What is the main advantage that a network-based IDS/IPS system has over a host-based solution?


A. They do not use host system resources.
B. They are placed at the boundary, allowing them to inspect all traffic.
C. They are easier to install and configure.
D. They will not interfere with user interfaces.

The use of alert thresholding in an IDS can reduce the volume of repeated alerts, but introduces which of the following vulnerabilities?


A. An attacker, working slowly enough, can evade detection by the IDS.
B. Network packets are dropped if the volume exceeds the threshold.
C. Thresholding interferes with the IDS ability to reassemble fragmented packets.
D. The IDS will not distinguish among packets originating from different sources.

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?


A. The web application does not have the secure flag set.
B. The session cookies do not have the HttpOnly flag set.
C. The victim user should not have an endpoint security solution.
D. The victim's browser must have ActiveX technology enabled.

A newly discovered flaw in a software application would be considered which kind of security vulnerability?


A. Input validation flaw
B. HTTP header injection vulnerability
C. 0-day vulnerability
D. Time-to-check to time-to-use flaw

What technique is used to perform a Connection Stream Parameter Pollution (CSPP) attack?


A. Injecting parameters into a connection string using semicolons as a separator
B. Inserting malicious Javascript code into input parameters
C. Setting a user's session identifier (SID) to an explicit known value
D. Adding multiple parameters with the same name in HTTP requests

An attacker uses a communication channel within an operating system that is neither designed nor intended to transfer information. What is the name of the communications channel?


A. Classified
B. Overt
C. Encrypted
D. Covert

WPA2 uses AES for wireless data encryption at which of the following encryption levels?


A. 64 bit and CCMP
B. 128 bit and CRC
C. 128 bit and CCMP
D. 128 bit and TKIP

Which type of scan measures a person's external features through a digital video camera?


A. Iris scan
B. Retinal scan
C. Facial recognition scan
D. Signature kinetics scan

A company has hired a security administrator to maintain and administer Linux and Windows-based systems. Written in the nightly report file is the following:
Firewall log files are at the expected value of 4 MB. The current time is 12am. Exactly two hours later the size has decreased considerably. Another hour goes by and the log files have shrunk in size again.
Which of the following actions should the security administrator take?


A. Log the event as suspicious activity and report this behavior to the incident response team immediately.
B. Log the event as suspicious activity, call a manager, and report this as soon as possible.
C. Run an anti-virus scan because it is likely the system is infected by malware.
D. Log the event as suspicious activity, continue to investigate, and act according to the site's security policy.

A security policy will be more accepted by employees if it is consistent and has the support of


A. coworkers.
B. executive management.
C. the security officer.
D. a supervisor.