- (Topic 12)
Bob is a very security conscious computer user. He plans to test a site that is known to have malicious applets, code, and more. Bob always make use of a basic Web Browser to perform such testing.
Which of the following web browser can adequately fill this purpose?
Correct Answer:
C
Lynx is a program used to browse the World Wide Web, which works on simple text terminals, rather than requiring a graphical computer display terminal.
- (Topic 14)
What is the problem with this ASP script (login.asp)?
<%
Set objConn = CreateObject("ADODB.Connection") objConn.Open Application("WebUsersConnection")
sSQL="SELECT * FROM Users where Username=? & Request("user") & _ "?and Password=? & Request("pwd") & "?
Set RS = objConn.Execute(sSQL)
If RS.EOF then Response.Redirect("login.asp?msg=Invalid Login") Else
Session.Authorized = True
Set RS = nothing
Set objConn = nothing Response.Redirect("mainpage.asp") End If
%>
Correct Answer:
B
- (Topic 23)
Trojan horse attacks pose one of the most serious threats to computer security. The image below shows different ways a Trojan can get into a system. Which are the easiest and most convincing ways to infect a computer?
Correct Answer:
B
- (Topic 11)
____ will let you assume a users identity at a dynamically generated web page or site.
Correct Answer:
C
Cross site scripting is also referred to as XSS or CSS. You must know the user is online and you must scam that user into clicking on a link that you have sent in order for this hack attack to work.
- (Topic 3)
Why would an attacker want to perform a scan on port 137?
Correct Answer:
D
Microsoft encapsulates netbios information within TCP/Ip using ports 135-139. It is trivial for an attacker to issue the following command:
nbtstat -A (your Ip address)
from their windows machine and collect information about your windows machine (if you are not blocking traffic to port 137 at your borders).
