Question 1

SOAP services use which technology to format information?

Accepted Answer

SOAP services use XML (eXtensible Markup Language) to format information for communication between web services.

Question 2

A network security administrator is worried about potential man-in-the-middle attacks when users access a corporate web site from their workstations. Which of the following is the best remediation against this type of attack?

Accepted Answer

Requiring both client and server PKI certificates ensures mutual authentication, which helps prevent man-in-the-middle attacks by verifying both parties in the communication.

Question 3

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

Accepted Answer

WebGoat is a deliberately insecure web application that is used for educational purposes. It contains a variety of known vulnerabilities that can be exploited to learn about web application security.

Question 4

Which of the following can take an arbitrary length of input and produce a message digest output of 160 bit?

Accepted Answer

SHA-1 is a cryptographic hash function that produces a 160-bit message digest from an arbitrary length of input.

Question 5

Which statement best describes a server type under an N-tier architecture?

Accepted Answer

The answer of Which statement best describes a server type...

Question 6

Which of the following levels of algorithms does Public Key Infrastructure (PKI) use?

Accepted Answer

PKI commonly uses RSA with a minimum of 1024-bit strength for secure key exchange and digital signatures. AES is a symmetric encryption algorithm and does not directly relate to PKI's asymmetric key requirements.

Question 7

How do employers protect assets with security policies pertaining to employee surveillance activities?

Accepted Answer

Employers provide employees written statements that clearly discuss the boundaries of monitoring activities and consequences.

Question 8

When comparing the testing methodologies of Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Accepted Answer

OWASP focuses on web application security and provides guidelines for testing web applications, while OSSTMM is a broader methodology that includes addressing controls and operational security, not limited to web applications.

Question 9

A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer is able to transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway they are both on the 192.168.1.0/24. Which of the following has occurred?

Accepted Answer

The gateway is not routing to a public IP address, as both the IP address and default gateway are on a private network (192.168.1.0/24), indicating a routing issue to the Internet.

Question 10

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS?

Accepted Answer

Adjusting timing options can help avoid detection by an IDS by slowing down the scan to make it less noticeable.

Question 11

Which security strategy requires using several, varying methods to protect IT systems against attacks?

Accepted Answer

Defense in depth is a security strategy that uses multiple, varying methods to protect IT systems against attacks. This can include a combination of physical security measures, such as access control and surveillance, as well as technical security measures, such as firewalls and intrusion detection systems.

Question 12

Which cipher encrypts the plain text digit (bit or byte) one by one?

Accepted Answer

Stream ciphers encrypt plaintext one bit or byte at a time, unlike block ciphers which encrypt blocks of data.

Question 13

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

Accepted Answer

SHA-1 provides a 160-bit message digest, which is longer than the 128-bit digests provided by MD5 and MD4, offering better protection against brute force attacks. RC4 is a stream cipher, not a hashing algorithm.

Question 14

Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications?

Accepted Answer

The "Ping of death" attack involves sending malformed or oversized packets to a target system, which can cause crashes or reboots due to exceeding the TCP/IP specifications.

Question 15

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Accepted Answer

The Registration Authority (RA) is responsible for verifying the identity of an applicant before a certificate is issued by the Certificate Authority (CA).

Question 16

Which vital role does the U.S. Computer Security Incident Response Team (CSIRT) provide?

Accepted Answer

The U.S. Computer Security Incident Response Team (CSIRT) provides incident response services to users, companies, government agencies, and organizations, often in partnership with the Department of Homeland Security.

Question 17

Which of the following is a characteristic of Public Key Infrastructure (PKI)?

Accepted Answer

The answer of Which of the following is a characteristic...

Question 18

What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?

Accepted Answer

The answer of What are the three types of compliance...

Question 19

If an e-commerce site was put into a live environment and the programmers failed to remove the secret entry point that was used during the application development, what is this secret entry point known as?

Accepted Answer

A secret entry point left in a program by developers is known as a "trap door" or "backdoor," which allows unauthorized access to the system.

Question 20

Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?

Accepted Answer

Change management is a systematic approach to managing changes in a way that ensures they are implemented in a controlled and documented manner.

Exam 5: ECCouncil Computer Hacking Forensic Investigator