A security consultant decides to use multiple layers of anti-virus defense, such as end user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?


A. Forensic attack
B. ARP spoofing attack
C. Social engineering attack
D. Scanning attack

While performing data validation of web content, a security technician is required to restrict malicious input. Which of the following processes is an efficient way of restricting malicious input?


A. Validate web content input for query strings.
B. Validate web content input with scanning tools.
C. Validate web content input for type, length, and range.
D. Validate web content input for extraneous queries.

When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?


A. False positive
B. False negative
C. True positve
D. True negative

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company`s building dressed like an electrician and waits in the lobby for an employee to pass through the main
access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?


A. Man trap
B. Tailgating
C. Shoulder surfing
D. Social engineering

Low humidity in a data center can cause which of the following problems?


A. Heat
B. Corrosion
C. Static electricity
D. Airborne contamination

How can telnet be used to fingerprint a web server?


A. telnet webserverAddress 80
HEAD / HTTP/1.0
B. telnet webserverAddress 80
PUT / HTTP/1.0
C. telnet webserverAddress 80
HEAD / HTTP/2.0
D. telnet webserverAddress 80
PUT / HTTP/2.0

Which property ensures that a hash function will not produce the same hashed value for two different messages?


A. Collision resistance
B. Bit length
C. Key strength
D. Entropy

A computer science student needs to fill some information into a secured Adobe PDF job application that was received from a prospective employer. Instead of requesting a new document that allowed the forms to be completed, the student decides to write a script that pulls passwords from a list of commonly used passwords to try against the secured PDF until the correct password is found or the list is exhausted.

Which cryptography attack is the student attempting?


A. Man-in-the-middle attack
B. Brute-force attack
C. Dictionary attack
D. Session hijacking

Which of the following is a symmetric cryptographic standard?


A. DSA
B. PKI
C. RSA
D. 3DES

A circuit level gateway works at which of the following layers of the OSI Model?


A. Layer 5 -Application
B. Layer 4 TCP
C. Layer 3 Internet protocol
D. Layer 2 Data link