ECSAv10 Free Practice Test

Which of the following is the objective of Gramm-Leach-Bliley Act?

1. A. To ease the transfer of financial information between institutions and banks
2. B. To protect the confidentiality, integrity, and availability of data
3. C. To set a new or enhanced standards for all U.
4. D. public company boards, management and public accounting firms
5. E. To certify the accuracy of the reported financial statement

Correct Answer: A

Which of the following external pen testing tests reveals information on price, usernames and passwords, sessions, URL characters, special instructors, encryption used, and web page behaviors?

1. A. Check for Directory Consistency and Page Naming Syntax of the Web Pages
2. B. Examine Server Side Includes (SSI)
3. C. Examine Hidden Fields
4. D. Examine E-commerce and Payment Gateways Handled by the Web Server

Correct Answer: C

Which of the following approaches to vulnerability assessment relies on the administrator providing baseline of system configuration and then scanning continuously without incorporating any information found at the time of scanning?

1. A. Service-based Assessment Solutions
2. B. Product-based Assessment Solutions
3. C. Tree-based Assessment
4. D. Inference-based Assessment

Correct Answer: C

What is the following command trying to accomplish?

1. A. Verify that NETBIOS is running for the 192.168.0.0 network
2. B. Verify that TCP port 445 is open for the 192.168.0.0 network
3. C. Verify that UDP port 445 is open for the 192.168.0.0 network
4. D. Verify that UDP port 445 is closed for the 192.168.0.0 networks

Correct Answer: C

Today, most organizations would agree that their most valuable IT assets reside within applications and databases. Most would probably also agree that these are areas that have the weakest levels of security, thus making them the prime target for malicious activity from system administrators, DBAs, contractors, consultants, partners, and customers.

Which of the following flaws refers to an application using poorly written encryption code to securely encrypt and store sensitive data in the database and allows an attacker to steal or modify weakly protected data such as credit card numbers, SSNs, and other authentication credentials?

1. A. SSI injection attack
2. B. Insecure cryptographic storage attack
3. C. Hidden field manipulation attack
4. D. Man-in-the-Middle attack

Correct Answer: B