Websites and web portals that provide web services commonly use the Simple Object Access Protocol (SOAP). Which of the following is an incorrect definition or characteristics of the protocol?

• A.Only compatible with the application protocol HTTP
• B.Provides a structured model for messaging
• C.Exchanges data between web services
• D.Based on XML

Comment: *

Name: *

Email: *

Verification: *

A security administrator notices that the log file of the company's webserver contains suspicious entries:

Based on source code analysis, the analyst concludes that the login.php script is vulnerable to

• A.directory traversal.
• B.SQL injection.
• C.command injection.
• D.LDAP injection.

Comment: *

Name: *

Email: *

Verification: *

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?

• A.Systems security and architecture review
• B.Proper testing
• C.Analysis of interrupts within the software
• D.Secure coding principles

Comment: *

Name: *

Email: *

Verification: *

env x=`(){ :;};echo exploit` bash -c 'cat /etc/passwd'
What is the Shellshock bash vulnerability attempting to do on a vulnerable Linux host?

• A.Display passwd content to prompt
• B.Removes the passwd file
• C.Changes all passwords in passwd
• D.Add new user to the passwd file

Comment: *

Name: *

Email: *

Verification: *

The security concept of "separation of duties" is most similar to the operation of which type of security device?

• A.Firewall
• B.Bastion host
• C.Intrusion Detection System
• D.Honeypot

Comment: *

Name: *

Email: *

Verification: *