Question 1

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risks and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

Options :

A : verification

B : Risk assessment

C : Vulnerability scan

D : Remediation

Answer: D

Question 2

Which of the following commands checks for valid users on an SMTP server?

Options :

A : RCPT

B : CHK

C : VRFY

D : EXPN

Answer: C

Question 3

One of your team members has asked you to analyze the following SOA record.

What is the TTL? Rutgers.edu.SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.)

Options :

A : 200303028

B : 3600

C : 604800

D : 2400

E : 60

F : 4800

Answer: D

Question 4

What type of a vulnerability/attack is it when the malicious person forces the user’s browser to send an authenticated request to a server?

Options :

A : Session hijacking

B : Server side request forgery

C : Cross-site request forgery

D : Cross-site scripting

Answer: C

Question 5

An attacker scans a host with the below command. Which three flags are set? # nmap -sX host.domain.com

Options :

A : This is SYN scan. SYN flag is set.

B : This is Xmas scan. URG, PUSH and FIN are set.

C : This is ACK scan. ACK flag is set.

D : This is Xmas scan. SYN and ACK flags are set.

Answer: B