Follow along with the video below to see how to install our site as a web app on your home screen.
Catatan: This feature may not be available in some browsers.
Saat ini Anda mengakses IndoForum sebagai tamu, sehingga Anda tidak memiliki akses penuh untuk melihat artikel dan diskusi yang hanya tersedia bagi anggota. Dengan bergabung, Anda akan mendapatkan akses penuh untuk bertanya, mengirim pesan pribadi, mengikuti polling, dan menggunakan fitur-fitur lainnya. Proses pendaftaran sangat cepat, mudah, dan gratis. Silakan daftar dan validasi email Anda untuk mendapatkan akses penuh sebagai anggota. Harap masukkan alamat email yang valid dan periksa kotak masuk Anda setelah mendaftar untuk proses validasi.
Bob is a very security conscious computer user. He plans to test a site that is known
to have malicious applets, code, and more. Bob always make use of a basic Web
Browser to perform such testing.
Which of the following web browser can adequately fill this purpose?
A. Internet Explorer
B. Mozila
C. Lynx
D. Tiger
Clive has been hired to perform a Black-Box test by one of his clients.
How much information will Clive obtain from the client before commencing his
test?
A. IP Range, OS, and patches installed.
B. Only the IP address range.
C. Nothing but corporate name.
D. All that is available from the client site.
You have just received an assignment for an assessment at a company site. Company's
management is concerned about external threat and wants to take appropriate steps to
insure security is in place. Anyway the management is also worried about possible
threats coming from inside the site, specifically from employees belonging to different
Departments. What kind of assessment will you be performing ?
A. Black box testing
B. Black hat testing
C. Gray box testing
D. Gray hat testing
E. White box testing
F. White hat testing
What does black box testing mean?
A. You have full knowledge of the environment
B. You have no knowledge of the environment
C. You have partial knowledge of the environment
Bob has been hired to do a web application security test. Bob notices that the site is
dynamic and infers that they mist be making use of a database at the application
back end. Bob wants to validate whether SQL Injection would be possible.
What is the first character that Bob should use to attempt breaking valid SQL
requests?
A. Semi Column
B. Double Quote
C. Single Quote
D. Exclamation Mark
When a malicious hacker identifies a target and wants to eventually compromise
this target, what would be among the first steps that he would perform? (Choose the
best answer)
A. Cover his tracks by eradicating the log files and audit trails.
B. Gain access to the remote computer in order to conceal the venue of attacks.
C. Perform a reconnaissance of the remote target for identical of venue of attacks.
D. Always begin with a scan in order to quickly identify venue of attacks.
A particular database threat utilizes a SQL injection technique to penetrate a target
system. How would an attacker use this technique to compromise a database?
A. An attacker uses poorly designed input validation routines to create or alter SQL
commands to gain access to unintended data or execute commands of the database
B. An attacker submits user input that executes an operating system command to
compromise a target system
C. An attacker gains control of system to flood the target system with requests,
preventing legitimate users from gaining access
D. An attacker utilizes an incorrect configuration that leads to access with
higher-than-expected privilege of the database
WEP is used on 802.11 networks, what was it designed for?
A. WEP is designed to provide a wireless local area network (WLAN) with a level of
security and privacy comparable to what it usually expected of a wired LAN.
B. WEP is designed to provide strong encryption to a wireless local area network (WLAN)
with a lever of integrity and privacy adequate for sensible but unclassified information.
C. WEP is designed to provide a wireless local area network (WLAN) with a level of
availability and privacy comparable to what is usually expected of a wired LAN.
D. WEOP is designed to provide a wireless local area network (WLAN) with a level of
privacy comparable to what it usually expected of a wired LAN.
RC4 is known to be a good stream generator. RC4 is used within the WEP standard
on wireless LAN. WEP is known to be insecure even if we are using a stream cipher
that is known to be secured.
What is the most likely cause behind this?
A. There are some flaws in the implementation.
B. There is no key management.
C. The IV range is too small.
D. All of the above.
E. None of the above.
In an attempt to secure his wireless network, Bob implements a VPN to cover the
wireless communications. Immediately after the implementation, users begin
complaining about how slow the wireless network is. After benchmarking the
network's speed. Bob discovers that throughput has dropped by almost half even
though the number of users has remained the same.
Why does this happen in the VPN over wireless implementation?
A. The stronger encryption used by the VPN slows down the network.
B. Using a VPN with wireless doubles the overhead on an access point for all direct
client to access point communications.
C. VPNs use larger packets then wireless networks normally do.
D. Using a VPN on wireless automatically enables WEP, which causes additional
overhead.
In an attempt to secure his wireless network, Bob turns off broadcasting of the
SSID. He concludes that since his access points require the client computer to have
the proper SSID, it would prevent others from connecting to the wireless network.
Unfortunately unauthorized users are still able to connect to the wireless network.
Why do you think this is possible?
A. Bob forgot to turn off DHCP.
B. All access points are shipped with a default SSID.
C. The SSID is still sent inside both client and AP packets.
D. Bob's solution only works in ad-hoc mode.
Which of the following is NOT a reason 802.11 WEP encryption is vulnerable?
A. There is no mutual authentication between wireless clients and access points
B. Automated tools like AirSnort are available to discover WEP keys
C. The standard does not provide for centralized key management
D. The 24 bit Initialization Vector (IV) field is too small
Which of the following is true of the wireless Service Set ID (SSID)? (Select all that
apply.)
A. Identifies the wireless network
B. Acts as a password for network access
C. Should be left at the factory default setting
D. Not broadcasting the SSID defeats NetStumbler and other wireless discovery tools
Which of the following wireless technologies can be detected by NetStumbler?
(Select all that apply)
A. 802.11b
B. 802.11e
C. 802.11a
D. 802.11g
E. 802.11
Virus Scrubbers and other malware detection program can only detect items that
they are aware of. Which of the following tools would allow you to detect
unauthorized changes or modifications of binary files on your system by unknown
malware?
A. System integrity verification tools
B. Anti-Virus Software
C. A properly configured gateway
D. There is no way of finding out until a new updated signature file is released
What are the main drawbacks for anti-virus software?
A. AV software is difficult to keep up to the current revisions.
B. AV software can detect viruses but can take no action.
C. AV software is signature driven so new wxploits are not detected.
D. It's relatively easy for an attacker to change the anatomy of an attack to bypass AV
systems
E. AV software isn't available on all major operating systems platforms.
F. AV software is very machine (hardware) dependent.
What is the best means of prevention against viruses?
A. Assign read only permission to all files on your system.
B. Remove any external devices such as floppy and USB connectors.
C. Install a rootkit detection tool.
D. Install and update anti-virus scanner.
Melissa is a virus that attacks Microsoft Windows platforms.
To which category does this virus belong?
A. Polymorphic
B. Boot Sector infector
C. System
D. Macro
The Slammer Worm exploits a stack-based overflow that occurs in a DLL
implementing the Resolution Service.
Which of the following Database Server was targeted by the slammer worm?
A. Oracle
B. MSSQL
C. MySQL
D. Sybase
E. DB2
