- (Topic 23)
This is an authentication method in which is used to prove that a party knows a password without transmitting the password in any recoverable form over a network. This authentication is secure because the password is never transmitted over the network, even in hashed form; only a random number and an encrypted random number are sent.

1. A. Realm Authentication
2. B. SSL Authentication
3. C. Basic Form Authentication
4. D. Cryptographic Authentication
5. E. Challenge/Response Authentication

Correct Answer: E
Challenge-Response Authentication The secure Challenge-Response Authentication Mechanism (CRAM-MD5) avoids passing a cleartext password
over the network when you access your email account, ensuring that your login details cannot be captured and used by anyone in transit. http://www.neomailbox.com/component/content/article/212-hardware-token-authentication

- (Topic 2)
Which of the following activities will NOT be considered as passive footprinting?

1. A. Go through the rubbish to find out any information that might have been discarded.
2. B. Search on financial site such as Yahoo Financial to identify assets.
3. C. Scan the range of IP address found in the target DNS database.
4. D. Perform multiples queries using a search engine.

Correct Answer: C
Passive footprinting is a method in which the attacker never makes contact with the target systems. Scanning the range of IP addresses found in the target DNS is considered making contact to the systems behind the IP addresses that is targeted by the scan.

- (Topic 5)
Samuel is the network administrator of DataX communications Inc. He is trying to configure his firewall to block password brute force attempts on his network. He enables blocking the intruder’s IP address for a period of 24 hours time after more than three unsuccessful attempts. He is confident that this rule will secure his network hackers on the Internet.
But he still receives hundreds of thousands brute-force attempts generated from various IP addresses around the world. After some investigation he realizes that the intruders are using a proxy somewhere else on the Internet which has been scripted to enable the random usage of various proxies on each request so as not to get caught by the firewall use.
Later he adds another rule to his firewall and enables small sleep on the password attempt so that if the password is incorrect, it would take 45 seconds to return to the user to begin another attempt. Since an intruder may use multiple machines to brute force the password, he also throttles the number of connections that will be prepared to accept from a particular IP address. This action will slow the intruder’s attempts.
Samuel wants to completely block hackers brute force attempts on his network.
What are the alternatives to defending against possible brute-force password attacks on his site?

1. A. Enforce a password policy and use account lockouts after three wrong logon attempts even through this might lock out legit users
2. B. Enable the IDS to monitor the intrusion attempts and alert you by e-mail about the IP address of the intruder so that you can block them at the firewall manually
3. C. Enforce complex password policy on your network so that passwords are more difficult to brute force
4. D. You can’t completely block the intruders attempt if they constantly switch proxies

Correct Answer: D
Without knowing from where the next attack will come there is no way of proactively block the attack. This is becoming a increasing problem with the growth of large bot nets using ordinary workstations and home computers in large numbers.

- (Topic 16)
June, a security analyst, understands that a polymorphic virus has the ability to mutate and can change its known viral signature and hide from signature-based antivirus programs. Can June use an antivirus program in this case and would it be effective against a polymorphic virus?

1. A. N
2. B. June can't use an antivirus program since it compares the size of executable files to the database of known viral signatures and it is effective on a polymorphic virus
3. C. Ye
4. D. June can use an antivirus program since it compares the parity bit of executable files to the database of known check sum counts and it is effective on a polymorphic virus
5. E. Ye
6. F. June can use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and it is very effective against a polymorphic virus
7. G. N
8. H. June can't use an antivirus program since it compares the signatures of executable files to the database of known viral signatures and in the case the polymorphic viruses cannot be detected by a signature-based anti-virus program

Correct Answer: D
Although there are functions like heuristic scanning and sandbox technology, the Antivirus program is still mainly depending of signature databases and can only find already known viruses.

- (Topic 23)
WWW wanderers or spiders are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages. Search engines like Google, frequently spider web pages for indexing.
How will you stop web spiders from crawling certain directories on your website?

1. A. Place robots.txt file in the root of your website with listing of directories that you don't want to be crawled
2. B. Place authentication on root directories that will prevent crawling from these spiders
3. C. Place "HTTP:NO CRAWL" on the html pages that you don't want the crawlers to index
4. D. Enable SSL on the restricted directories which will block these spiders from crawling

Correct Answer: A
WWW Robots (also called wanderers or spiders) are programs that traverse many pages in the World Wide Web by recursively retrieving linked pages.
The method used to exclude robots from a server is to create a file on the server which specifies an access policy for robots.
This file must be accessible via HTTP on the local URL "/robots.txt". http://www.robotstxt.org/orig.html#format