1. Why are database attacks that inject data a concern for organizations?A. False data might be addedB. Malicious code could be injectedC. Databases could be filledD. All of the above2. Which of the following options is a useful defense against database attacks?A. Nonstandard portsB. FirewallsC.OS securityD. All of the above3. What is XSS?A. eXtensible Security ScannerB. Cross-site ScriptingC. Both A and BD. Neither A nor B4. What type of malware attempts to trick victims into purchasing software or providing their credit card numbers?A. VirusB. ScarewareC. HoaxD. Logic Bomb5. What is the name of a virus that changes itself when it spreads?A. MultipartiteB. MacroC. PolymorphicD. Boot sector6. Which of the following is a piece of code or software designed to lie in wait on a system until a specified event occurs?A. Logic bombB. ScarewareC. HoaxD. Virus7. Which of the following types of viruses is designed to make the user take action even though no infection or threat exists?A. HoaxB. MacroC. PolymorphicD. Multipartite8. Which of the following communication methods employs security mechanisms called trusted devices?A.802.11B. InfraredC. BluetoothD.CSMA9. WEP is vulnerable to __________.A. crackingB. DoSC. sniffingD. viruses10. Using MAC filtering and enabling WPA2 encryption are examples of what sort of wireless security activity?A. Security through obscurityB. Locking down wireless accessC. Outmoded security practicesD. Methods to prevent legitimate wireless access11. What capability is provided by inSSIDer?A.WLAN access point troubleshootingB. Infrared scanningC. Bluetooth scanningD. Wi-Fi security analysis reporting12. In Linux which of the following correctly denotes a hard drive in a machine?A.mount_hda1B.c:/drive1/C./dev/hda1/D./mnt/drive1/13. Which of the following Linux directories contains system variables such as print and mail spoolers log files and process IDs?/var14. Approximately how many distributions of Linux are available in different forms and formats?A.100B.200C.1000D.200015. Who originally designed and created Linux?A. Bill GatesB. Linus TorvaldsC. Steve JobsD. Joseph Linux16. Which of the following is best suited for environments where critical system-level assets need to be monitored?A.HIDSB. FirewallC.NIDSD.VPN17. Which of the following best describes a proxy firewall?A. It sends traffic through another host.B. It acts as a gateway for requests arriving from the client.C. It checks only the IP and protocol.D. It is typically run on the host system18. Which of the following provides the ability to monitor a network host or application and report back when suspicious activity is detected?A.IDSB. Proxy serverC.VPND.DMZ19. All but which of the following is commonly included in a security policy?A. Appropriate response guidelines for the given security incidentB. The means through which responsible parties will be notifiedC. The responsible person or parties that will take lead for respondingD. The city evacuation routes and emergency shelter contact information20. Installing Netcat on a remote system by using an exploit is an example of what type of attack?A. Privilege escalationB. Default software exploitC. Installing a back doorD. Rootkit installation21. Which of the following best describes what occurs when a user attempts a connection to a Windows system without the standard username and password being provided?A. NULL sessionB. Privilege escalationC. EnumerationD. Backdoor22. Which of the following best describes what occurs when a lower-level account is cracked in order to obtain increased access?A.NULL sessionB. Privilege escalationC. EnumerationD. Backdoor23. Which of the following is an attack that uses the rights of a low-privilege user to assume higher privileges?A. Root attackB. User emulationC. Rights modificationD. Privilege escalation24. Which of the following is an example of inserting traffic into another system’s traffic to take over its connection?A. A session hijackingB. An illegal activityC. A tactic that enquires encryptionD. A user is using Wireshark25. Which of the following attacks generally involves one computer targeting another seeking to shut it down and deny legitimate use of its services?A. Passive session hijackingB. Active session hijackingC. Denial of ServiceD. Covert channel26. Which of the following takes place on networks such as those that have a hub as the connectivity device?A. Passive sniffingB. Promiscuous sniffingC. Active sniffingD. Switched sniffing27. Which of the following methods allows attackers to merge their intended payload with a harmless executable to create a single executable from the two?A. Construction kitB. WrapperC. RootkitD. Covert channel28. Which of the following describes valid protection against malware?A. Patching and updatesB. AntivirusC. User educationD. All of the above29. Which of the following is a type of Trojan designed to give an attacker control over a victim’s system?A. Data sendingB. Remote accessC. DestructiveD. Denial of Service (DoS)30. Which of the following terms describes a malware program that helps the attacker gain remote access to a system?A. SpywareB. BackdoorC. VirusD. Worm