Which of the following is the BEST approach to prevent Cross-site Scripting (XSS) flaws?


A. Use digital certificates to authenticate a server prior to sending data.
B. Verify access right before allowing access to protected information and UI controls.
C. Verify access right before allowing access to protected information and UI controls.
D. Validate and escape all information sent to a server.

The following are types of Bluetooth attack EXCEPT_____?


A. Bluejacking
B. Bluesmaking
C. Bluesnarfing
D. Bluedriving

What type of malware is it that restricts access to a computer system that it infects and demands that the user pay a certain amount of money, cryptocurrency, etc. to the operators of the malware to remove the restriction?


A. Ransomware
B. Riskware
C. Adware
D. Spyware

Youve just gained root access to a Centos 6 server after days of trying. What tool should you use to maintain access?


A. Disable Key Services
B. Create User Account
C. Download and Install Netcat
D. Disable IPTables

What tool and process are you going to use in order to remain undetected by an IDS while pivoting and passing traffic over a server youve compromised and gained root access to?


A. Install and use Telnet to encrypt all outgoing traffic from this server.
B. Install Cryptcat and encrypt outgoing packets from this server.
C. Use HTTP so that all traffic can be routed via a browser, thus evading the internal Intrusion Detection Systems.
D. Use Alternate Data Streams to hide the outgoing packets from this server.

Which of the following is a form of penetration testing that relies heavily on human interaction and often involves tricking people into breaking normal security procedures?


A. Social Engineering
B. Piggybacking
C. Tailgating
D. Eavesdropping

Which of the following BEST describes how Address Resolution Protocol (ARP) works?

A. It sends a reply packet for a specific IP, asking for the MAC address
B. It sends a reply packet to all the network elements, asking for the MAC address from a specific IP
C. It sends a request packet to all the network elements, asking for the domain name from a specific IP
D. It sends a request packet to all the network elements, asking for the MAC address from a specific IP

Defining rules, collaborating human workforce, creating a backup plan, and testing the plans are within what phase of the Incident Handling Process?


A. Preparation phase
B. Containment phase
C. Recovery phase
D. Identification phase

LM hash is a compromised password hashing function. Which of the following parameters describe LM Hash:?
I The maximum password length is 14 characters.
II There are no distinctions between uppercase and lowercase.
III Its a simple algorithm, so 10,000,000 hashes can be generated per second.


A. I
B. I, II, and III
C. II
D. IandII

First thing you do every office day is to check your email inbox. One morning, you received an email from your best friend and the subject line is quite strange. What should you do?


A. Delete the email and pretend nothing happened.
B. Forward the message to your supervisor and ask for her opinion on how to handle the situation.
C. Forward the message to your companys security response team and permanently delete the message from your computer.
D. Reply to the sender and ask them for more information about the message contents.