An attacker gains access to a Web server's database and displays the contents of the table that holds all of the names, passwords, and other user information. The attacker did this by entering information into the Web site's user login page that the software's designers did not expect to be entered. This is an example of what kind of software design problem?

• A.Insufficient input validation
• B.Insufficient exception handling
• C.Insufficient database hardening
• D.Insufficient security management

Comment: *

Name: *

Email: *

Verification: *

Which of the following is considered an acceptable option when managing a risk?

• A.Deny the risk.
• B.Reject the risk.
• C.Initiate the risk.
• D.Mitigate the risk.

Comment: *

Name: *

Email: *

Verification: *

Which DNS resource record can indicate how long any "DNS poisoning" could last?

• A.SOA
• B.TIMEOUT
• C.NS
• D.MX

Comment: *

Name: *

Email: *

Verification: *

What is the process of logging, recording, and resolving events that take place in an organization?

• A.Incident Management Process
• B.Security Policy
• C.Internal Procedure
• D.Metrics

Comment: *

Name: *

Email: *

Verification: *

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?

• A.The IDS will not distinguish among packets originating from different sources.
• B.Thresholding interferes with the IDS' ability to reassemble fragmented packets.
• C.An attacker, working slowly enough, can evade detection by the IDS.
• D.Network packets are dropped if the volume exceeds the threshold.

Comment: *

Name: *

Email: *

Verification: *