لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
A company identified critical vulnerability in its hyperconverged infrastructure that provides services such as computing, networking, and storage resources in a single system. Also, the company identified that this vulnerability may lead to various injection attacks that allow the attackers to execute malicious commands as the root users. The company decided to immediately implement appropriate countermeasure to defend against such attacks. Which of the following defensive mechanisms should the company emp
A. Data correlation
B. Patch management
C. Input validation
D. Session management
عرض الإجابة
اجابة صحيحة: D
السؤال #2
Output modules allow Snort to be much more flexible in the formatting and presentation of outputto its users. Snort has 9 output plug-ins that push out data in different formats. Which one of thefollowing output plug-ins allows alert data to be written in a format easily importable to a database?
A. unified
B. csv
C. alert_unixsock
D. alert_fast
عرض الإجابة
اجابة صحيحة: B
السؤال #3
Which Wireshark filter displays all the packets where the IP address of the source host is 10.0.0.7?
A. ip
B. ip
C. ip
D. ip
عرض الإجابة
اجابة صحيحة: C
السؤال #4
Karen was running port scans on each machine of her network in order to identify suspicious ports on the target machines. She observed the following results during the port scan of a particular machine. I. Some of the ports were not being acknowledged, i.e. no acknowledgment from the target machine II. Some ports were responding with SYN + ACK packets III. Some ports were responding with an RST packet What should she interpret for the ports that did not return the acknowledgement?
A. She should that those ports as Closed ports
B. She should that those ports as Open ports
C. She should that those ports as Stealth ports
D. She should that those ports as Half Open ports
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Kyle is performing the final testing of an application he developed for the accounting department.His last round of testing is to ensure that the program is as secure as possible. Kyle runs the followingcommand. What is he testing at this point?include #include int main(int argc, char *argv[]){char buffer[10];if (argc < 2){fprintf(stderr, "USAGE: %s string\n", argv[0]);return 1;}strcpy(buffer, argv[1]);return 0;}
A. Buffer overflow
B. Format string bug
C. Kernal injection
D. SQL injection
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which one of the following is a useful formatting token that takes an int * as an argument, and writesthe number of bytes already written, to that location?
A. “%n”
B. “%s”
C. “%p”
D. “%w”
عرض الإجابة
اجابة صحيحة: A
السؤال #7
Before performing the penetration testing, there will be a pre-contract discussion with different pen-testers (the team of penetration testers) to gather a quotation to perform pen testing.Which of the following factors is NOT considered while preparing a price quote to perform pentesting?
A. Total number of employees in the client organization
B. Type of testers involved
C. The budget required
D. Expected time required to finish the project
عرض الإجابة
اجابة صحيحة: A
السؤال #8
An external intrusion test and analysis identify security weaknesses and strengths of the client'ssystems and networks as they appear from outside the client's security perimeter, usually from theInternet.The goal of an external intrusion test and analysis is to demonstrate the existence of knownvulnerabilities that could be exploited by an external attacker.During external penetration testing, which of the following scanning techniques allow you todetermine a ports state without making a full connection to
A. XMAS Scan
B. SYN scan
C. FIN Scan
D. NULL Scan
عرض الإجابة
اجابة صحيحة: B
السؤال #9
DNS information records provide important data about:
A. Phone and Fax Numbers
B. Location and Type of Servers
C. Agents Providing Service to Company Staff
D. New Customer
عرض الإجابة
اجابة صحيحة: B
السؤال #10
DMZ is a network designed to give the public access to the specific internal resources and you mightwant to do the same thing for guests visiting organizations without compromising the integrity of theinternal resources. In general, attacks on the wireless networks fall into four basic categories.Identify the attacks that fall under Passive attacks category.
A. Wardriving
B. Spoofing
C. Sniffing
D. Network Hijacking
عرض الإجابة
اجابة صحيحة: A
السؤال #11
In Linux, what is the smallest possible shellcode?
A. 800 bytes
B. 8 bytes
C. 80 bytes
D. 24 bytes
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Today, most organizations would agree that their most valuable IT assets reside within applicationsand databases. Most would probably also agree that these are areas that have the weakest levels ofsecurity, thus making them the prime target for malicious activity from system administrators, DBAs,contractors, consultants, partners, and customers.Which of the following flaws refers to an application using poorly written encryption code to securelyencrypt and store sensitive data in the database and allows an
A. SSI injection attack
B. Insecure cryptographic storage attack
C. Hidden field manipulation attack
D. Man-in-the-Middle attack
عرض الإجابة
اجابة صحيحة: B
السؤال #13
Which among the following information is not furnished by the Rules of Engagement (ROE)document?
A. Techniques for data collection from systems upon termination of the test
B. Techniques for data exclusion from systems upon termination of the test
C. Details on how data should be transmitted during and after the test
D. Details on how organizational data is treated throughout and after the test
عرض الإجابة
اجابة صحيحة: A
السؤال #14
In a virtual test environment, Michael is testing the strength and security of BGP using multiplerouters to mimic the backbone of the Internet. This project will help him write his doctoral thesis on"bringing down the Internet".Without sniffing the traffic between the routers, Michael sends millions of RESET packets to therouters in an attempt to shut one or all of them down. After a few hours, one of the routers finallyshuts itself down.What will the other routers communicate between themselves?
A. More RESET packets to the affected router to get it to power back up
B. RESTART packets to the affected router to get it to power back up
C. The change in the routing fabric to bypass the affected router
D. STOP packets to all other routers warning of where the attack originated
عرض الإجابة
اجابة صحيحة: C
السؤال #15
Identify the attack represented in the diagram below:
A. Input Validation
B. Session Hijacking
C. SQL Injection
D. Denial-of-Service
عرض الإجابة
اجابة صحيحة: B
السؤال #16
A firewall protects networked computers from intentional hostile intrusion that could compromiseconfidentiality or result in data corruption or denial of service. It examines all traffic routed betweenthe two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.Why is an appliance-based firewall is more secure than those implemented on top of the commercialoperating system (Software based)?
A. Appliance based firewalls cannot be upgraded
B. Firewalls implemented on a hardware firewall are highly scalable
C. Hardware appliances does not suffer from security vulnerabilities associated with the underlying operating system
D. Operating system firewalls are highly configured
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Windows stores user passwords in the Security Accounts Manager database (SAM), or in the ActiveDirectory database in domains. Passwords are never stored in clear text; passwords are hashed andthe results are stored in the SAM.NTLM and LM authentication protocols are used to securely store a user's password in the SAMdatabase using different hashing methods.The SAM file in Windows Server 2008 is located in which of the following locations?
A. c:\windows\system32\config\SAM
B. c:\windows\system32\drivers\SAM
C. c:\windows\system32\Setup\SAM
D. c:\windows\system32\Boot\SAM
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: