An internal penetration tester was assessing a recruiting page for potential issues before it was pushed to the production website. The penetration tester discovers an issue that must be corrected before the page goes live. The web host administrator collects the log files below and gives them to the development team so improvements can be made to the security design of the website.

Which of the following types of attack vector did the penetration tester use?

• A.CSRF
• B.TOC/TOU
• C.SQL injection
• D.Brute force
• E.XSS

Comment: *

Name: *

Email: *

Verification: *

Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).

• A.Install a HIPS on the SIP servers
• B.Configure 802.1X on the network
• C.Update the corporate firewall to block attacking addresses
• D.Configure 802.11e on the network
• E.Configure 802.1q on the network

Comment: *

Name: *

Email: *

Verification: *

A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one-off management GUI The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information'?

• A.Password cracker
• B.Reverse engineering principles
• C.Wireless network analyzer
• D.Fuzzing tools

Comment: *

Name: *

Email: *

Verification: *

An architect was recently hired by a power utility to increase the security posture of the company's power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources. Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)

• A.Upgrade the software on critical systems
• B.Install a firewall and IDS between systems and the LAN
• C.Configure the systems to use government-hosted NTP servers
• D.Employ own stratum-0 and stratum-1 NTP servers
• E.Isolate the systems on their own network

Comment: *

Name: *

Email: *

Verification: *

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?

• A.Ensure web services hosting the event use TCP cookies and deny_hosts.
• B.Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
• C.Contract and configure scrubbing services with third-party DDoS mitigation providers.
• D.Purchase additional bandwidth from the company's Internet service provider.

Comment: *

Name: *

Email: *

Verification: *