Question 196
Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget?
Question 197
Ryan, a malicious hacker submits Cross-Site Scripting (XSS) exploit code to the Website of Internet forum for online
discussion. When a user visits the infected Web page, code gets automatically executed and Ryan can easily perform
acts like account hijacking, history theft etc. Which of the following types of Cross-Site Scripting attack Ryan intends to
do?
Question 198
CORRECT TEXT
Fill in the blank with the appropriate option to complete the statement below.
You want to block all UDP packets coming to the Linux server using the portsentry utility. For this, you have to enable the ______ option in the portsentry configuration file.
Question 199
In the DNS Zone transfer enumeration, an attacker attempts to retrieve a copy of the entire zone file for a domain
from a DNS server. The information provided by the DNS zone can help an attacker gather user names, passwords, and
other valuable information. To attempt a zone transfer, an attacker must be connected to a DNS server that is the
authoritative server for that zone. Besides this, an attacker can launch a Denial of Service attack against the zone's
DNS servers by flooding them with a lot of requests. Which of the following tools can an attacker use to perform a
DNS zone transfer?
Each correct answer represents a complete solution. Choose all that apply.
Question 200
As a professional hacker, you want to crack the security of secureserver.com. For this, in the information gathering step, you performed scanning with the help of nmap utility to retrieve as many different protocols as possible being used by the secureserver.com so that you could get the accurate knowledge about what services were being used by the secure server.com. Which of the following nmap switches have you used to accomplish the task?
