Correct Answer:

Bluejacking is correct. Bluejacking is a Bluetooth attack where the attacker sends unsolicited messages to the target. In many cases, this is done as part of social engineering in an effort to get the user to do something beneficial for the attacker.

Incorrect Answers:

Bluesmacking, bluesniffing, and bluescarfing are incorrect.

Bluesmacking is a DoS attack.

Bluesniffing is an effort to sniff data from Bluetooth exchanges.

Bluescarfing is the actual theft of data from a Bluetooth device.

Correct Answer:

CSPP is correct.

A connection string parameter pollution (CSPP) attack takes advantage of web applications that communicate with databases by using semicolons to separate parameters. An attacker can end a parameter prematurely with a semicolon and then add his own code.

Incorrect Answers:

XSS, CSRF, and hidden form field manipulation are incorrect.

These attacks do not match the description.

Correct Answer:

Residual risk is correct. Residual risk is exactly what it sounds like—risk that remains after the application of security controls.

Incorrect Answers:

Evaluated risk, inherent risk, and deferred risk are incorrect.

Evaluated risk doesn’t exist (at least as a vulnerability management term for your studies).

Inherent risk is the actual risk itself before the application of any controls.

Deferred risk is another pretty straightforward term: risk that is deferred to a later time.

Correct Answer:

IaaS is correct.

Amazon’s EC2 provides resizable compute capacity in the cloud via VMs that can be controlled via API, thus fitting the definition of IaaS.

Incorrect Answers:

PaaS, SaaS, and Public are incorrect.

These do not match the Amazon EC2 service description.

Correct Answer:

CloudPassage Halo is correct.

CloudPassage Halo provides instant visibility and continuous protection for servers in any combination of data centers, private clouds, and public clouds.

Incorrect Answers:

Metasploit, AWSExploit, and CloudInspect are incorrect.

Metasploit is a framework for delivering exploits.

AWSExploit is not a legitimate tool.

CloudInspect was designed for AWS cloud subscribers and runs as an automated, all-in-one testing suite specifically for your cloud subscription.

Correct Answers:

FTP, IMAP, Telnet, POP, and SMTP are correct.

All the protocols listed here transfer data—including passwords—in clear text.

Incorrect Answer:

SSH is incorrect.

SSH can be thought of as an encrypted version of Telnet.

Correct Answer:

After static analysis, run the virus in a sparsely used portion of the network is correct.

Running a virus on your production network is dumb, dumb, dumb. When performing malware analysis, first prepare a test bed—usually a system with VMs, all shared drives disabled, and the NIC in host-only mode. After copying the virus to the test system, perform static analysis while the malware is inactive. Next, set up network connections (off production network, of course) and monitor for errors/activity. Finally, run the malware and note the processes, files added, and network activity.

Incorrect Answers:

When preparing the test bed system, disable all shared drives, use virtual machines on the test bed system, and after static analysis, run the virus on an off-network test bed are incorrect.

These are all valid steps in malware analysis.

Correct Answer:

DNS poisoning is correct.

The externally facing DNS server is providing bad resolution to the public, while the internal name server is providing the correct address.

Incorrect Answers:

ARP poisoning, MAC poisoning, and SQL injection are incorrect.

None of the remaining choices explains the symptoms.

Correct Answer:

Registration authority is correct.

A registration authority (RA) validates an applicant into the system, making sure they are real, valid, and allowed to use the system. RAs are also known as “subordinate CAs.”

Incorrect Answers:

CRL, revocation authority, and primary authority are incorrect.

The CRL (Certificate Revocation List) is used to track which certificates have problems and which have been revoked. The remaining terms are not legitimate.

Correct Answer:

Changing hidden form values from a downloaded page and submitting them back to the website is correct.

On some websites, you can simply copy the source code to the local machine. Then you can open it up in a text editor, navigate to the hidden fields (noted with a <hidden> tag), and update the pricing. Then you simply reload the page with the local HTML copy!

Incorrect Answers:

SQL tampering, cross-site scripting, and directory traversal are incorrect.

The fact there was no direct compromise of the server or SQL DB indicates neither SQL tampering nor cross-site scripting was used.

Directory traversal is used to maneuver to different folder locations on the target machine.