- (Topic 8)
A particular database threat utilizes a SQL injection technique to penetrate a target system. How would an attacker use this technique to compromise a database?

1. A. An attacker uses poorly designed input validation routines to create or alter SQL commands to gain access to unintended data or execute commands of the database
2. B. An attacker submits user input that executes an operating system command to compromise a target system
3. C. An attacker gains control of system to flood the target system with requests, preventing legitimate users from gaining access
4. D. An attacker utilizes an incorrect configuration that leads to access with higher-than- expected privilege of the database

Correct Answer: A
Using the poorly designed input validation to alter or steal data from a database is a SQL injection attack.

- (Topic 4)
When analyzing the IDS logs, the system administrator noticed an alert was logged when the external router was accessed from the administrator's computer to update the router configuration. What type of an alert is this?

1. A. False positive
2. B. False negative
3. C. True positve
4. D. True negative

Correct Answer: A

- (Topic 2)
Which definition below best describes a covert channel?

1. A. A server program using a port that is not well known
2. B. Making use of a protocol in a way it was not intended to be used
3. C. It is the multiplexing taking place on a communication link
4. D. It is one of the weak channels used by WEP that makes it insecure

Correct Answer: B

- (Topic 1)
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

1. A. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card
2. B. Educate and enforce physical security policies of the company to all the employees on a regular basis
3. C. Setup a mock video camera next to the special card reader adjacent to the secure door
4. D. Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door

Correct Answer: B

- (Topic 1)
Lori is a Certified Ethical Hacker as well as a Certified Hacking Forensics Investigator working as an IT security consultant. Lori has been hired on by Kiley Innovators, a large marketing firm that recently underwent a string of thefts and corporate espionage incidents. Lori is told that a rival marketing company came out with an exact duplicate product right before Kiley Innovators was about to release it. The executive team believes that an employee is leaking information to the rival company. Lori questions all employees, reviews server logs, and firewall logs; after which she finds nothing. Lori is then given permission to search through the corporate email system. She searches by email being sent to and sent from the rival marketing company.
She finds one employee that appears to be sending very large email to this other marketing company, even though they should have no reason to be communicating with them. Lori tracks down the actual emails sent and upon opening them, only finds picture files attached to them. These files seem perfectly harmless, usually containing some kind of joke. Lori decides to use some special software to further examine the pictures and finds that each one had hidden text that was stored in each picture.
What technique was used by the Kiley Innovators employee to send information to the rival marketing company?

1. A. The Kiley Innovators employee used cryptography to hide the information in the emails sent
2. B. The method used by the employee to hide the information was logical watermarking
3. C. The employee used steganography to hide information in the picture attachments
4. D. By using the pictures to hide information, the employee utilized picture fuzzing

Correct Answer: C