An audacious attacker is targeting a web server you oversee. He intends to perform a Slow HTTP POST attack, by manipulating 'a' HTTP connection. Each connection sends a byte of data every 'b' second, effectively holding up the connections for an extended period. Your server is designed to manage 'm' connections per second, but any connections exceeding this number tend to overwhelm the system. Given
'a=100' and variable 'm', along with the attacker's intention of maximizing the attack duration 'D=a*b', consider the following scenarios. Which is most likely to result in the longest duration of server unavailability?

• A.m=110, b=20: Despite the attacker sending 100 connections, the server can handle 110 connections per second, therefore likely staying operative, regardless of the hold-up time per connection
• B.m=90, b=15: The server can manage 90 connections per second, but the attacker's 100 connections exceed this, and with each connection held up for 15 seconds, the attack duration could be significant
• C.95, b=10: Here, the server can handle 95 connections per second, but it falls short against the attacker's 100 connections, albeit the hold-up time per connection is lower
• D.m=105, b=12: The server can manage 105 connections per second, more than the attacker's 100 connections, likely maintaining operation despite a moderate hold-up time

Comment: *

Name: *

Email: *

Verification: *

In the process of implementing a network vulnerability assessment strategy for a tech company, the security analyst is confronted with the following scenarios:
1) A legacy application is discovered on the network, which no longer receives updates from the vendor.
2) Several systems in the network are found running outdated versions of web browsers prone to distributed attacks.
3) The network firewall has been configured using default settings and passwords.
4) Certain TCP/IP protocols used in the organization are inherently insecure.
The security analyst decides to use vulnerability scanning software. Which of the following limitations of vulnerability assessment should the analyst be most cautious about in this context?

• A.Vulnerability scanning software is limited in its ability to perform live tests on web applications to detect errors or unexpected behavior
• B.Vulnerability scanning software cannot define the impact of an identified vulnerability on different business operations
• C.Vulnerability scanning software is limited in its ability to detect vulnerabilities at a given point in time
• D.Vulnerability scanning software is not immune to software engineering flaws that might lead to serious vulnerabilities being missed

Comment: *

Name: *

Email: *

Verification: *

What port number is used by LDAP protocol?

• A.445
• B.389
• C.110
• D.464

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a passive wireless packet analyzer that works on Linux-based systems?

• A.tshark
• B.Burp Suite
• C.OpenVAS
• D.Kismet

Comment: *

Name: *

Email: *

Verification: *

Abel, a cloud architect, uses container technology to deploy applications/software including all its dependencies, such as libraries and configuration files, binaries, and other resources that run independently from other processes in the cloud environment. For the containerization of applications, he follows the five-tier container technology architecture. Currently. Abel is verifying and validating image contents, signing images, and sending them to the registries. Which of the following tiers of the container technology architecture Is Abel currently working in?

• A.Tier-1: Developer machines
• B.Tier-4: Orchestrators
• C.Tier-3: Registries
• D.Tier-2: Testing and accreditation systems

Comment: *

Name: *

Email: *

Verification: *