Practice Questions

Previous page
Table of content
Next page
Question 1

Which of the following are client-side Web technologies? [Choose the four best answers.]

  • A. ActiveX controls

  • B. JavaScript

  • C. CGI scripts

  • D. Cookies

  • E. Java applets

A1:

Answers A, B, D, and E are correct. Client-side Web technologies include ActiveX controls, JavaScript interpreted code, cookies, and Java applets. Cookies might also be considered a server-side technology because the Web server may access them and store information within the cookies; however, they reside in the client system's browser cache or in a small text file on the client computer. Answer C is incorrect because CGI scripts are stored and interpreted on the Web server.

Question 2

Which of the following is a common bandwidth for 802.11b communications?

  • A. 19.2Kbps

  • B. 64Kbps

  • C. 1.5Mbps

  • D. 10Mbps

  • E. 11Mbps

  • F. 100Mbps

A2:

Answer E is correct. The 802.11b WLAN specification allows up to 11Mbps wireless connectivity. Answers A and B are incorrect because they specify common modem bandwidth limits. Answer C is incorrect because 1.5Mbps is a common speed for T1 connectivity. Answers D and F are incorrect because 10Mbps and 100Mbps are common wired LAN data-transfer rates.

Question 3

Unsecured SMTP servers are an asset to spammers because _________________________.

  • A. They can use these servers to hide the origin of their transmissions

  • B. They can plant viruses and rogue code on these servers

  • C. These servers store information in cleartext and can be easily compromised

  • D. They can use these servers send company email without putting up their own mail server

A3:

Answer A is correct. Spammers use SMTP Relay agents that are not properly secured to relay their SMTP email spam messages, hiding the true origin of the email messages. Answer B is incorrect because the purpose of an email server is to relay email messages. Rogue code and viruses are usually planted on file or application servers. Answer C is incorrect because FTP and Telnet are associated with cleartext messages; the purpose of exploiting SMTP Relay is to send mass emails while disguising one's identity, not to capture messages. Answer D is incorrect because it is a bogus answer.

Question 4

Which of the following are good uses for cookies? [Choose the two best answers.]

  • A. Maintaining user portal settings between sessions

  • B. Storing credit card and user identification data

  • C. Storing a listing of items within a shopping cart application

  • D. Maintaining password and logon information for easy return to visited secured sites

  • E. Providing details regarding the network settings in use by the client, like its IP address

A4:

Answers A and C are correct. Cookies are well suited for maintaining user portal settings between sessions and storing a list of items within a shopping cart application. Answers B and D are incorrect because cookies that store user identification data, credit card information, or password and logon details could be exploited to allow others to use this information by mining the client's cache. Answer E is incorrect because cookies are used to store session information between pages or servers, rather than to store information that the server can obtain for itself, such as the IP address used by the client.

Question 5

Which of the following are potential exploits for CGI scripts? [Choose the four best answers.]

  • A. Providing information on processes running on the server.

  • B. Executing arbitrary commands on the client.

  • C. Samples may not include proper security.

  • D. Buffer overflows may occur.

  • E. Arbitrary commands may be executed on the server.

A5:

Answers A, C, D, and E are correct. CGI scripts may be exploited to leak information such as details on running server processes and daemons. Also, samples included in some default installations are not intended for security and include well-known exploits, and buffer overflows may allow arbitrary commands to be executed on the server. Answer B is incorrect because CGI scripts do not run on the client system.

Question 6

Which of the following is a WLAN technology that uses the Ethernet protocols?

  • A. Bluetooth

  • B. IETF

  • C. WAP

  • D. i-Mode

  • E. Wi-Fi

A6:

Answer E is correct. The 802.11b (Wi-Fi) standard uses the CSMA/CA connectivity methods commonly found in Ethernet. Answer A is incorrect because Bluetooth is based on a differing transmission protocol. Answer B is incorrect because the Internet Engineering Task Force (IETF) is a standards organization and not a communications protocol. Answers C and D are incorrect because both WAP and i-Mode are standards used by mobile devices such as cell phones, pagers , and PDAs and are not used to specify WLAN standards.

Question 7

Which of the following is not an LDAP vulnerability?

  • A. Buffer overflow vulnerabilities

  • B. Format string vulnerabilities

  • C. Incorrect handling of requests

  • D. Information passed in cleartext

A7:

Answer D is correct. Information passed in cleartext is associated with FTP and Telnet, not LDAP. Answers A, B, and C are incorrect because they are all LDAP vulnerabilities.

Question 8

Which of the following is not a potential vulnerability of the FTP service?

  • A. Buffer overflow

  • B. Execution of arbitrary commands

  • C. Anonymous access

  • D. Unencrypted credentials

  • E. Cache mining

A8:

Answers E is correct. The FTP service does not provide access to the browser's cache. Answers A, B, C, and D are incorrect because FTP servers may be exposed to anonymous access and transfer logon credentials in clear form. The FTP service is also known for common vulnerabilities that may be exploited using buffer overflows to execute arbitrary commands on the server.

Question 9

The Wired Equivalent Privacy (WEP) standard uses which encryption scheme?

  • A. Blowfish

  • B. RC4

  • C. El Gamal

  • D. Diffie-Hellman

A9:

Answer B is correct. WEP is based on the RC4 encryption scheme. Answer A is incorrect because Blowfish is a block cipher based on 64-bit blocks of data. Answer C is incorrect because El Gamal is a public key algorithm used for digital signatures and key exchange. Answer D is incorrect because Diffie-Hellman is a key exchange algorithm.

Question 10

Which of the following statements about Java and JavaScript is true?

  • A. Java applets can be used to execute arbitrary instructions on the server.

  • B. JavaScript code can continue running even after the applet is closed.

  • C. JavaScript can provide access to files of a known name and path .

  • D. Java applets can be used to send email as the user.

  • E. Java applets allow access to cache information.

A10:

Answer C is correct. An early exploit of JavaScript allowed access to files located on the client's system if the name and path were known. Answers A, D, and E are incorrect because JavaScript, not Java, can be used to execute arbitrary instructions on the server, send email as the user, and allow access to cache information. Answer B is incorrect because Java, not JavaScript, can continue running even after the applet has been closed.


Previous page
Table of content
Next page
Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162
Authors: Kirk Hausman, Diane Barrett, Martin Weiss, Ed Tittel
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Ruby Cookbook (Cookbooks (OReilly))
Comparing, Designing, and Deploying VPNs
MPLS Configuration on Cisco IOS Software
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy