Which tool is used to automate SQL injections and exploit a database by forcing a given web application to connect to another database controlled by a hacker?
C. Cain and Abel
A security analyst is performing an audit on.the network to determine if there are any deviations from the security policies in place. The analyst.discovers that a user from the IT department had a dial-out modem installed. Which security policy must the security analyst check to see if dial-out modems are allowed?
A. Firewall-management policy
B. Acceptable-use policy
C. Remote-access policy
D. Permissive policy
A company is using Windows Server 2003 for its Active Directory (AD). What.is the most efficient way to crack the passwords for the AD users?
A. Perform a dictionary attack.
B. Perform a brute force attack.
C. Perform an attack with a rainbow table.
D. Perform a hybrid attack.
When an alert rule is matched in a network-based IDS like snort, the IDS does which of the following?
A. Drops the packet and moves on to the next one
B. Continues to evaluate the packet until all rules are checked
C. Stops checking rules,sends an alert,and lets the packet continue
D. Blocks the connection with the source IP address in the packet
Passive reconnaissance involves collecting information through which of the following?
A. Social engineering
B. Network traffic sniffing
C. Man in the middle attacks
D. Publicly accessible sources
During a penetration test, the tester conducts an ACK scan using NMAP against the external interface of the DMZ firewall. NMAP reports that port 80 is unfiltered. Based on this response, which type of packet inspection is the firewall conducting?
What is the main reason the use of a stored biometric is vulnerable to an attack?
A. The digital representation of the biometric might not be unique,even if the physical characteristic is unique.
B. Authentication using a stored biometric compares a copy to a copy instead of the original to a copy.
C. A stored biometric is no longer “something you are” and instead becomes “something you have”.
D. A stored biometric can be stolen and used by an attacker to impersonate the individual identified by the biometric.
Which of the following types of firewall inspects only header information in network traffic?
A. Packet filter
B. Stateful inspection
C. Circuit-level gateway
D. Application-level gateway
An attacker sniffs encrypted traffic from the network and is subsequently able to decrypt it. The attacker can now use which cryptanalytic technique to attempt to discover the encryption key?
A. Birthday attack
B. Plaintext attack
C. Meet in the middle attack
D. Chosen ciphertext attack
Low humidity in a data center can cause which of the following.problems?
C. Static electricity
D. Airborne contamination