk analysis. After the analysis, management requests that you deploy security controls that will mitigate any of the identified risks. Management indicates that there is an expected level of residual risk that they expect. What is residual risk? A. risk that is left over after safeguards have been implemented B. terminating the activity that causes a risk or choosing an alternative that is not as risky

C. passing the risk on to a third party D. defining the acceptable risk level the organization can tolerate and reducing the risk to that level ✔✔Answer: A Explanation: Residual risk is risk that is left over after safeguards have been implemented. Your company is negotiating with a new service provider for its Internet services. You have been asked to draft a service-level agreement (SLA) that stipulates the required levels of service for this company. The SLA must provide the appropriate levels of service that will ensure that your company's departmental SLAs are met. What should you use to develop the draft SLA? A. OLA B. NDA C. MOU D. ISA ✔✔Answer: A Explanation: You should use the operating-level agreement (OLA) to develop the draft SLA. You need to ensure that your company's departmental SLAs are met. These are defined in an OLA. Your company recently had a third party review all internal procedures. As a result of this review, the third party made several recommendations for procedural changes. One of the recommendations is that critical financial transactions should be split between two independent parties. Of which principle is this an example? A. job rotation B. separation of duties C. least privilege D. mandatory vacation ✔✔Answer: B Explanation: This is an example of separation of duties, which occurs when critical tasks are split between independent parties to prevent fraud. As part of the process of conducting a business impact analysis (BIA), you document the device name, operating system or platform version, hardware requirements, and device interrelationships of all devices. Which step of the BIA are you performing?

A. Identify critical processes and resources. B. Identify resource requirements. C. Identify outage impacts, and estimate downtime. D. Identify recovery priorities. ✔✔Answer: B Explanation: During the identify resource requirements step, you document the device names, operating systems or platform versions, hardware requirements, and device interrelationships of all devices. As part of the process of conducting a business impact analysis (BIA), you perform the MTD, MTTR, and MTBF calculations. Which step of the BIA are you performing? A. Identify critical processes and resources. B. Identify resource requirements. C. Identify outage impacts, and estimate downtime. D. Identify recovery priorities. ✔✔Answer: C Explanation: During the identify outage impacts and estimate downtime step, you perform the MTD, MTTR, and MTBF calculations. An employee has been accused of carrying out a crime from his corporate desktop PC. You have been asked to capture the current state of the PC, including all of its contents, according to proper forensic rules. When you locate the PC, it is turned off. What is the order of capture for this system? A. hard drive, BIOS settings, external media B. RAM, hard drive, external media C. RAM, external media, hard drive D. hard drive, external media, BIOS settings ✔✔Answer: A Explanation: You should capture the forensic data in the following order: hard drive, BIOS settings, and external media. During a forensic investigation, a systems administrator indicates that she is in possession of a copy backup of the compromised system. This backup was taken a few

hours before an attack disabled the system. You must decide whether to use the copy backup to restore the system. What is this type of backup? A. a backup that backs up all the files, much like a full backup, but does not reset the file's archive bit B. a backup that uses a file's time stamp to determine whether it needs to be archived C. a backup in which all files that have been changed since the last full backup will be backed up, and the archive bit for each file will not be cleared D. a backup in which all files that have been changed since the last full or incremental backup will be backed up, and the archive bit for each file will be cleared ✔✔Answer: A Explanation: A copy backup backs up all the files, much like a full backup, but does not reset the file's archive bit. If your organization performs a full backup every Sunday and a differential backup Monday through Saturday, what is the largest number of backup files that will have to be restored? A. 1 B. 2 C. 3 D. 7 ✔✔Answer: B Explanation: If your organization performs a full backup every Sunday and a differential backup Monday through Saturday, the largest number of backup files that will have to be restored is two. In a differential scheme, only the full backup and the most recent differential backup must be restored. You are the security practitioner for your company. The company has recently adopted a new asset disposal policy in which you are required to render any information stored on magnetic media unrecoverable by forensics methods. Which of the following should you use? A. data clearing B. remanence C. formatting D. data purging ✔✔Answer: D

Explanation: You should opt for data purging, which uses a method such as degaussing to make the old data unavailable even with laboratory attacks (forensics). Purging renders information unrecoverable against forensics. You are your company's security analyst. Management has allocated funds for you to attend one conference this year. You have been asked to focus on a conference that will most improve your security knowledge. The conference needs to include training on the latest hacking techniques. Which of the following conferences should be among those that you research? (Choose all that apply.) A. ISSA B. DEFCON C. RSA Conference D. Black Hat Conference ✔✔Answer: B, C, D Explanation: You should research DEFCON, RSA Conference, and Black Hat Conference and then select the one that best fits your needs as a security analyst. After attending a security conference, your manager wants you to perform research on types of attacks in which the attacker reuses an attack that has worked on other organizations. It is very important to your manager that you learn as much about this type of attack as possible. What is this type of attack called? A. birthday attack B. target of opportunity C. zero-day attack D. drive-by attack ✔✔Answer: B Explanation: This type of attack is referred to as a target of opportunity attack. Once an attack has been successful on a particular device, attackers often try to locate other targets that use the same device to see if the same attack will be successful again. You are the security analyst for your company. In recent months, the security demands of the company have greatly increased. Management has adopted a new policy which states that security is an ever-changing field requiring research to remain abreast of the latest threats and security measures. As part of this policy, you have been tasked with regularly performing research on security issues. What is the most important topic to research on a regular basis?

A. new security systems B. best practices C. new technologies D. new threats to existing technologies ✔✔Answer: C Explanation: It is most important to research new technologies on a regular basis. New technologies will not have any identified best practices and security procedures. By researching new technologies, you will ensure that you better understand the security issues related to these technologies. Recently, management has attended a security awareness workshop where advanced persistent threats (APTs) were discussed in great detail. After returning from the training, management has requested that you take any precautions necessary to protect against APTs. Which of the following are characteristics of these threats? (Choose all that apply.) A. APTs maintain a way to access an attacked device over and over again. B. APTs are carried out from multiple locations on a single device. C. The goal of APTs is to interrupt network operations. D. APTs quietly obtain information about an attacked device. ✔✔Answer: A, D Explanation: APTs maintain a way to access an attacked device over and over again, and they quietly obtain information about the attacked device. Your organization has decided to purchase a new security device for your enterprise. Unfortunately, you have some very unique needs that must be documented. You are unsure of how some of these needs will be met. You decide to create a document that seeks information to determine the device's requirements. You will send this document to all vendors that may have products to offer. Which document are you creating? A. RFP B. RFC C. RFI D. RFQ ✔✔Answer: C Explanation: A request for information (RFI) is a document that solicits information on a product from vendors.

Your company has recently purchased a new web server that will be customer facing. Currently no security controls are deployed on the web server. During risk analysis, it was determined that the cost of any web server compromise would be $250,000. You deploy a security solution for $25,000 that will provide a 90% reduction in risk. What is the ROI for this solution? A. $225, B. $200, C. $25, D. $22,250 ✔✔Answer: B Explanation: To calculate return on investment, you must first calculate the percentage of the asset value that is covered by the solution: $250,000 × .9 = $225, ROI = Modified asset value - Control cost = $225,000 - $25,000 = $200, A new security policy adopted by your organization states that you must monitor for attacks that compromise user accounts. Which of the following activities should you monitor? A. sensitive file access in a 12-hour period B. average throughput of the network perimeter C. failed logins in a 24-hour period D. port scans in a 24-hour period ✔✔Answer: C Explanation: You should monitor failed logins in a 24-hour period. Brute-force attacks attempt to access the same user account using different passwords, resulting in repeated failed logins. You have documented several possible solutions to a security issue that occurred last week. You need to test all the possible solutions to see the effect that each has and to determine which to deploy. Which is the most important guideline you should follow? A. Maintain adequate bandwidth while testing each solution. B. Test each solution under the same conditions.

C. Patch all lab computers prior to testing each solution. D. Determine the acceptable false-positive maximum. ✔✔Answer: B Explanation: You should test each solution under the same conditions. This ensures that each solution will be assessed fairly in comparison to the others. Management at your company has become increasingly concerned about botnet attacks. After researching the issue, you decide to monitor certain conditions to help detect whether a botnet attack is under way. Which trend is the best indicator of this type of attack? A. connection attempts increase on Internet-facing web servers B. TCP and UDP traffic increase during off-peak hours C. port scanning attempts increase over a 24-hour period D. unsuccessful logins increase during peak hours ✔✔Answer: B Explanation: Of the possibilities listed, the best indicator of a botnet attack is an increase in TCP and UDP traffic during off-peak hours. You have recently been hired to manage your company's security team. You must ensure that an effective security team is built. Which policies should you keep in mind for this? (Choose all that apply.) A. The team leadership must be obtained from within the security industry. B. Team members must include individuals from across the entire spectrum of security. C. Team goals must be clearly defined and understood. D. Team actions must have clearly defined rules. ✔✔Answer: B, C, D Explanation: You should keep in mind the following policies: Team members must include individuals from across the entire spectrum of security. Team goals must be clearly defined and understood. Team actions must have clearly defined rules. Your company must design the security requirements for several new systems. Which personnel should develop these?

A. management B. security personnel C. programmers D. database administrator ✔✔Answer: B Explanation: Security personnel should develop a company's security requirements. You have been recently hired as the security administrator for your company. You need to ensure that the security policies that you establish have the maximum effect for the company. Which actors are most important to this success? A. all personnel B. upper-level management C. security personnel D. attackers ✔✔Answer: A Explanation: In order to have the maximum effect for the company, all personnel are important to the success of any security policies that you establish. As part of your organization's comprehensive security plan, all departments must perform full data backups on a weekly basis. Which type of control does this describe? A. technical control B. administrative control C. physical control D. detective control ✔✔Answer: A Explanation: Data backups are technical controls. As the security administrator for your organization, you are responsible for recognizing situations that will cause organizational security issues. Which of the following should be considered? (Choose all that apply.) A. company mergers B. internal restructure

C. government regulations D. new industry threats identified ✔✔Answer: A, B, C, D Explanation: All of the situations given will cause organizational security issues. Your company has recently adopted a formal change management process. All changes must be approved by the change control board. Which of the following statements regarding this process are true? (Choose all that apply.) A. Proper change management reduces operational difficulty. B. Proper change management results in reduced implementation costs. C. Proper change management ensures that there are minimum service interruptions. D. Proper change management reduces the number of rollbacks needed when updates fail. ✔✔Answer: C, D Explanation: The following statements regarding the change management process are true: Proper change management ensures that there are minimum service interruptions. Proper change management reduces the number of rollbacks needed when updates fail. Your company has decided to adopt a formal asset disposal policy for all desktop computers. Which of the following policies should be adopted? A. Reset the computer to its factory default. B. Format all hard drives. C. Back up all user data. D. Destroy all hard drives. ✔✔Answer: D Explanation: You should destroy all hard drives to ensure that the data on the hard drives cannot be retrieved. Your company's development team is working on a new application that will be used by the research and development department. Because of the critical nature of the data that will be stored in this application, security is extremely important. The development team has created a grid that connects the security requirements, implementation details, and testing details. What grid has been created?

A. ACL

B. SDLC

C. RFID

D. SRTM ✔✔Answer: D Explanation: The grid that has been created is the security requirements traceability matrix (SRTM). As your company's security practitioner, you are responsible for host, storage, network, and application integration into the secure enterprise architecture. Your company's security policy states that you must ensure that the CIA of data is ensured across its entire life cycle. Which principle will provide this functionality? A. least privilege B. separation of duties C. defense in depth D. social engineering ✔✔Answer: C Explanation: The principle of defense in depth ensures that the CIA of data is ensured across its entire life cycle. You need to protect your organization's confidential or private data. The method you choose must isolate this data from all other types of data. Which of the following are valid methods of protecting confidential or private data? (Choose all that apply.) A. Place the data on a flash drive. B. Place the devices that store this information on their own VLAN. C. Create a separate folder on a public server to store this type of data. D. Place this type of data on separate servers. ✔✔Answer: B, D Explanation: You could place the devices that store this information on their own VLAN or place this type of data on separate servers. Your organization is currently working to ensure that the enterprise follows recognized standards. Which of the following statements is TRUE regarding using standards in your organization?

A. De jure standards should take precedence over all other standards, including de facto standards. B. De facto standards should take precedence over all other standards, including de jure standards. C. Competing standards should be ignored. D. The organization should adhere only to standards managed by a standards organization. ✔✔Answer: A Explanation: De jure standards should take precedence over all other standards, including de facto standards. Your organization needs to retain a legacy application for the inventory department. Next year, a new application will be purchased, and all the current data will be exported to the new application at that time. For the time being, you have been asked to retain the legacy application. The computer on which the legacy application resides can no longer be supported and must be removed from the enterprise. You have been asked to implement a solution that allows the legacy application to remain in use. What should you do? A. Deploy the legacy application on its own VLAN. B. Deploy the legacy application on a virtual machine. C. Deploy the legacy application on the DMZ. D. Deploy the legacy application on a public cloud. ✔✔Answer: B Explanation: You should deploy the legacy application on a virtual machine. This ensures that the legacy application is still supported while ensuring that the computer it is on can be removed from the enterprise. Your organization needs to deploy its network so that all servers are isolated from the rest of the internal resources. In addition, Internet-facing systems must be isolated on a demilitarized zone (DMZ) from the internal network. How many firewalls should you deploy? A. one B. two C. three

D. four ✔✔Answer: C Explanation: You should deploy three firewalls: one between the Internet and the DMZ, one between the DMZ and the internal network, and one between the internal network and the server network. You have been given both a physical network diagram and a logical network diagram for your company's enterprise. Which of the following information is shown only on the physical network diagram? A. device names B. cabling used C. IP addresses D. device roles ✔✔Answer: B Explanation: The cabling used is shown only on the physical network diagram. As a SAN administrator, you are implementing a storage solution for a customer. A server will remotely mount physical disks on the shared SAN and then write a large number of small files to disk before a Java program processes the files. Which consideration is most important to ensure that the files can be processed successfully by the Java program? A. Ensure that the server can write the files to the disk as fast as the Java program can process them. B. Ensure that the Java program has the latest updates. C. Ensure that the server has multiple NICs. D. Ensure that the server utilizes processor affinity. ✔✔Answer: A Explanation: If the Java program is reading the data faster than the file system is writing the data, there may be an issue with processing the data. It will appear as incompletely written to the disk. The storage team is discussing the implementation of shared storage to support a business-critical, high-volume database application. Which of the following characteristics makes a NAS unsuitable for this application? A. its use of block-level data transfers

B. its use of file-level data transfers C. its excessive cost compared to a SAN D. its inability to utilize NFS ✔✔Answer: B Explanation: A NAS uses file-level transfers of data, which is not appropriate for this type of application. This application would benefit from the use of block-level transfers, which is more efficient and is what would be used with a SAN. As a storage administrator, you are implementing a storage solution for a customer. He has suggested that you implement a solution that uses iSCSI to access the data. Which of the following is a security issue you need to discuss with him? A. it use of block-level data B. its use of file-level data C. its inability to use CHAP authentication D. its inability to use IPsec ✔✔Answer: A Explanation: Because iSCSI accesses blocks of data rather than files, any security breaches expose more information than would be the case with file-level access, as in NAS. If you implement FCoE in your storage network, which of the following security issues should concern you? A. a breach of the Fibre Channel network B. a breach of the Ethernet network C. the use of iSCSI commands D. the inability to use encryption ✔✔Answer: B Explanation: Because FCoE encapsulates Fibre Channel frames within Ethernet frames, a breach of the Ethernet network would be a concern. The company you work for has implemented the following security controls: All workstations have the latest patches and antivirus. All sensitive data is encrypted in transit.

Dual-factor user authentication is used. A firewall at the edge of the network is implemented. What is missing from this security posture? A. no local encryption B. weak user authentication C. insufficient edge control D. exposure to viruses ✔✔Answer: A Explanation: While transport encryption has been enabled, the sensitive data should be encrypted on the hard drives as well. You are moving to a new location and have been asked to assess the security additions required in the new location. Which of the following concerns could be addressed with a mantrap? A. need to log all visitors B. prevention of tailgating C. dim lighting in the parking lot D. contractors connecting to open ports ✔✔Answer: B Explanation: Mantraps afford the ability to allow one user or visitor to enter at a time, preventing tailgating. You and the network access team are discussing how to control access to the network. While one team member suggests using a captive SSL portal, others are in favor of using 802.1x with a RADIUS server. Why would the latter suggestion be better? A. A captive SSL portal may be exploitable with a simple packet sniffer. B. The portal cannot display an AUP. C. SSL cannot encrypt the transmissions. D. 802.1x can be applied to open Ethernet jacks. ✔✔Answer: A

Explanation: In some implementations of an SSL captive portal, once the device is granted access, the MAC address or IP address of the device is allowed to bypass the captive portal. By using a sniffer, a hacker could learn the MAC or IP address of an authenticated device, spoof the address, and gain entry. You work for a cable company that utilizes VLANs in its internal network and provides customers with connections between locations. If the company were to offer MPLS, what additional service would the company be able to offer customers that it currently cannot offer? A. metro Ethernet B. establishment of VLANs between sites C. cable TV and Internet service D. transport encryption ✔✔Answer: B Explanation: The implementation of MPLS would allow the cable company to keep VLANs of customers separate from its own internal VLANs. You install an SSL VPN that connects to your data center and have users connect to a standard virtual workstation image. Which of the following requirements have you NOT met? A. All data is encrypted in transport. B. Users will have the same data sets set at the same version. C. All data must remain in the data center. D. Users must not access the system between 12 a.m. and 1 a.m. ✔✔Answer: D Explanation: All requirements are met with the exception of preventing access between 12 a.m. and 1 a.m. To accomplish this, you must set workstation time of day restrictions. You need to implement a technology that can prevent IP spoofing. Which of the following would do this? A. DNSSEC B. unicast reverse path forwarding C. private VLANs

D. port security ✔✔Answer: B Explanation: When enabled, unicast reverse path forwarding allows a router to verify the reachability of the source address in packets being forwarded. If the router cannot find a path back to the IP address in its routing table using the interface on which it arrived, it knows spoofing is occurring, and it drops the packet. Your company, a healthcare provider, is considering outsourcing its messaging system to a managed service provider. The proposal presented makes no mention of a DLP functionality. If this is not present, which of the following are you in danger of experiencing? A. poor messaging performance B. loss of PII C. open email relay D. unauthenticated sessions ✔✔Answer: B Explanation: Data loss prevention (DLP) systems are used to control what users can email and print (among other things). When DLP is not in place, it is possible for personally identifiable information (PII) to be mistakenly emailed or printed and released. Your company is going to launch a new version of a banking application. To ensure an appropriate security posture, the team performs penetration tests, using accounts with varying levels of access. Which of the following would be the best additional step to take? A. code review across critical modules B. performance testing C. port scanning in the network for open ports D. review of all patch levels on all servers ✔✔Answer: D Explanation: While all options are security related and good ideas, the most pressing need with respect to this application is code review. Your organization recently deployed a standard operating system image to all desktop systems and is now scanning the computers weekly against a security baseline. Which of the following cannot be learned by scanning against the baseline? A. whether security settings have been changed

B. whether user data has been deleted C. whether security policies have been disabled D. whether antimalware software has been removed ✔✔Answer: B Explanation: Because the data was not present in the image, it cannot be detected as missing when the scan is run. After a recent meeting, your team was provided with the following list of requirements for a new network location: Confidentiality, integrity, and availability (CIA) are all of equal importance. Average availability must be at least 6 nines (99.9999%). All devices must support collaboration with every other user device. All devices must be VoIP and teleconference ready. To meet these requirements your team takes the following actions: Enforces security policies on mobile/remote devices Makes standard images and checks device hardware configurations Backs up all storage devices Considering the actions your team has taken, which requirement is MOST likely to not be met? A. Confidentiality, integrity, and availability (CIA) are all of equal importance. B. Average availability must be at least 6 nines (99.9999%). C. All devices must support collaboration with every other user device. D. All devices must be VoIP and teleconference ready. ✔✔Answer: B Explanation: It will be difficult to meet 6 nines' availability without multiple layers of redundancy. Input validation is a technique used to prevent which of the following application attacks?

A. memory leaks B. privilege escalation C. improper error handling D. SQL injection ✔✔Answer: D Explanation: A SQL injection attack inserts, or "injects," a SQL query as the input data from the client to the application. To prevent these types of attacks, use proper input validation. The following code is an example of what type of attack? #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); } A. SQL injection B. buffer overflow C. cross-site scripting D. integer overflow ✔✔Answer: B Explanation: The code is an example of a buffer overflow. In this example, 16 characters are being sent to a buffer that is only 8 bytes. The following script is designed to attempt what type of attack?

A. SQL injection B. buffer overflow

C. XSS

D. integer overflow ✔✔Answer: C Explanation: The script is designed to attempt a cross-site scripting (XSS) attack. In the following raw HTTP request, which part is problematic? GET /disp_reports.php?SectionEntered=57&GroupEntered=- 1&report_type=alerts&to_date=01- 01 - 0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31- 10 - 2010&TypesEntered=1 HTTP/1.1 Host: test.example.net Accept: / Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001; A. Host: test.example.net B. Connection: close C. Run&UserEntered=dsmith&SessionID=5f04189 D. Accept: / ✔✔Answer: C Explanation: The section Run&UserEntered=dsmith&SessionID=5f04189 contains the session ID of an authenticated user, specifically the user is dsmith and the session ID is 5f04189. You have been asked to improve the quality of the code produced by the software development team, so you are creating a secure coding standard document. Which of the following is NOT a topic that should be covered in the document? A. error handling B. input validation C. memory use and reuse D. performance metrics ✔✔Answer: D Explanation: Topics covered should include:

Error handling Input validation Memory use and reuse Race condition handling Commenting Preventing typical security problems Your company is merging with another company that operates in several other countries. Which of the following security issues is MOST likely to be affected by the differences in legal or regulatory requirements? A. software coding practices B. expectation of privacy policy C. network access controls D. disaster recovery procedures ✔✔Answer: B Explanation: Legal or regulatory requirements in various countries may restrict the type of employee monitoring that can be done in a country. Companies A and B are merging, with the security administrator for Company A becoming head of IT. In which of the following scenarios would the first step be to perform a vulnerability assessment of Company B's network? A. The two networks must be joined. B. An application used by Company B must be integrated by Company A. C. The two networks have overlapping IP address ranges. D. An attack is under way in Company A's network. ✔✔Answer: A Explanation: The first step should be to assess any vulnerabilities that exist in company B's network so that when they are joined, the issue will not be transferred to Company A's network. Company C is selling part of its business to Company D. The assets include a small plant, Company C's network, and 50 employees. In the transition, which of the following actions would pose the most risk to Company C?

A. a temporary joining of the Company C and Company D networks B. a temporary joining of the plant network and the Company D network C. a temporary assignment of three technicians from Company C to the Company D network to help in the transition D. a temporary assignment of three technicians from the Company D network to the Company C network to help in the transition ✔✔Answer: A Explanation: Joining Company C's network to Company D's network, even temporarily, presents a big security risk. Company E has a contract with a smaller company. The smaller company provides security at a high-security location. Company E discovers that the smaller company has subcontracted some of the functions. What is the minimum step that Company E must take in reaction to this situation? A. Do nothing. It is shielded from liability. B. Execute a new contract that includes the subcontractor. C. Require the security contractor to execute a service agreement with the subcontractor. D. Fire the security consulting company. ✔✔Answer: C Explanation: At a minimum, the company should require and examine the service contract between the contractor and subcontractor to ensure that the company is insulated from liability issues and service issues. The SDLC team is creating a new process to improve the quality of in-house applications. The team lead has identified a product called a fuzzer that he wants to use. What is a fuzzer used for? A. to verify that an application is properly handling user error exceptions B. to verify the performance of the application C. to perform a vulnerability assessment of the application D. to perform a penetration test of the application ✔✔Answer: A Explanation: Fuzzers are used to introduce errors to an application to determine whether the application handles the errors properly.

After several support calls complaining about network issues, you capture the following series of packets: 06:02:50.626330 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) 06:02:51.622727 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) 06:02:52.620954 arp reply 192.168.99.35 is-at 0:80:c8:f8:4a:51 (0:80:c8:f8:4a:51) What type of attack is occurring? A. man-in-the-middle B. VLAN hopping C. SYN flood D. smurf ✔✔Answer: A Explanation: The packets displayed are gratuitous ARP replies. They are created by the hacker and are replies to a question that never came from the devices in the network. This attack causes the devices to update their ARP cache with the mappings included in the packet. This creates incorrect mappings in the devices' ARP caches, and when done correctly, it can cause the hacker to receive all traffic between two machines—or make him the man in the middle in a man-in-the-middle attack. The web development team has a new application that needs to be assessed from a security standpoint. When the third-party testing team presents its test cases, it mentions that an HTTP interceptor is one of the tools it will utilize. Which of the following issues would this be most suitable to test for? A. open ports B. input validation of a form C. access control D. performance under stress ✔✔Answer: B Explanation: HTTP interceptors are tools that can be used to introduce invalid input to see if the application performs proper input validation. During user acceptance testing of an application, it is discovered that when entering order amounts, in at least three cases the application crashes when the user clicks