Correct Answer: AB

Traceroute is a route-tracing utility that displays the path an IP packet takes to reach its destination. It uses ICMP echo packets to display the Fully Qualified Domain Name (FQDN) and the IP address of each gateway along the route to the remote host. This tool also records the time taken for a round trip for each packet at each router that can be used to find any faulty router along the path. Answer: C, D are incorrect. Traceroute does not perform polymorphic shell code attacks. Attacking tools such as AD Mutate are used to perform polymorphic shell code attacks.

Correct Answer: A

Check the antivirus log and see if it is detecting your file as a virus and deleting it. All antivirus programs have a certain rate of false positives. Since the file is being deleted from all computers, it seems likely that your antivirus has mistakenly

identified that file as a virus. Answer: D is incorrect. The firewall log can help you identify traffic entering or leaving your network, but won't help with files being deleted.

Answer: B is incorrect. An IDS log would help you identify possible attacks, but this scenario is unlikely to be from an external attack.

Answer: C is incorrect. Your system log can only tell you what is happening on that individual computer.

Correct Answer: D

tag specifies a frameset used to organize multiple frames and nested framesets in an HTML document. It defines the location, size, and orientation of frames. An HTML document can either contain a tag or a

tag.

Answer: A, B, C are incorrect. There are no HTML tags such as , , and .

Correct Answer: BCD

There are many purposes of conducting risk analysis, which are as follows:

1.

To try to quantify the possible impact or loss of a threat

2.

To analyze exposure to risk in order to support better decision-making and proper management of those risks

3.

To support risk-based audit decisions

4.

To assist the auditor in determining the audit objectives

5.

To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.

Correct Answer: A

The residual risk is the risk or danger of an action or an event, a method or a (technical) process that still conceives these dangers even if all theoretically possible safety measures would be applied. The formula to calculate residual risk is (inherent risk) x (control risk) where inherent risk is (threats vulnerability). Answer: B is incorrect. In information security, security risks are considered as an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. Answer: C is incorrect. Vulnerability is a weakness or lack of safeguard that can be exploited by a threat, thus causing harm to the information systems or networks. It can exist in hardware, operating systems, firmware, applications, and configuration files. Vulnerability has been variously defined in the current context as follows:

1.A security weakness in a Target of Evaluation due to failures in analysis, design, implementation, or operation and such.

2.Weakness in an information system or components (e.g. system security procedures, hardware design, or internal controls that could be exploited to produce an information-related misfortune.)

3. The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system, network, application, or protocol involved.

Correct Answer: D

MAC flooding is a technique employed to compromise the security of network switches. In a typical MAC flooding attack, a switch is flooded with packets, each containing different source MAC addresses. The intention is to consume the limited memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called fail open mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a packet sniffer (such as Wireshark) running in promiscuous mode to capture sensitive data from other computers (such as unencrypted passwords, e- mail and instant messaging conversations), which would not be accessible were the switch operating normally. Answer: B is incorrect. Blind spoofing is a type of IP spoofing attack. This attack occurs when the attacker is on a different subnet as the destination host. Therefore, it is more difficult to obtain correct TCP sequence number and acknowledgement number of the data frames. In blind spoofing attack, an attacker sends several packets to the target computer so that he can easily obtain sequence number of each data frame. If the attacker is successful in compromising the sequence number of the data frames, the data is successfully sent to the target computer. Answer: C is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks. Answer: A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host. The receiving host responds to the software, presuming it to be the legitimate client.

Correct Answer: AD

By default, session tracking uses cookies to associate a session identifier with a unique user. URL rewriting is used in cases where cookies are not supported by the browser.

Correct Answer: BCD

A proxy server is a very important element for firewall applications. The services that it provides are as follows:

Hide network resources: Proxy replaces the network IP address with a single IP address. Multiple systems can use a single IP address.

Logging: A proxy server can log incoming and outgoing access, allowing a user to see every possible details of successful and failed connections.

Cache: A proxy server can save information obtained from the Internet. It regularly updates these copies and automatically shows these pages, and will thus not need to access the Internet to view them.

Correct Answer: B

The yy key combination in the vi editor is used to copy the current line. The vi editor is an interactive, cryptic, and screen-based text editor used to create and edit a file. It operates in either Input mode or Command mode. In Input mode, the vi editor accepts a keystroke as text and displays it on the screen, whereas in Command mode, it interprets keystrokes as commands. As the vi editor is case sensitive, it interprets the same character or characters as different commands, depending upon whether the user enters a lowercase or uppercase character. When a user starts a new session with vi, he must put the editor in Input mode by pressing the "I" key. If he is not able to see the entered text on the vi editor's screen, it means that he has not put the editor in Insert mode. The user must change the editor to Input mode before entering any text so that he can see the text he has entered. Answer: D is incorrect. It deletes next char on the right. Answer: A is incorrect. It deletes the current line and one line above. Answer: C is incorrect. It deletes from the cursor till the end of the line.

Correct Answer: AC

Using CAPTCHA or restricting the number of login attempts are good countermeasures against a brute force attack.