John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. He successfully performs a brute force attack on the We-are-secure server. Now, he suggests some countermeasures to avoid such brute force attacks on the We-are-secure server.
Which of the following are countermeasures against a brute force attack?
A. The site should use CAPTCHA after a specific number of failed login attempts.
B. The site should increase the encryption key length of the password.
C. The site should restrict the number of login attempts to only three times.
D. The site should force its users to change their passwords from time to time.
Which of the following types of firewall ensures that the packets are part of the established session?
A. Stateful inspection firewall
B. Switch-level firewall
C. Circuit-level firewall
D. Application-level firewall
One of the sales people in your company complains that sometimes he gets a lot of unsolicited messages on his PD A. After asking a few questions, you determine that the issue only occurs in crowded areas like airports. What is the most likely problem?
A. Spam
B. Blue snarfing
C. A virus
D. Blue jacking
Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?
A. Warkitting
B. War driving
C. Wardialing
D. Demon dialing
Pervasive IS controls can be used across all the internal departments and external contractors to define the direction and behavior required for the technology to function properly.
When these controls are implemented properly, which of the following areas show the reliability improvement? (Choose three)
A. Hardware development
B. Software development
C. Security administration
D. Disaster recovery
Which of the following are the limitations for the cross site request forgery (CSRF) attack?
A. The attacker must determine the right values for all the form inputs.
B. The attacker must target a site that doesn't check the referrer header.
C. The target site should have limited lifetime authentication cookies.
D. The target site should authenticate in GET and POST parameters, not only cookies.
You configure a wireless router at your home. To secure your home Wireless LAN (WLAN), you implement WEP. Now you want to connect your client computer to the WLAN.
Which of the following is the required information that you will need to configure the client computer? (Choose two)
A. SSID of the WLAN
B. WEP key
C. IP address of the router
D. MAC address of the router
Which of the following statements about the /etc/profile file are true?
A. It allows a system administrator to create a default home directory for all new users on a computer.
B. A user can change the settings of the /etc/profile file, but he cannot delete the file. It can only be deleted by the root user.
C. It can change the default umask value.
D. It is used to configure and control system-wide default variables.
Which of the following are attributes of the