A project team member has just identified a new project risk. The risk event is determined to have significant impact but a low probability in the project. Should the risk event happen it'll cause the project to be delayed by three weeks, which will cause new risk in the project. What should the project manager do with the risk event?
Which of the following penetration testing phases involves reconnaissance or data gathering?
Which of the following are the countermeasures against WEP cracking?
Each correct answer represents a part of the solution. Choose all that apply.
An organization has a standardized change management plan that all project managers must adhere to. A project manager has worked with the Change Control Board in his organization to approve a change to project scope. What should the standardized change management plan require the project manager to do with the approved scope change?
According to the security requirements given in case study, which of the following security method should you implement to provide data security between NSILegal and NSIHR?
(Click the Exhibit button on the toolbar to see the case study.)
Which of the following technologies is used to detect unauthorized attempts to access and manipulate computer systems locally or through the Internet or an intranet?
You work as a technician for Secure Net Inc. You receive an e-mail from your software vendor.
The e-mail contains information about a critical fix that needs to be installed on your computer. It further states that if this patch is not installed right away, your system will crash and you will lose all your data. Now they require your maintenance account password.
Which of the following types of security attacks do you think it is?
What is another term that can be assigned to the pre-program analysis and research to determine if a program should be initiated?
Which of the following statements are true about SSIDs?
Each correct answer represents a complete solution. Choose all that apply.
You work as a technician for Tech Perfect Inc. A user named Rick calls you. He wants to configure a wireless network for his small office. He wants to adopt a wireless technology that supports high data transfer speed. Which of the following technologies will you suggest?
A Web developer with your company wants to have wireless access for contractors that come in to work on various projects. The process of getting this approved takes time. So rather than wait, he has put his own wireless router attached to one of the network ports in his department. What security risk does this present?
Which of the following RAID levels will you use to implement a RAID system for providing fault tolerance to a database?
IDS systems can be classified in many different ways. Which of the following is not a way that IDS systems are commonly classified?
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server. Which of the following are countermeasures against a brute force attack?
Each correct answer represents a complete solution. Choose all that apply.
Andrew works as a Network Administrator for Infonet Inc. The company's network has a Web server that hosts the company's Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use?
Each correct answer represents a complete solution. Choose two.
Which of the following encrypts its code differently with each infection or generation of infections?
A user has opened a Web site that automatically starts downloading malicious code onto his computer.
What should he do to prevent this?
Each correct answer represents a complete solution. Choose two.
John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He performs Web vulnerability scanning on the We-are-secure server. The output of the scanning test is as follows:
C:\whisker.pl -h target_IP_address
-- whisker / v1.4.0 / rain forest puppy / www.wiretrip.net -- = - = - = - = - =
= Host: target_IP_address
= Server: Apache/1.3.12 (Win32) ApacheJServ/1.1
mod_ssl/2.6.4 OpenSSL/0.9.5a mod_perl/1.22
+ 200 OK: HEAD /cgi-bin/printenv
John recognizes /cgi-bin/printenv vulnerability ('Printenv' vulnerability) in the We_are_secure server. Which of the following statements about 'Printenv' vulnerability are true?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is a model that uses a predefined set of access privileges for an object of the system?
Which of the following honeypots captures limited amounts of information, mainly transactional data and some limited interaction?
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2003 Active Directory domain-based network. The domain consists of four domain controllers, six Windows 2003 member servers, and 500 Windows XP Professional client computers. The PKI infrastructure is already configured on the network. The current configuration of the network allows only managers to use EFS on local computers. Sometimes Mark faces problems when managers lose their private keys due to the user profile becoming corrupt or being lost. Due to this, the files that were persistently encrypted by using the corresponding public key are inaccessible. He wants to restore access to the encrypted files as quickly as possible. What will he do to accomplish the task?
SSH is a network protocol that allows data to be exchanged between two networks using a secure channel. Which of the following encryption algorithms can be used by the SSH protocol?
Each correct answer represents a complete solution. Choose all that apply.
You are concerned about possible hackers doing penetration testing on your network as a prelude to an attack. What would be most helpful to you in finding out if this is occurring?
Which of the following terms describes the statement given below?
"It is a cryptographic protocol that provides security and data integrity for communications over networks such as the Internet."
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using the Linux operating system. He wants to use a wireless sniffer to sniff the We-are-secure network. Which of the following tools will he use to accomplish his task?
You are configuring IPS (Intrusion Prevention System) on a Cisco IOS router. The IPS Policy Wizard window opens when you confirm the SDEE messages. Which of the following tasks can you perform using the IPS Policy Wizard window?
Each correct answer represents a complete solution. Choose all that apply.
Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?
Each correct answer represents a complete solution. Choose two.
You are responsible for security at a company that specializes in e-commerce. You realize that given the high volume of Web traffic, there is a significant chance of someone being able to breach your perimeter. You want to make sure that should this occur, you can redirect the attacker away from sensitive data. How would you best accomplish this?
Fill in the blank with the appropriate term.
NOTE. Do not use abbreviation.
________ is a configurable client identification that allows a client to communicate with a particular base station.
Which of the following processes is described in the statement below?
"This is the process of numerically analyzing the effect of identified risks on overall project objectives."
Janet is the project manager of the NHQ Project for her company. Janet is nearly done leading the project and there have been no cost or schedule overruns in the development of the new software for her company. The project team has been completing their work on time and there is still $75,000 left in the project budget. Janet decides to have the project team implement some extra features to the project scope to use all of the $75,000 in the budget even though the customer didn't specifically ask for the added features. This scenario is an example of which one of the following?
Which of the following is a virus that can redirect the disk head to read another sector instead of the one in which it resides?
You have been asked to create a project charter for a new database project. Management has stressed that in order to effectively create a project charter, you'll first need to understand all of the following except for which one?
You work as a Network Administrator for NetTech Inc. You want to have secure communication on the company's intranet. You decide to use public key and private key pairs. What will you implement to accomplish this?
John works as a professional Ethical Hacker. He has been assigned the task of testing the security of www.we-are-secure.com. He installs a sniffer on the We-are-secure server thinking that the following protocols of the We-are-secure server are being used in the network:
HTTP
SSL
SSH
IPSec
Considering the above factors, which of the following types of packets can he expect to see captured in encrypted form when he checks the sniffer's log file?
Each correct answer represents a complete solution. Choose all that apply.
Fill in the blank with the appropriate tool name.
________ is a wireless network cracking tool that exploits the vulnerabilities in the RC4 Algorithm, which comprises the WEP security parameters.
You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?
Which of the following features of IE prevent users from a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number?
You are the project manager for your organization and are trying to determine which vendor your organization will use. You have determined that any vendor that would like to bid on your project work will need to have a Microsoft Certified System Engineer on staff, have eight years of Cisco experience, and have at least two references from similar projects. What have you created in this scenario?
Kerberos is a computer network authentication protocol that allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. Which of the following statements are true about the Kerberos authentication scheme?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following statements about Encapsulating Security Payload (ESP) is true?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys. The description of the tool is as follows:
Which of the following tools is John using to crack the wireless encryption keys?
Which of the following features is used to generate spam on the Internet by spammers and worms?
The Incident handling process implemented in an enterprise is responsible to deal with all the incidents regarding the enterprise. Which of the following procedures will be involved by the preparation phase of the Incident handling process?
Which model is a software development process combining elements of both design and prototyping-in-stages, in an effort to combine advantages of top-down and bottom-up concepts?
Which of the following is responsible for maintaining certificates in a public key infrastructure (PKI)?
You work as an Exchange Administrator for McRobert Inc. You are configuring a new Exchange 2000 Server computer and two storage groups, group A and group B, on your network. You have to configure the physical disks on the Exchange 2000 Server computer to provide better performance and availability. Which configuration will you use to achieve this?
Nancy is the project manager for a new construction project. There are several occupational safety codes, which must be included in the project requirements. These requirements are nonnegotiable and the customer must pay for the safety measures, inspections, and training for the project team. What term best describes the cost associated with these safety requirements?
Which of the following generates MD5 hashes to check the MD5 value for each file processed and compares it with other MD5 strings?
In which of the following does an attacker use multiple computers throughout the network that has been previously infected?
Which of the following protocols are used to provide secure communication between a client and a server over the Internet?
Each correct answer represents a part of the solution. Choose two.
Rick works as the Network Administrator of a Windows 2000 network. The network consists of 30 domain controllers, 65 member servers, and 5000 workstations. All the computers on the network use Windows 2000 Advanced Server, Windows 2000 Server, and Windows 2000 Professional operating systems. The Windows 2000 Advanced Server computers are running the Cluster Service. The network uses TCP/IP as its only protocol. Once a week Rick works from home. But rest of the weekdays, he has to travel. Rick wants to be able to remotely administer each Windows 2000 server on his network with the following considerations:
• He must be able to establish a VPN connection to the Windows 2000 Server computers on the network from his home, so that the data remain encrypted and encapsulated during data transfer.
• While traveling , he must be able to connect to the network from a laptop computer via remote access connection, so that he can perform any task on the main Windows 2000 domain controller.
• While traveling, he must be able to edit the registry of the Windows 2000 Server computer.
• During the migration process to Windows 2000, he depleted all the financial resources for licensing. Therefore, he must not be required to add additional licenses to the network.
Rick takes the following actions:
• He implements the VPN connection on the proper server, the laptop computer, and the home computer.
• He configures the VPN connection to use the IPSec protocol in Encapsulating Security Payload (ESP) Tunnel Mode.
• He implements Windows 2000 Terminal Services using the Remote Administration mode on the Windows 2000 servers.
• He installs and configures Routing and Remote Access properly.
Which of the following goals will be accomplished by these actions?
Each correct answer represents a complete solution. Choose all that apply.
Which of the following is used to provide the service of exchanging data directly between two hosts on the same network?
Which of the following is a process of monitoring data packets that travel across a network?
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.
Which of the following are symptoms of a virus attack on your computer?
Each correct answer represents a complete solution. Choose two.
Which of the following is a type of encryption that uses a single key to encrypt and decrypt data?
Victor wants to use Wireless Zero Configuration (WZC) to establish a wireless network connection using his computer running on Windows XP operating system. Which of the following are the most likely threats to his computer?
Each correct answer represents a complete solution. Choose two.
Which of the following is the best way of protecting important data against virus attack?
Which of the following exists between the client and the server system to provide security and allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer protocols?
Donna, a stakeholder in your project to create new software, has approached you about adding some features to the software package. You instruct that Donna must document the change request for it to be considered for the project. Why is it important for Donna to document the change request?
Which of the following statements are true about worms?
Each correct answer represents a complete solution. Choose all that apply.
In which of the following techniques does an attacker change the address of the phishing site in such a manner that it can bypass filters or other application defenses that have been put in place to block specific IP addresses?
You work as a project manager for an IT project. You are analyzing activity sequences, durations, resource requirements, and schedule constraints to create the project schedule. In which of the following Knowledge Areas are you working on?
You are working on your computer system with Linux Operating system. After working for a few hours, the hard disk goes to the inactive state (sleep). You try to restart the system and check the power circuits. You later discover that the hard disk has crashed. Which of the following precaution methods should you apply to keep your computer safe from such issues?
Which type of virus is able to alter its own code to avoid being detected by anti-virus software?
Which of the following refers to the process of verifying the identity of a person, network host, or system process?
Against which of the following does SSH provide protection?
Each correct answer represents a complete solution. Choose two.
Maria has been recently appointed as a Network Administrator in Gentech Inc. She has been tasked to perform network security testing to find out the vulnerabilities and shortcomings of the present network infrastructure. Which of the following testing approaches will she apply to accomplish this task?
You are the project manager for the GHY Organization. A stakeholder has presented a change to your project that will cause the project scope to increase considerably. You are considering the change for approval and you need to review the impact of the change on all areas of the project. What change control system component is responsible for guiding the review of the impact of all changes on the project management knowledge areas?
You work as a Network Administrator for Tech Perfect Inc. The company has a Windows Active Directory-based single domain single forest network. The company's network is connected to the Internet through a T1 line. The firewall is configured on the network for securing the internal network from the intruders on the Internet. The functional level of the forest is Windows Server 2008. You are designing a public key infrastructure (PKI) for the network. The network will use a root enterprise certificate authority (CA) and a subordinate CA. The root CA will be used to issue certificates to the subordinate CA, and the subordinate CA will be used to issue certificates to the clients.
The management of the company wants to ensure that the security of high-level CAs is not compromised. Which of the following steps will you take to accomplish the task?
A user is sending a large number of protocol packets to a network in order to saturate its resources and to disrupt connections to prevent communications between services. Which type of attack is this?
A management workstation collects and connects events from multiple IPS sensors in the network.
Which protocol is used in this process?
Place the processes that are grouped under the Project Cost Management Knowledge Area in the image below.
Maria works as a Network Security Officer for Gentech Inc. She wants to encrypt her network traffic. The specific requirement for the encryption algorithm is that it must be a symmetric key block cipher.
Which of the following techniques will she use to fulfill this requirement?
DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.
TESTED 03 Jul 2025
