Mark, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Mark denies that he had ever sent a mail. What do you want to
""know"" to prove yourself that it was Bob who had send a mail?
Which regulation defines security and privacy controls for Federal information systems and organisations?
Cross-site request forgery involves:
It is a regulation that has a set of guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing, and sharing any electronic medical data to keep patient data secure.
Which of the following regulations best matches the description?
When a security analyst prepares for the formal security assessment - what of the following should be done in order to determine inconsistencies in the secure assets database and verify that system is compliant to the minimum security baseline?
Why should the security analyst disable/remove unnecessary ISAPI filters?
You are looking for SQL injection vulnerability by sending a special character to web applications. Which of the following is the most useful for quick validation?
Which of the following BEST describes the mechanism of a Boot Sector Virus?
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the nslookup command for www.eccouncil.org and receives an error message stating there is no response from the server.
What should the administrator do next?
Mike wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'.
What technique is Mike using?
Which Type of scan sends a packets with no flags set?
Which of the following is the greatest threat posed by backups?
Which address translation scheme would allow a single public IP address to always correspond to a single machine on an internal network, allowing "server publishing"?
Ken, a system administrator at TPNQM SA, concluded one day that a DMZ is not needed if he properly configures the firewall to allow access just to servers/ports, which can have direct internet access, and block the access to workstations.
Ken also concluded that DMZ makes sense just when a stateful firewall is available, which is not the case of TPNQM SA.
In this context, what can you say?
The configuration allows a wired or wireless network interface controller to pass all traffic it receives to the central processing unit (CPU), rather than passing only the frames that the controller is intended to receive.
Which of the following is being described?
Which of the following is an extremely common IDS evasion technique in the web world?
An attacker has been successfully modifying the purchase price of items purchased on the company's web site.
The security administrators verify the web server and Oracle database have not been compromised directly.
They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
Which type of intrusion detection system can monitor and alert on attacks, but cannot stop them?
An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses.
In which order should he perform these steps?
Which set of access control solutions implements two-factor authentication?
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?