- (Topic 8)
Melissa is a virus that attacks Microsoft Windows platforms. To which category does this virus belong?

1. A. Polymorphic
2. B. Boot Sector infector
3. C. System
4. D. Macro

Correct Answer: D
The Melissa macro virus propagates in the form of an email message containing an infected Word document as an attachment.

- (Topic 2)
Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?

1. A. Bob can explain that using a weak key management technique is a form of programming error
2. B. Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
3. C. Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
4. D. Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error

Correct Answer: A

- (Topic 5)
A newly discovered flaw in a software application would be considered which kind of security vulnerability?

1. A. Input validation flaw
2. B. HTTP header injection vulnerability
3. C. 0-day vulnerability
4. D. Time-to-check to time-to-use flaw

Correct Answer: C

- (Topic 3)
On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

1. A. nessus +
2. B. nessus *s
3. C. nessus &
4. D. nessus -d

Correct Answer: C

- (Topic 7)
ARP poisoning is achieved in steps

1. A. 1
2. B. 2
3. C. 3
4. D. 4

Correct Answer: B
The hacker begins by sending a malicious ARP "reply" (for which there was no previous request) to your router, associating his computer's MAC address with your IP Address. Now your router thinks the hacker's computer is your computer. Next, the hacker sends a malicious ARP reply to your computer, associating his MAC Address with the routers IP Address. Now your machine thinks the hacker's computer is your router. The hacker has now used ARP poisoning to accomplish a MitM attack.