Which of the following statements about buffer overflow is true?
A. It manages security credentials and public keys for message encryption.
B. It is a collection of files used by Microsoft for software updates released between major service pack releases.
C. It is a condition in which an application receives more data than it is configured to accept.
D. It is a false warning about a virus.
Which of the following is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems, and fax machines?
A. Demon dialing
B. Warkitting
C. War driving
D. Wardialing
Which of the following is a computer worm that caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic?
A. Klez
B. Code red
C. SQL Slammer
D. Beast
John works as a Professional Penetration Tester. He has been assigned a project to test the Website security of www.we-are-secure Inc. On the We-are-secure Website login page, he enters ='or''=' as a username and successfully logs on to the user page of the Web site. Now, John asks the we-aresecure Inc. to improve the login page PHP script.
Which of the following suggestions can John give to improve the security of the we-are-secure Website login page from the SQL injection attack?
A. Use the escapeshellarg() function
B. Use the session_regenerate_id() function
C. Use the mysql_real_escape_string() function for escaping input
D. Use the escapeshellcmd() function
Which of the following are types of access control attacks? Each correct answer represents a complete solution. Choose all that apply.
A. Spoofing
B. Brute force attack
C. Dictionary attack
D. Mail bombing
Which of the following tools combines two programs, and also encrypts the resulting package in an attempt to foil antivirus programs?
A. Trojan Man
B. EliteWrap
C. Tiny
D. NetBus
You see the career section of a company's Web site and analyze the job profile requirements. You conclude that the company wants professionals who have a sharp knowledge of Windows server 2003 and Windows active directory installation and placement.
Which of the following steps are you using to perform hacking?
A. Scanning
B. Covering tracks
C. Reconnaissance
D. Gaining access
The Klez worm is a mass-mailing worm that exploits a vulnerability to open an executable attachment even in Microsoft Outlook's preview pane. The Klez worm gathers email addresses from the entries of the default Windows Address Book (WAB).
Which of the following registry values can be used to identify this worm?
A. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
B. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
C. HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name = "file and pathname of the WAB file"
D. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only SANS exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SEC504 exam preparations and SANS certification application, do not hesitate to visit our Vcedump.com to find your solutions here.