Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CIW 1D0-571 - CIW v5 Security Essentials

CIW 1D0-571 Premium Access     Download Demo    
Page: 1 / 2
Total 62 questions

You want to create a certificate for use in a Secure Sockets Layer (SSL) session. Which of the following is responsible for verifying the identity of an individual and also issuing the certificate?

A.

Kerberos server

B.

Certificate authority

C.

Certificate revocation entity

D.

Certificate repository

An application is creating hashes of each file on an attached storage device. Which of the following will typically occur during this process?

A.

An increase in the amount of time it takes for the system to respond to requests

B.

Reduced risk of an attack

C.

Increased risk of an attack

D.

A reduction in the amount of time it takes for the system to respond to requests

Which choice lists typical firewall functions?

A.

Creating a VLAN and configuring the intrusion-detection system

B.

Issuing alerts and limiting host access

C.

Logging traffic and creating a choke point

D.

Implementing the security policy and scanning the internal network

Which of the following is the primary weakness of symmetric-key encryption?

A.

Data encrypted using symmetric-key encryption is subject to corruption during transport.

B.

Symmetric-key encryption operates slower than asymmetric-key encryption.

C.

Symmetric-key encryption does not provide the service of data confidentiality.

D.

Keys created using symmetric-key encryption are difficult to distribute securely.

You have determined that an attack is currently underway on your database server. An attacker is currently logged in, modifying data. You want to preserve logs, caching and other data on this affected server. Which of the following actions will best allow you to stop the attack and still preserve data?

A.

Pull the server network cable

B.

Shut down the server

C.

Back up the system logs

D.

Force an instant password reset

You have just deployed an application that uses hash-based checksums to monitor changes in the configuration scripts of a database server that is accessible via the Internet. Which of the following is a primary concern for this solution?

A.

The extra hard disk space required to store the database of checksums

B.

The amount of memory remaining now that the checksum-based application is running

C.

The possibility of a buffer overflow attack leading to a security breach

D.

The security of the checksum database on a read-only media format

Which of the following details should be included in documentation of an attack?

A.

An overview of the security policy and suggestions for the next response plan

B.

Estimates of how much the attack cost the company, and a list of the applications used by the attacker

C.

The time and date of the attack, and the names of employees who were contacted during the response

D.

The network resources involved in the attack, and recommendations for thwarting future attacks

Consider the following diagram:

Which type of attack is occurring?

A.

Polymorphic virus-based attack

B.

Denial-of-service attack

C.

Distributed denial-of-service attack

D.

Man-in-the-middle attack using a packet sniffer

A CGI application on the company's Web server has a bug written into it. This particular bug allows the application to write data into an area of memory that has not been properly allocated to the application. An attacker has created an application that takes advantage of this bug to obtain credit card information. Which of the following security threats is the attacker exploiting, and what can be done to solve the problem?

A.

- Buffer overflow

- Work with the Web developer to solve the problem

B.

- SQL injection

- Work with a database administrator to solve the problem

C.

- Denial of service

- Contact the organization that wrote the code for the Web server

D.

- Man-in-the-middle attack

- Contact the company auditor

Which of the following is a primary weakness of asymmetric-key encryption?

A.

It is slow because it requires extensive calculations by the computer.

B.

It can lead to the corruption of encrypted data during network transfer.

C.

It is reliant on the Secure Sockets Layer (SSL) standard, which has been compromised.

D.

It is difficult to transfer any portion of an asymmetric key securely.