1D0-671試験無料問題集（126題）「CIW Web Security Associate 認定」

出題：1

Which of the following is a common problem with proxy servers?

A. Because proxy servers do not mask network resources, hackers may be able to access all exposed systems.

B. Proxy servers cannot filter out specific application-layer traffic.

C. Proxy servers do not log incoming and outgoing access, so you will not be able to see details of successful and failed connections.

D. Proxy servers may return old cached information.

正解：D 解答を投票する

出題：2

You have been asked to encrypt a large file using a secure encryption algorithm so you can send it via e-mail to your supervisor. Encryption speed is important. The key will not be transmitted across a network.
Which form of encryption should you use?

A. Hash

B. PGP

C. Symmetric

D. Asymmetric

正解：C 解答を投票する

出題：3

A security breach has occurred involving the company e-commerce server. Customer credit card data has been released to unauthorized third parties.
Which of the following lists the appropriate parties to inform?

A. Shareholders, law enforcement agencies and company employees

B. External security consultants, company board members and affected customers

C. The Internet Service Provider, ICANN and company shareholders

D. Affected customers, credit card companies and law enforcement agencies

正解：D 解答を投票する

出題：4

A CGI application on the company's Web server has a bug written into it. This particular bug allows the application to write data into an area of memory that has not been properly allocated to the application. An attacker has created an application that takes advantage of this bug to obtain credit card information.
Which of the following security threats is the attacker exploiting, and what can be done to solve the problem?

A. - SQL injection
- Work with a database administrator to solve the problem

B. - Denial of service
- Contact the organization that wrote the code for the Web server

C. - Man-in-the-middle attack
- Contact the company auditor

D. - Buffer overflow
- Work with the Web developer to solve the problem

正解：D 解答を投票する

出題：5

Which choice lists the designated stages of a hacker attack in the correct order?

A. Sniffing, penetration, control

B. Sniffing, discovery, penetration

C. Discovery, penetration, control

D. Penetration, discovery, control

正解：C 解答を投票する

出題：6

You are using a PKI solution that is based on Secure Sockets Layer (SSL).
Which of the following describes the function of the asymmetric-key-encryption algorithm used?

A. It encrypts all of the data.

B. It encrypts the X.509 key.

C. It encrypts the symmetric key.

D. It encrypts the hash code used for data integrity.

正解：C 解答を投票する

出題：7

Which of the following activities is the most effective at keeping the actions of nae end users from putting the company's physical and logical resources at risk?

A. Assembling a team of security professionals to monitor the network

B. Reconfiguring the network firewall

C. Conducting a training session at the time of hire

D. Configuring network intrusion-detection software to monitor end user activity

正解：C 解答を投票する

出題：8

You want to create a certificate for use in a Secure Sockets Layer (SSL) session.
Which of the following is responsible for verifying the identity of an individual and also issuing the certificate?

A. Certificate repository

B. Certificate authority

C. Kerberos server

D. Certificate revocation entity

正解：B 解答を投票する

出題：9

You want to create a quick solution that allows you to obtain real-time login information for the administrative account on an LDAP server that you feel may become a target.
Which of the following will accomplish this goal?

A. Create a dummy administrator account on the system so that a potential hacker is distracted from the real login account.

B. Install an application that creates checksums of the contents on the hard disk.

C. Reinstall the LDAP service on the server so that it is updated and more secure.

D. Create a login script for the administrative account that records logins to a separate server.

正解：D 解答を投票する

出題：10

Your organization has made a particularly unpopular policy decision. Your supervisor fears that a series of attacks may occur as a result. You have been assigned to increase automated auditing on a server.
When fulfilling this request, which of the following resources should you audit the most aggressively?

A. Authentication databases, including directory servers

B. Intrusion detection systems, especially those placed on sensitive networks

C. Firewall settings for desktop systems

D. Log files on firewall systems

正解：A 解答を投票する

1D0-671試験無料問題集「CIW Web Security Associate 認定」