You may be able to identify the IP addresses and machine names for the firewall, and the names of internal mail servers by:

A. Sending a mail message to a valid address on the target network,and examining the header information generated by the IMAP servers

B. Examining the SMTP header information generated by using the -mx command parameter of DIG

C. Examining the SMTP header information generated in response to an e-mail message sent to an invalid address

D. Sending a mail message to an invalid address on the target network,and examining the header information generated by the POP servers

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

A. Proper testing

B. Secure coding principles

C. Systems security and architecture review

D. Analysis of interrupts within the software

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

A. SDLC process

B. Honey pot

C. SQL injection

D. Trap door

What is the purpose of conducting security assessments on network resources?

A. Documentation

B. Validation

C. Implementation

D. Management

Jeremy is web security consultant for Information Securitas. Jeremy has just been hired to perform contract work for a large state agency in Michigan. Jeremy's first task is to scan all the company's external websites. Jeremy comes upon a login page which appears to allow employees access to sensitive areas on the website. James types in the following statement in the username field:

SELECT * from Users where username='admin' ?AND password='' AND email like '%@testers.com%'

What will the SQL statement accomplish?

A. If the page is susceptible to SQL injection,it will look in the Users table for usernames of admin

B. This statement will look for users with the name of admin,blank passwords,and email addresses that end in @testers.com

C. This Select SQL statement will log James in if there are any users with NULL passwords

D. James will be able to see if there are any default user accounts in the SQL database

In the software security development life cyle process, threat modeling occurs in which phase?

A. Design

B. Requirements

C. Verification

D. Implementation

Which of the following techniques can be used to mitigate the risk of an on-site attacker from connecting to an unused network port and gaining full access to the network? (Choose three.)

A. Port Security

B. IPSec Encryption

C. Network Admission Control (NAC)

D. 802.1q Port Based Authentication

E. 802.1x Port Based Authentication

F. Intrusion Detection System (IDS)

How do you defend against ARP Spoofing? Select three.

A. Use ARPWALL system and block ARP spoofing attacks

B. Tune IDS Sensors to look for large amount of ARP traffic on local subnets

C. Use private VLANS

D. Place static ARP entries on servers,workstation and routers

Bill is attempting a series of SQL queries in order to map out the tables within the database that he is trying to exploit.

Choose the attack type from the choices given below.

A. Database Fingerprinting

B. Database Enumeration

C. SQL Fingerprinting

D. SQL Enumeration

Why do you need to capture five to ten million packets in order to crack WEP with AirSnort?

A. All IVs are vulnerable to attack

B. Air Snort uses a cache of packets

C. Air Snort implements the FMS attack and only encrypted packets are counted

D. A majority of weak IVs transmitted by access points and wireless cards are not filtered by contemporary wireless manufacturers