Which Intrusion Detection System is the best applicable for large environments where critical assets on the network need extra security and is ideal for observing sensitive network segments?

• A.Honeypots
• B.Host-based intrusion detection system (HIDS)
• C.Firewalls
• D.Network-based intrusion detection system (NIDS)

Comment: *

Name: *

Email: *

Verification: *

When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?

• A.Interviewing employees and network engineers
• B.Data items and vulnerability scanning
• C.Source code review
• D.Reviewing the firewalls configuration

Comment: *

Name: *

Email: *

Verification: *

What type of vulnerability/attack is it when the malicious person forces the user's browser to send an authenticated request to a server?

• A.Cross-site request forgery
• B.Cross-site scripting
• C.Session hijacking
• D.Server side request forgery

Comment: *

Name: *

Email: *

Verification: *

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system.
Which TCP and UDP ports must you filter to check null sessions on your network?

• A.139 and 445
• B.137 and 139
• C.139 and 443
• D.137 and 443

Comment: *

Name: *

Email: *

Verification: *

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

• A.HAVAL
• B.MD4
• C.SHA-1
• D.MD5

Comment: *

Name: *

Email: *

Verification: *