Question No:381
A security analyst in an insurance company is assigned to test a new web application that will be used by clients to help them choose and apply for an insurance plan.the analyst discovers that application is developed in ASP scripting languange and it uses MSSQL as a database backend.the analyst locates application's search from and introduces the following code in the search input field.
When the analyst submits from,the browser returns a pop-up windows that say"Vulnerable".which web application vulnerability did the analyst discover?
A.Cross-Shite request forgery
B.Command Injection
C.Cross-site Scripting
D.SQL injection
Answer:C
Explanation
Karena dengan menggunakan script kita bisa menganalisa sistem web yang rentan terhadap kesalahan dan kita bisa memperbaiki sistem web
Question No:382
While testing the company's web application,a tester attempts to insert the following test script into the search area on the company,s web site.
afterwards,when the tester presses the search button,a pop-up box appears on the screen with the text"testing testing testing".which vulnerability has been detected in the web application?
A. Buffer overflow
B.Cross-Shite request forgery
C.Distributed denial of service
D.Cross-site scripting
Answer:D
Explanation:
Dengan melakukan proses pengujian terus menerus kita bisa tau apa kekurangan pada sistem yang kita buat dan agar jauh dari kerentanan atau kerusakan pada sistem.
QUESTION NO: 383
A hacker was able to sniff packets on a company's wireless network. The following information
was discovereD.
The Key 10110010 01001011
The Cyphertext 01100101 01011010
Using the Exlcusive OR, what was the original message?
A. 00101000 11101110
B. 11010111 00010001
C. 00001101 10100100
D. 11110010 01011011
Answer: B
Explanation:
Dengan timbul kode berikut 11 00010001 seorang yang mengelola sebuah sistem bisa mengetahui apakah sistem nya kena hack atau kena bajak
QUESTION NO: 384
International Organization for Standardization (ISO) standard 27002 provides guidance for
compliance by outlining
A. guidelines and practices for security controls.
B. financial soundness and business viability metrics.
C. standard best practice for configuration management.
D. contract agreement writing standards.
Answer: A
Explanation:
Untuk membuat sebuah sistem seorang harus setuju dengan perjanjian atau persetujuan dengan memakai Organization for Standardization (ISO).
QUESTION NO: 385
Which solution can be used to emulate computer services, such as mail and ftp, and to capture
information related to logins or actions?
A. Firewall
B. Honeypot
C. Core server
D. Layer 4 switch
Answer: B
Explanation:
Honeypot berfungsi sebagai security atau keamanan pada sebuah sistem untuk mengontrol data yang masuk .
QUESTION NO: 386
A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection
system. The alert was generated because a large number of packets were coming into the
network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers.
How should the administrator classify this situation?
A. True negatives
B. False negatives
C. True positives
D. False positives
Answer: D
Explanation:
Untuk mengatasi masalah seperti ini administrator harus memakai metode rekayasa atau ilustrasi percobaan kepada sebuah sistem untuk membuat sistem agar abstrak dan terkendali.
QUESTION NO: 387
The following is part of a log file taken from the machine on the network with the IP address of
192.168.1.106:
Time:Mar 13 17:30:15 Port:20 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:17 Port:21 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:19 Port:22 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:21 Port:23 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:22 Port:25 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:23 Port:80 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
Time:Mar 13 17:30:30 Port:443 Source:192.168.1.103 Destination:192.168.1.106 Protocol:TCP
What type of activity has been logged?
A. Port scan targeting 192.168.1.103
B. Teardrop attack targeting 192.168.1.106
C. Denial of service attack targeting 192.168.1.103
D. Port scan targeting 192.168.1.106
Answer: D
Explanation:
Aktivitas yang telah login adalah Port scan targeting 192.168.1.106
QUESTION NO: 388
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
A. Detective
B. Passive
C. Intuitive
D. Reactive
Answer: B
Explanation:
Dengan memakai instruksi passive seorang pengelola sebuah sistem dapat mengetahui sebuah kesalahan dengan memberi tanda peringatan.
QUESTION NO: 389
Which of the following settings enables Nessus to detect when it is sending too many packets and
the network pipe is approaching capacity?
A. Netstat WMI Scan
B. Silent Dependencies
C. Consider unscanned ports as closed
D. Reduce parallel connections on congestion
Answer: D
Explanation:
Untuk menstabilkan proses pengiriman data harus di perlukan pengontrolan terhadap sebuah sistem dengan mengurangi kemacetan pada pengiriman data
QUESTION NO: 390
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process.
Which of the following is the correct bit size of the Diffie-Hellman (DH) group 5?
A. 768 bit key
B. 1025 bit key
C. 1536 bit key
D. 2048 bit key
Answer: C
Explanation:
Ukuran yang benar pada Diffie-Hellman (DH) group 5 adalah 1536 bit key yang standart untuk HD tersebut
No comments:
Post a Comment