You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses.

You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

HTTP protocol specifies that arbitrary binary characters can be passed within the URL by using %xx notation, where ' xx ' is the

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information.

You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

Vulnerability assessment is an examination of the ability of a system or application, including current security procedures and controls, to withstand assault. It recognizes, measures, and classifies security vulnerabilities in a computer system, network, and communication channels.

A vulnerability assessment is used to identify weaknesses that could be exploited and predict the effectiveness of additional security measures in protecting information resources from attack.

Which of the following vulnerability assessment technique is used to test the web server infrastructure for any misconfiguration and outdated content?

George is a senior security analyst working for a state agency in Florida. His state ' s congress just passed a bill mandating every state agency to undergo a security audit annually. After learning what will be required, George needs to implement an IDS as soon as possible before the first audit occurs.

The state bill requires that an IDS with a " time-based induction machine " be used. What IDS feature must George implement to meet this requirement?

An external intrusion test and analysis identify security weaknesses and strengths of the client ' s systems and networks as they appear from outside the client ' s security perimeter, usually from the Internet.

The goal of an external intrusion test and analysis is to demonstrate the existence of known vulnerabilities that could be exploited by an external attacker.

During external penetration testing, which of the following scanning techniques allow you to determine a port’s state without making a full connection to the host?

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small accounting firm in Florida. They have given her permission to perform social engineering attacks on the company to see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the receptionist. Julia says that she is an IT technician from the company ' s main office in Iowa.

She states that she needs the receptionist ' s network username and password to troubleshoot a problem they are having. Julia says that Bill Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist gave Julia all the information she asked for.

What principal of social engineering did Julia use?

A framework for security analysis is composed of a set of instructions, assumptions, and limitations to analyze and solve security concerns and develop threat free applications.

Which of the following frameworks helps an organization in the evaluation of the company’s information security with that of the industrial standards?

Which of the following is developed to address security concerns on time and reduce the misuse or threat of attacks in an organization?

In Linux, /etc/shadow file stores the real password in encrypted format for user’s account with added properties associated with the user’s password.

In the example of a /etc/shadow file below, what does the bold letter string indicate?  

Vivek: $1$fnffc$GteyHdicpGOfffXX40w#5:13064:0:99999:7