CIW 1D0-571 Exam Practice Test Instant Access

Question 1

Which of the following applications can help determine whether a denial-of-service attack is occurring against a network host?

AThe netstat command and a packet sniffer

BThe ps command and a network scanner

CThe ping command and User Manager

DThe iptables command and Windows desktop firewall

Answer : A

Question 2

You have been asked to encrypt a large file using a secure encryption algorithm so you can send it via e-mail to your supervisor. Encryption speed is important. The key will not be transmitted across a network. Which form of encryption should you use?

AAsymmetric

BPGP

CHash

DSymmetric

Answer : D

Question 3

At what layer of the OSI/RM does a packet filter operate?

ALayer 1

BLayer 3

CLayer 5

DLayer 7

Answer : B

Question 4

What is the primary drawback of using symmetric-key encryption?

AKey transport across a network

BSpeed of encryption

CDenial-of-service attacks

DInability to support convergence traffic

Answer : A

Question 5

A distributed denial-of-service (DDOS) attack has occurred where both ICMP and TCP packets have crashed the company's Web server. Which of the following techniques will best help reduce the severity of this attack?

AFiltering traffic at the firewall

BChanging your ISP

CInstalling Apache Server rather than Microsoft IIS

DPlacing the database and the Web server on separate systems

Answer : A

Question 6

You have just deployed an application that uses hash-based checksums to monitor changes in the configuration scripts of a database server that is accessible via the Internet. Which of the following is a primary concern for this solution?

AThe extra hard disk space required to store the database of checksums

BThe amount of memory remaining now that the checksum-based application is running

CThe possibility of a buffer overflow attack leading to a security breach

DThe security of the checksum database on a read-only media format

Answer : D

Question 7

A disgruntled employee has discovered that the company Web server is not protected against particular buffer overflow vulnerability. The disgruntled employee has created an application to take advantage of this vulnerability and secretly obtain sensitive data from the Web server's hard disk. This application sends a set of packets to the Web server that causes it to present an unauthenticated terminal with root privileges. What is the name for this particular type of attack?

AMan-in-the-middle attack

BTrojan

CDenial of service

DZero-day attack

Answer : D

CIW 1D0-571 CIW Web Security Associate Exam Practice Test