Breathing 1D0-571 training tools Reviews & Tips
We provide real 1D0-571 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CIW 1D0-571 Exam quickly & easily. The 1D0-571 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CIW 1D0-571 dumps pdf and vce product and material, you can easily pass the 1D0-571 exam.
Q1. At what layer of the OSI/RM does a packet filter operate?
A. Layer 1
B. Layer 3
C. Layer 5
D. Layer 7
Q2. Which of the following details should be included in documentation of an attack?
A. An overview of the security policy and suggestions for the next response plan
B. Estimates of how much the attack cost the company, and a list of the applications used by the attacker
C. The time and date of the attack, and the names of employees who were contacted during the response
D. The network resources involved in the attack, and recommendations for thwarting future attacks
Q3. Which of the following is most likely to pose a security threat to a Web server?
A. CGI scripts
B. Database connections
C. Flash or Silverlight animation files
D. LDAP servers
Q4. Irina has contracted with a company to provide Web design consulting services. The company has asked her to use several large files available via an HTTP server. The IT department has provided Irina with user name and password, as well as the DNS name of the HTTP server. She then used this information to obtain the files she needs to complete her task using Mozilla Firefox. Which of the following is a primary risk factor when authenticating with a standard HTTP server?
A. HTTP usescleartext transmission during authentication, which can lead to a man-in-the-middle attack.
B. Irina has used the wrong application for this protocol, thus increasing the likelihood of a man-in- themiddle attack.
C. A standard HTTP connection uses public-key encryption that is not sufficiently strong, inviting the possibility of a man-in-the-middle attack.
D. Irina has accessed the Web server using a non-standard Web browser.
Q5. Which of the following errors most commonly occurs when responding to a security breach?
A. Shutting down network access using the firewall, rather than the network router
B. Adhering to the company policy rather than determining actions based on the IT manager's input
C. Making snap judgments based on emotions, as opposed to company policy
D. Taking too much time to document the attack
Q6. Consider the following diagram involving two firewall-protected networks:
Which of the following is necessary for each of the firewalls to allow private IP addresses to be passed on to the Internet?
B. Stateful multi-layer inspection
D. DMZ creation
Q7. You want to create a certificate for use in a Secure Sockets Layer (SSL) session. Which of the following is responsible for verifying the identity of an individual and also issuing the certificate?
A. Kerberos server
B. Certificate authority
C. Certificate revocation entity
D. Certificate repository
Q8. You have determined that the company Web server has several vulnerabilities, including a buffer overflow that has resulted in an attack. The Web server uses PHP and has direct connections to an Oracle database server. It also uses many CGI scripts. Which of the following is the most effective way to respond to this attack?
A. Installing software updates for the Web server daemon
B. Using the POST method instead of the GET method for a Web form
C. Installing an intrusion detection service to monitor logins
D. Using the GET method instead of the POST method for a Web form
Q9. You have just deployed an application that uses hash-based checksums to monitor changes in the configuration scripts of a database server that is accessible via the Internet. Which of the following is a primary concern for this solution?
A. The extra hard disk space required to store the database of checksums
B. The amount of memory remaining now that the checksum-based application is running
C. The possibility of a bufferoverflow attack leading to a security breach
D. The security of the checksum database on a read-only media format
Q10. A CGI application on the company's Web server has a bug written into it. This particular bug allows the application to write data into an area of memory that has not been properly allocated to the application. An attacker has created an application that takes advantage of this bug to obtain credit card information. Which of the following security threats is the attacker exploiting, and what can be done to solve the problem?
A. - Buffer overflow
- Work with the Web developer to solve the problem
B. - SQL injection
- Work with a database administrator to solve the problem
C. - Denial of service
- Contact the organization that wrote the code for the Web server
D. - Man-in-the-middle attack
- Contact the company auditor