Question 1

Which of the following errors most commonly occurs when responding to a security breach?

Accepted Answer

Making snap judgments based on emotions can lead to improper handling of the breach, whereas following company policy ensures a structured and effective response.

Question 2

You have determined that the company Web server has several vulnerabilities, including a buffer overflow that has resulted in an attack. The Web server uses PHP and has direct connections to an Oracle database server. It also uses many CGI scripts. Which of the following is the most effective way to respond to this attack?

Accepted Answer

Installing software updates for the Web server daemon is the most effective way to respond to vulnerabilities, including buffer overflow, as updates often include patches for known security issues.

Question 3

What is the primary drawback of using symmetric-key encryption?

Accepted Answer

The primary drawback of symmetric-key encryption is the challenge of securely transporting the key across a network, as both parties need to have access to the same secret key.

Question 4

A new server has been placed on the network. You have been assigned to protect this server using a packet-filtering firewall. To comply with this request, you have enabled the following ruleset:  Which choice describes the next step to take now that this ruleset has been enabled?

Accepted Answer

The answer of A new server has been placed on...

Question 5

A CGI application on the company's Web server has a bug written into it. This particular bug allows the application to write data into an area of memory that has not been properly allocated to the application. An attacker has created an application that takes advantage of this bug to obtain credit card information. Which of the following security threats is the attacker exploiting, and what can be done to solve the problem?

Accepted Answer

The attacker is exploiting a buffer overflow vulnerability. To solve the problem, the web developer should fix the code to ensure proper memory allocation and bounds checking.

Question 6

A security breach has occurred involving the company e-commerce server. Customer credit card data has been released to unauthorized third parties. Which of the following lists the appropriate parties to inform?

Accepted Answer

Affected customers need to be informed about the breach so they can take protective measures. Credit card companies should be notified to monitor for fraudulent activity. Law enforcement agencies should be informed to investigate the breach.

Question 7

Which of the following is a typical target of a trojan on a Linux system?

Accepted Answer

Trojans on Linux systems often target kernel modules to gain deeper access and control over the system, as they are critical components of the operating system.

Question 8

A security breach has occurred in which a third party was able to obtain and misuse legitimate authentication information. After investigation, you determined that the specific cause for the breach was that end users have been placing their passwords underneath their keyboards. Which step will best help you resolve this problem?

Accepted Answer

Setting passwords to expire at specific intervals and establishing mandatory continual training sessions will address the root cause by educating users on proper password management and ensuring they regularly update their passwords.

Question 9

You have implemented a version of the Kerberos protocol for your network. What service does Kerberos primarily offer?

Accepted Answer

Kerberos primarily offers authentication services by verifying the identities of users and services in a network.

Question 10

Which of the following is the most likely first step to enable a server to recover from a denial-of-service attack in which all hard disk data is lost?

Accepted Answer

Contacting the backup service is the most likely first step to recover lost data, as backups are specifically meant for data recovery in case of data loss.

Question 11

A disgruntled employee has discovered that the company Web server is not protected against a particular buffer overflow vulnerability. The disgruntled employee has created an application to take advantage of this vulnerability and secretly obtain sensitive data from the Web server's hard disk. This application sends a set of packets to the Web server that causes it to present an unauthenticated terminal with root privileges. What is the name for this particular type of attack?

Accepted Answer

A zero-day attack exploits a previously unknown vulnerability, which in this case is the buffer overflow vulnerability that the company was unaware of.

Question 12

You are using a PKI solution that is based on Secure Sockets Layer (SSL). Which of the following describes the function of the asymmetric-key-encryption algorithm used?

Accepted Answer

The asymmetric-key-encryption algorithm in SSL is used to encrypt the symmetric key, which is then used for encrypting the actual data. This ensures secure key exchange over an insecure channel.

Question 13

The most popular types of proxy-oriented firewalls operate at which layer of the OSI/RM?

Accepted Answer

Proxy-oriented firewalls, also known as application-level gateways, operate at the Application layer of the OSI model, where they can inspect and filter traffic based on application data.

Question 14

You want to create a quick solution that allows you to obtain real-time login information for the administrative account on an LDAP server that you feel may become a target. Which of the following will accomplish this goal?

Accepted Answer

Creating a login script for the administrative account that records logins to a separate server will allow you to obtain real-time login information effectively.

Question 15

At the beginning of an IPsec session, which activity occurs during the Internet Key Exchange (IKE)?

Accepted Answer

During the Internet Key Exchange (IKE) process, the authentication method is negotiated to ensure secure communication between the parties involved in the IPsec session.

Question 16

You purchased a network scanner six months ago. In spite of regularly conducting scans using this software, you have noticed that attackers have been able to compromise your servers over the last month. Which of the following is the most likely explanation for this problem?

Accepted Answer

The network scanner likely needs an update to detect the latest vulnerabilities and threats that attackers might be exploiting.

Question 17

What is the primary use of hash (one-way) encryption in networking?

Accepted Answer

Hash (one-way) encryption is primarily used for signing files to ensure data integrity, as it allows verification that the data has not been altered.

Question 18

You have implemented a service on a Linux system that allows a user to read and edit resources. What is the function of this service?

Accepted Answer

The service that allows a user to read and edit resources is related to access control, which manages permissions and rights to resources.

Question 19

Consider the following series of commands from a Linux system: iptables -A input -p icmp -s 0/0 -d 0/0 -j REJECT Which explanation best describes the impact of the resulting firewall ruleset?

Accepted Answer

The command adds a rule to reject all incoming ICMP packets, which includes ping requests, from any source to any destination, preventing remote networks from using ping for troubleshooting.

Question 20

Which of the following will best help you ensure a database server can withstand a recently discovered vulnerability?

Accepted Answer

Installing a system update is the most effective way to ensure a database server can withstand a recently discovered vulnerability, as updates often include patches that fix security issues.

Exam 4: CIW v5 Security Essentials