For messages sent through an insecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. While using a digital signature, the message digest is encrypted with which key?
A. Sender’s public key
B. Receiver’s private key
C. Receiver’s public key
D. Sender’s private key
Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design, and implementation?
A. Penetration testing
B. Social engineering
C. Vulnerability scanning
D. Access control list reviews
When using Wireshark to acquire packet capture on a network, which device would enable the capture of all traffic on the wire?
A. Network tap
B. Layer 3 switch
C. Network bridge
D. Application firewall
How does an operating system protect the passwords used for account logins?
A. The operating system performs a one-way hash of the passwords.
B. The operating system stores the passwords in a secret file that users cannot find.
C. The operating system encrypts the passwords,and decrypts them.when needed.
D. The operating system stores all passwords in a protected segment of non-volatile memory.
Which of the following programs is usually targeted at Microsoft Office products?
A. Polymorphic virus
B. Multipart virus
C. Macro virus
D. Stealth virus
What is the main difference between a pNormalq SQL Injection and a pBlindq SQL Injection vulnerability?
A. The request to the web server is not visible to the administrator of the vulnerable application.
B. The attack is called pBlindq because,although the application properly filters user input,it is still vulnerable to code injection.
C. The successful attack does not show an error message to the administrator of the affected application.
D. The vulnerable application does not display errors with information about the injection results to the attacker.
Which of the following ensures.that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
A. Regulatory compliance
B. Peer review
C. Change management
D. Penetration testing
Data hiding analysis can be useful in
A. determining the level of encryption used to encrypt the data.
B. detecting and recovering data that may indicate knowledge,ownership or intent.
C. identifying the amount of central processing unit (cpu) usage over time to process the data.
D. preventing a denial of service attack on a set of enterprise servers to prevent users from accessing the data.
Smart cards use which protocol to transfer the certificate in a secure manner?
A. Extensible Authentication Protocol (EAP)
B. Point to Point Protocol (PPP)
C. Point to Point Tunneling Protocol (PPTP)
D. Layer 2 Tunneling Protocol (L2TP)
A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:
The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?
A. Permit 18.104.22.168/24 22.214.171.124/24.RDP 3389
B. Permit 126.96.36.199 188.8.131.52 RDP 3389
C. Permit 184.108.40.206 220.127.116.11/24.RDP 3389
D. Permit 18.104.22.168/24 22.214.171.124 RDP 3389