GSNA Sample Questions Answers

The yy key combination in the vi editor is used to copy the current line. The vi editor is an interactive, cryptic, and screen-based text editor used to create and edit a file. It operates in either Input mode or Command mode. In Input mode, the vi editor accepts a keystroke as text and displays it on the screen, whereas in Command mode, it interprets keystrokes as commands. As the vi editor is case sensitive, it interprets the same character or characters as different commands, depending upon whether the user enters a lowercase or uppercase character. When a user starts a new session with vi, he must put the editor in Input mode by pressing the "I" key. If he is not able to see the entered text on the vi editor's screen, it means that he has not put the editor in Insert mode. The user must change the editor to Input mode before entering any text so that he can see the text he has entered. Answer: D is incorrect. It deletes next char on the right. Answer: A is incorrect. It deletes the current line and one line above. Answer: C is incorrect. It deletes from the cursor till the end of the line.

In order to connect a client computer to a secured Wireless LAN (WLAN), you are required to provide the following information: SSID of the WLAN WEP key rticlesItemsReportsHelp

According to the scenario, John is performing the Steganography technique for sending malicious data. Steganography is an art and science of hiding information by embedding harmful messages within other seemingly harmless messages. It works by replacing bits of unused data, such as graphics, sound, text, and HTML, with bits of invisible information in regular computer files. This hidden information can be in the form of plain text, cipher text, or even in the form of images. Answer: A is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer: D is incorrect. Social engineering is the art of convincing people and making them disclose useful information such as account names and passwords. This information is further exploited by hackers to gain access to a user's computer or network. This method involves mental ability of the people to trick someone rather than their technical skills. A user should always distrust people who ask him for his account name or password, computer name, IP address, employee ID, or other information that can be misused. Answer: C is incorrect. John is not performing email spoofing. In email spoofing, an attacker sends emails after writing another person's mailing address in the from field of the email id.

The date command with the %M specifier prints the current time (Minutes). Since the output is redirected towards the date.txt file, the current time (Minutes) will be printed in the date.txt file.

In Unix, the /etc/login.defs file is used by system administrators to set the user login features on the systems with the shadow passwords. Answer: A is incorrect. In Unix, the /etc/logrotate.conf file configures the logrotate program used for managing log files. Answer: C is incorrect. In Unix, the /etc/magic file contains the descriptions of various file formats for the file command. Answer: D is incorrect. In Unix, the /etc/filesystems file is used to set the filesystem probe order when filesystems are mounted with the auto option.

NetStumbler is a Windows-based tool that is used for the detection of wireless LANs using the IEEE 802.11a, 802.11b, and 802.11g standards. The main features of NetStumbler are as follows: It displays the signal strength of a wireless network, MAC address, SSID, channel details, etc. It is commonly used for the following purposes: a.War driving b.Detecting unauthorized access points c.Detecting causes of interference on a WLAN d.WEP ICV error tracking e.Making Graphs and Alarms on 802.11 Data, including Signal Strength

Answer: D is incorrect. Kismet is an IEEE 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Answer: A is incorrect. THC-Scan is a war-dialing tool. Answer: C is incorrect. Absinthe is an automated SQL injection tool.

Configuration of VPN access is not mandatory. It is configured on the basis of requirement. Answer: A, B, C are incorrect. All these steps are mandatory for the configuration of the ISA Server 2006 firewall.

CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol. CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T home and business networking standard. CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard. Answer: C is incorrect. Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security, which is equivalent to wired networks, for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP incorporates a checksum in each frame to provide protection against the attacks that attempt to reveal the key stream. Answer: D is incorrect. TKIP (Temporal Key Integrity Protocol) is an encryption protocol defined in the IEEE 802.11i standard for wireless LANs (WLANs). It is designed to provide more secure encryption than the disreputably weak Wired Equivalent Privacy (WEP). TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products. TKIP is a suite of algorithms to replace WEP without requiring the replacement of legacy WLAN equipment. TKIP uses the original WEP programming but wraps additional code at the beginning and end to encapsulate and modify it. Like WEP, TKIP uses the RC4 stream encryption algorithm as its basis. Answer: B is incorrect. Address Resolution Protocol (ARP) is a network maintenance protocol of the TCP/IP protocol suite. It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC). The ARP cache is used to maintain a correlation between a MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. ARP is limited to physical network systems that support broadcast packets.

The rdev commad is used to query/set an image root device, RAM disk size, or video mode. If a user executes the rdev commands with no arguments, it outputs a /etc/mtab line for the current root file system. The command syntax of the rdev command is as follows: rdev [ -Rrvh ] [ -o offset ] [ image [ value [ offset ] ] ] Answer: B is incorrect. In Unix, the rdump command is used to back up an ext2 filesystem. Answer: D is incorrect. In Unix, the mount command is used to mount a filesystem. Answer: C is incorrect. In Unix, the setfdprm command sets floppy drive parameters.

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. A hot site can be used within an hour for data recovery. The capacity of the hot site may or may not match the capacity of the original site depending on the organization's requirements. This type of backup site is the most expensive to operate. Hot sites are popular with organizations that operate real time processes such as financial institutions, government agencies, and ecommerce providers. the original site. A cold site is the most inexpensive type of backup site for an organization to operate since it does not include backed up copies of data and information from the original location of the organization, nor does it include hardware already set up. A warm site is, quite logically, a compromise between hot and cold in terms of resources and cost.

Perform Quantitative Risk Analysis is the process of numerically analyzing the effect of identified risks on overall project objectives. This process generally follows the Perform Qualitative Risk Analysis process. It is performed on risks that have been prioritized by the Perform Qualitative Risk Analysis process as potentially and substantially impacting the project's competing demands. The Perform Quantitative Risk Analysis should be repeated after Plan Risk Responses, as well as part of Monitor and Control Risks, to determine if the overall project risk has been decreased. Answer: C is incorrect. This is the process of prioritizing risks for further analysis or action by accessing and combining their probability of occurrence and impact. Answer: D is incorrect. This is the process of determiningbb which risks may affect the project and documenting their characteristics. Answer: B is incorrect. This is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness through the project.

In Unix, the /etc/sudoers file contains a list of users with special privileges along with the commands that they can execute. Answer: A is incorrect. In Unix, the /proc/meminfo file shows information about the memory usage, both physical and swap. Answer: B is incorrect. In Unix, the /etc/sysconfig/amd file is the configuration file that is used to configure the auto mount daemon. Answer: C is incorrect. In Unix, the /proc/modules file shows the kernel modules that are currently loaded.

Shared Key authentication requires the use of the Wired Equivalent Privacy (WEP) algorithm. If the WEP is not implemented, then the option for Shared Key authentication is not available. In order to accomplish the task, you will have to enable the WEP on all the laptops.

In Unix, the hdparm command is used to get or set hard disk geometry parameters, cylinders, heads, and sectors. Answer: C is incorrect. In Unix, the mkfs command initializes a Unix filesystem. This is a front end that runs a separate program depending on the filesystem's type. Answer: A is incorrect. In Unix, the mke2fs command creates a Unix second extended filesystem. Answer: B is incorrect. In Unix, the mkswap command sets up a Unix swap area on a device or file.

The best way to authenticate users on the intranet is by using NT authentication. Windows NT authentication works where the client and server computers are located in the same or trusted domains. Using NT authentication with an anonymous logon account is the best way to authenticate users on intranet because passwords are not transmitted over the network. User credentials are supplied automatically, if the user is logged on to a Windows machine. Answer: B is incorrect. Basic authentication is used to authenticate users on the Internet. It is used by most of the browsers for authentication and connection. When using Basic authentication, the browser prompts the user for a username and password. This information is then transmitted across the Hypertext Transfer Protocol (HTTP). Answer: A is incorrect. Forms authentication is used in an ASP environment to issue appropriate Membership server related cookies, to a user. Answer: C is incorrect. Clear text is not an authentication method.

Using automated tools, such as NeoTraceroute, for mapping a network is a part of automated network mapping. part of manual network mapping. Network mapping is the process of providing a blueprint of the organization to a security testing team. There are two ways of performing network mapping: Manual Mapping: In manual mapping, a hacker gathers information to create a matrix that contains the domain name information, IP addresses of the network, DNS servers, employee information, company location, phone numbers, yearly earnings, recently acquired organizations, email addresses, publicly available IP address ranges, open ports, wireless access points, modem lines, and banner grabbing details. Automated Mapping: In automated mapping, a hacker uses any automated tool to gather information about the network. There are many tools for this purpose, such as NeoTrace, Visual traceroute, Cheops, Cheops-ng, etc. The only advantage of automated mapping is that it is very fast and hence it may generate erroneous results.

The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management, which provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. It has the following 11 processes: Developing a strategic plan. Articulating the information architecture. Finding an optimal stage between the IT and the organization's strategy. Designing the IT function to match the organization's needs. Maximizing the return of the IT investment. Communicating IT policies to the user's community. Managing the IT workforce. Obeying external regulations, laws, and contracts. Conducting IT risk assessments. Maintaining a high-quality systems-development process. Incorporating sound project-management techniques. Answer: B is incorrect. Correcting all risk issues does not come under auditing processes.

In order to take a snapshot of the router running configuration and archive running configuration of the router to persistent storage, you should secure the boot configuration of the router using the secure boot-config command. Answer: D is incorrect. You can enable the image resilience, if you want to secure the Cisco IOS image. Answer: C is incorrect. By verifying the security of bootset, you can examine whether or not the Cisco IOS Resilient Configuration is enabled and the files in the bootset are secured.

Answer: B is incorrect. By restoring an archived primary bootset, you can restore a primary bootset from a secure archive after an NVRAM has been erased or a disk has been formatted.

AirSnort is a Linux-based WLAN WEP cracking tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions. It uses Ciphertext Only Attack and captures approximately 5 to 10 million packets to decrypt the WEP keys. Answer: C is incorrect. Kismet is an IEEE 802.11 wireless network sniffer and intrusion detection system.

EAP-TLS can use only a public key certificate as the authentication technique. It is supported by all manufacturers of wireless LAN hardware and software. The requirement for a client-side certificate, however unpopular it may be, is what gives EAP-TLS its authentication strength and illustrates the classic convenience vs. security trade-off. Answer: D is incorrect. EAP-TLS provides the highest level of security. Answer: A is incorrect. EAP-TLS uses a public key certificate for server authentication.

Enum is a console-based Win32 information enumeration utility. It uses null sessions to retrieve user lists, machine lists, share lists, name lists, group and member lists, passwords, and LSA policy information. It is also capable of performing brute force and dictionary attacks on individual accounts. Since the Enum tool works on the NetBIOS NULL sessions, disabling the NetBIOS port can be a good countermeasure against the Enum tool.

There are a number of errors one could find in a Windows Server 2003 DNS log. They are as follows: The DNS server could not create a Transmission Control Protocol. The DNS server could not open socket for address. The DNS server could not initialize the Remote Procedure Call (RPC) service. The DNS server could not bind the main datagram socket. The DNS Server service relies on Active Directory to store and retrieve information for Active Directory-integrated zones. And several active directory errors are possible. Answer: A is incorrect. DNS Servers do not create FTP connections. Answer: B is incorrect. A DNS server looks up a name to return an IP, it would not and cannot connect to a domain name, it must connect to an IP address.

Hyena supports the following group management functions: Full group administration such as add, modify, delete, and copy Rename groups Copy groups from one computer to another View both direct and indirect (nested) group members for one or more groups [only for Active Directory] View all group members, including for multiple groups/entire domain [only for Active Directory] Answer: D is incorrect. All group members can neither be viewed nor managed until the new server is linked to Active Directory.

According to the scenario, John will make the following entry in the syslog.conf file to forward all the kernel messages to the remote host having IP address 192.168.0.1: kern.* @192.168.0.1 Answer: D is incorrect. This entry will forward all the messages to the remote host having IP address 192.168.0.1. Answer: B is incorrect. This entry will not forward any message to the remote host having IP address 192.168.0.1. Answer: C is incorrect. This entry will not forward any kernel message to the remote host having IP address 192.168.0.1.

xplanation: Anonymizers have the following limitations: 1.HTTPS: Secure protocols such as 'https:' cannot be properly anonymized, as the browser needs to access the site directly to properly maintain the secure encryption. 2.Plugins: If an accessed site invokes a third-party plugin, there is no guarantee of an established independent direct connection from the user computer to a remote site. 3.Java: Any Java application accessed through an anonymizer will not be able to bypass the Java security wall. 4.ActiveX: ActiveX applications have almost unlimited access to the user's computer system. 5.JavaScript: The JavaScript scripting language is disabled with URL-based anonymizers.

An anomaly based Intrusion Detection System will monitor the network for any activity that is outside normal parameters (i.e. an anomaly) and inform you of it. Answer: C is incorrect. Antivirus software, while important, won't help detect the activities of intruders. Answer: B is incorrect. Performance monitors are used to measure normal network activity and look for problems such as bottlenecks. Answer: A is incorrect. A protocol analyzer does detect if a given protocol is moving over a particular network segment.

In such a situation, when John receives an error message revealing that Kernel32.exe is encountering a problem, he needs to come to the conclusion that his antivirus program needs to be updated, because Kernel32.exe is not a Microsoft file (It is a Kernel32.DLL file.). Although such viruses normally run on stealth mode, he should examine the process viewer (Task Manager) to see whether any new process is running on the computer or not. If any new process (malicious) is running on the server, he should exterminate that process. Answer: A, B are incorrect. Since kernel.exe is not a real kernel file of Windows, there is no need to repair or download any patch for Windows Server 2003 from the Microsoft site to repair the kernel. Note: Such error messages can be received if the computer is infected with malware, such as Worm_Badtrans.b, Backdoor.G_Door, Glacier Backdoor, Win32.Badtrans.29020, etc.

The element is a sub-element of the element. It defines the roles that are allowed to access the Web resources specified by the sub-elements. The element is written in the deployment descriptor as follows: ---------------- Administrator Writing Administrator within the element will allow only the administrator to have access to the resource defined within the element.

A firewall stops delivery of packets that are not marked safe by the Network Administrator. It checks the transport layer port numbers and the application layer headers to prevent certain ports and applications from forwarding the packets to an intranet. Answer: D, A, and B are incorrect. These are not checked by a firewall.

According to the standards of ISACA, an auditor should hold the following responsibilities: Planning the IT audit engagement based on an assessed level of risk. Designing audit procedures of irregular and illegal acts. Reviewing the results of the audit procedures. Assuming that acts are not isolated. Determining why the internal control system failed for that act. Conducting additional audit procedures. Evaluating the results of the expanded audit procedures. Reporting all facts and circumstances of the irregular and illegal acts. Distributing the report to the appropriate internal parties, such as managers. Answer: D is incorrect. The auditor is not responsible for applying security policies.

Applications other than those supplied or approved by the company shall not be installed on any computer. Answer: A, B, D are incorrect. All of these statements stand true in the 'acceptable use statement' portion of the firewall policy.

In computer security, the term vulnerability is a weakness which allows an attacker to reduce a system's Information Assurance. A computer or a network can be vulnerable due to the following reasons: Complexity: Large, complex systems increase the probability of flaws and unintended access points. Familiarity: Using common, well-known code, software, operating systems, and/or hardware increases the probability an attacker has or can find the knowledge and tools to exploit the flaw. Connectivity: More physical connections, privileges, ports, protocols, and services and time each of those are accessible increase vulnerability. Password management flaws: The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites. Fundamental operating system design flaws: The operating system designer chooses to enforce sub optimal policies on user/program management. For example, operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator. Internet Website Browsing: Some Internet websites may contain harmful Spyware or Adware that can be installed automatically on the computer systems. After visiting those websites, the computer systems become infected and personal information will be collected and passed on to third party individuals. Software bugs: The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application. Unchecked user input: The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs).

Answer: B, C are incorrect. Use of common software and common code can make a network vulnerable.

The fdisk command is a menu-based command available with Unix for hard disk configuration. This command can perform the following tasks: Delete a partition on a hard disk. Create a partition on a hard disk. Change the partition type. Display the partition table. Answer: B is incorrect. In Unix, the exportfs command is used to set up filesystems to export for nfs (network file sharing). Answer: A is incorrect. In Unix, the fdformat command formats a floppy disk. Answer: C is incorrect. In Unix, the fsck command is used to add new blocks to a filesystem. This command must not be run on a mounted file system.

There are two prominent techniques used today for creating Internet maps: Active probing: It is the first works on the data plane of the Internet and is called active probing. It is used to infer Internet topology based on router adjacencies. AS PATH Inference: It is the second works on the control plane and infers autonomous system connectivity based on BGP data.

Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer: B is incorrect. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer: C is incorrect. Confidentiality is a mechanism that ensures that only the intended and authorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it. Answer: A is incorrect. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source.

PSK cracking is an attack technique in which an attacker tries to intercept the successful handshake and then uses a dictionary attack to retrieve the shared key. Answer: A is incorrect. Shared key guessing is an attack technique in which an intruder by use of various cracking tools tries to guess the shared key of a wireless network and gain access to it. Answer: C is incorrect. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit. Answer: B is incorrect. In a brute force attack, an attacker uses software that tries a large number of the keys combinations in order to get a password. To prevent such attacks, users should create passwords more difficult to guess, e.g., using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations, etc.

Website monitoring service can check HTTP pages, HTTPS, FTP, SMTP, POP3, IMAP, DNS, SSH, Telnet, SSL, TCP, PING, Domain Name Expiry, SSL Certificate Expiry, and a range of other ports with great variety of check intervals from every four hours to every one minute. Typically, most website monitoring services test a server anywhere between once-per hour to once-per-minute. Advanced services offer in-browser web transaction monitoring based on browser add-ons such as Selenium or iMacros. These services test a website by remotely controlling a large number of web browsers. Hence, it can also detect website issues such a JavaScript bugs that are browser specific. Answer: A is incorrect. This task is performed under network monitoring. Network tomography deals with monitoring the health of various links in a network using end-to-end probes sent by agents located at vantage points in the network/Internet.

In Unix, the /var/log/secure file is used to track the systems for user logins. Answer: D is incorrect. In Unix, the /var/log/maillog file is the normal system maillog file. Answer: A is incorrect. In Unix, the /var/log/messages file is the main system message log file. Answer: C is incorrect. In Unix, the /var/spool/mail file is the file where mailboxes are usually stored.

There are many purposes of conducting risk analysis, which are as follows: To try to quantify the possible impact or loss of a threat To analyze exposure to risk in order to support better decision-making and proper management of those risks To support risk-based audit decisions To assist the auditor in determining the audit objectives To assist the auditor in identifying the risks and threats Answer: A is incorrect. The analysis of risk does not ensure absolute safety. The main purpose of using a risk-based audit strategy is to ensure that the audit adds value with meaningful information.

In information security, security risks are considered an indicator of threats coupled with vulnerability. In other words, security risk is a probabilistic function of a given threat agent exercising a particular vulnerability and the impact of that risk on the organization. Security risks can be mitigated by reviewing and taking responsible actions based on possible risks. These risks can be analyzed and measured by the risk analysis process. Answer: A is incorrect. Security risks can never be removed completely but can be mitigated by taking proper actions.

The auditor of a Cisco router should be familiar with the variety of privilege modes. The current privilege mode can be quickly identified by looking at the current router prompt. The prime modes of a Cisco router are as follows: #Nonprivileged mode: router> #Priviledged mode: router# #Global configuration mode: router(config)# #Interface configuration mode: router(config-if)# #ACL configuration mode: router(config-ext-nacl)# #Boot loader mode: router(boot) #Remote connectivity config mode: router(config-line)#

According to the scenario, you want to implement a security policy to keep safe your data when you connect your Laptop to the office network over IEEE 802.11 WLANs. For this, you will use the following two options:

1. Using IPSec enabled VPN for remote connectivity: Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security. IPSec can encrypt virtually everything above the networking layer. It is used for VPN connections that use the L2TP protocol. It secures both data and password.

2. Using personal firewall software on your Laptop: You can also create a firewall rule to block malicious packets so that you can secure your network. Answer: C is incorrect. Portscanner is used for scanning port and tells which ports are open. However, this tool is very much useful in information gathering step of the attacking process, it cannot be used to protect a WLAN network. Answer: B is incorrect. You cannot use the packet analyzer to protect your network. Packet analyzer is used to analyze data packets flowing in the network.

Audit trail or audit log comes under detective controls. Detective controls are the audit controls that are not needed to be restricted. Any control that performs a monitoring activity can likely be defined as a Detective Control. For example, it is possible that mistakes, either intentional or unintentional, can be made. Therefore, an additional Protective control is that these companies must have their financial results audited by an independent Certified Public Accountant. The role of this accountant is to act as an auditor. In fact, any auditor acts as a Detective control. If the organization in question has not properly followed the rules, a diligent auditor should be able to detect the deficiency which indicates that some control somewhere has failed. Answer: B is incorrect. Reactive or corrective controls typically work in response to a detective control, responding in such a way as to alert or otherwise correct an unacceptable condition. Using the example of account rules, either the internal Audit Committee or the SEC itself, based on the report generated by the external auditor, will take some corrective action. In this way, they are acting as a Corrective or Reactive control. Answer: A, D are incorrect. Protective or preventative controls serve to proactively define and possibly enforce acceptable behaviors. As an example, a set of common accounting rules are defined and must be followed by any publicly traded company. Each quarter, any particular company must publicly state its current financial standing and accounting as reflected by an application of these rules. These accounting rules and the SEC requirements serve as protective or preventative controls.

Using CAPTCHA or restricting the number of login attempts are good countermeasures against a brute force attack.

Data mining is a process of sorting through data to identify patterns and establish relationships. Following are the data mining parameters: Association: Looking for patterns where one event is connected to another event. Sequence or path analysis: Looking for patterns where one event leads to another later event. Classification: Looking for new patterns (may result in a change in the way the data is organized but is acceptable). Clustering: Finding and visually documenting groups of facts not previously known. Forecasting: Discovering patterns in data that can lead to reasonable predictions about the future (This area of data mining is known as predictive analytics).

The klogd and sysklogd commands can be used to intercept and log the Linux kernel messages.

HTTP-EQUIV is an attribute of the META tag. It sets or retrieves information used to bind the META tag's content to an HTTP response header. The pragma value of HTTP-EQUIV controls the page cache.

LogMiner requires a dictionary to translate object IDs into object names when it returns redo data to you. You have the following three options to retrieve the data dictionary: The Online catalog: It is the most easy and efficient option to be used. It is used when a database user have access to the source database from which the redo log files were created. The other condition that should qualify is that there should be no changes to the column definitions in the desired tables. The Redo Log Files: This option is used when a database user does not have access to the source database from which the redo log files were created and if there is any chances of changes to the column definitions of the desired tables. An operating system flat file: Oracle does not recommend to use this option, but it is retained for backward compatibility. The reason for not preferring the option is that it does not guarantee transactional consistency. LogMiner is capable to access the Oracle redo logs. It keeps the complete record of all the activities performed on the database, and the associated data dictionary, which is used to translate internal object identifiers and types to external names and data formats. For offline analysis, LogMiner can be run on a separate database, using archived redo logs and the associated dictionary from the source database.

KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet, its Linux/BSD namesake and far exceeding those of NetStumbler, its closest equivalent on Windows. The program is geared toward network security professionals, and is not as novice-friendly as similar applications. KisMAC will scan for networks passively on supported cards - including Apple's AirPort, and AirPort Extreme, and many third-party cards, and actively on any card supported by Mac OS X itself. Cracking of WEP and WPA keys, both by brute force, and exploiting flaws such as weak scheduling and badly generated keys is supported when a card capable of monitor mode is used, and packet reinjection can be done with a supported card. GPS mapping can be performed when an NMEA compatible GPS receiver is attached. Data can also be saved in pcap format and loaded into programs such as Wireshark.

SSID stands for Service Set Identifier. It is used to identify a wireless network. SSIDs are case sensitive text strings and have a maximum length of 32 characters. All wireless devices on a wireless network must have the same SSID in order to communicate with each other. The SSID on computers and the devices in WLAN can be set manually and automatically. Configuring the same SSID as that of the other Wireless Access Points (WAPs) of other networks will create a conflict. A network administrator often uses a public SSID that is set on the access point. The access point broadcasts SSID to all wireless devices within its range. Some newer wireless access points have the ability to disable the automatic SSID broadcast feature in order to improve network security.

Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs). It has two components, authentication and encryption. It provides security equivalent to wired networks for wireless networks. WEP encrypts data on a wireless network by using a fixed secret key. WEP uses the RC4 encryption algorithm. The main drawback of WEP is that its Initialization Vector (IV) field is only 24 bits long. Many automated tools such as AirSnort are available for discovering WEP keys. Answer: C is incorrect. WPA stands for Wi-Fi Protected Access. It is a wireless security standard. It provides better security than WEP (Wired Equivalent Protection). Windows Vista supports both WPA-PSK and WPA-EAP. Each of these is described as follows: WPA-PSK: PSK stands for Preshared key. This standard is meant for home environment. WPA-PSK requires a user to enter an 8- character to 63-character passphrase into a wireless client. The WPA converts the passphrase into a 256-bit key. WPA-EAP: EAP stands for Extensible Authentication Protocol. This standard relies on a back-end server that runs Remote Authentication Dial-In User Service for user authentication. Note: Windows Vista supports a user to use a smart card to connect to a WPA-EAP protected network.

A Web-based application uses Data Source Name (DSN) to connect to a database. DSN is a logical name used by Open Database Connectivity (ODBC) to refer to connection information required to access data. Answer: C is incorrect. The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server. CGI defines the communication link between a Web server and Web applications. It gives a network or Internet resource access to specific programs. For example, when users submit an HTML form on a Web site, CGI is used to pass this information to a remote application for processing, and retrieve the results from the application. It then returns these results to the user by means of an HTML page. Answer: D is incorrect. Fully Qualified Domain Name (FQDN) is a unique name of a host or computer, which represents its position in the hierarchy. An FQDN begins with a host name and ends with the top-level domain name. FQDN includes the second-level domain and other lower level domains. For example, the FQDN of the address HTTP://WWW.UNI.ORG will be WWW.UNI.ORG where WWW is the host name, UNI is the second-level domain, and ORG is the top-level domain name. Answer: B is incorrect. Domain Name System (DNS) is a hierarchical naming system used for locating domain names on private TCP/IP networks and the Internet. It provides a service for mapping DNS domain names to IP addresses and vice versa. DNS enables users to use friendly names to locate computers and other resources on an IP network. TCP/IP uses IP addresses to locate and connect to hosts, but for users, it is easier to use names instead of IP address to locate or connect to a site. For example, users will be more comfortable in using the host name www.uCertify.com rather than using its IP address 66.111.64.227.

Confidentiality is a mechanism that ensures that only the intendeA, Duthorized recipients are able to read data. The data is so encrypted that even if an unauthorized user gets access to it, he will not get any meaning out of it. Answer: D is incorrect. Authorization is a process that verifies whether a user has permission to access a Web resource. A Web server can restrict access to some of its resources to only those clients that log in using a recognized username and password. To be authorized, a user must first be authenticated. Answer: C is incorrect. Authentication is the process of verifying the identity of a user. This is usually done using a user name and password. This process compares the provided user name and password with those stored in the database of an authentication server. Answer: B is incorrect. Data integrity is a mechanism that ensures that the data is not modified during transmission from source to destination. This means that the data received at the destination should be exactly the same as that sent from the source.

SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store the SQL* Plus commands. The SQL buffer can be edited or saved to a file. A SQL command or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at the command prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered on a new line, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics, 3 of 4"

According to the network diagram, the IP address range used on the network is from the class C private address range. The class C IP address uses the following default subnet mask: 255.255.255.0 The question specifies that the subnet mask used in Host B is 255.255.0.0, which is an incorrect subnet mask.

The getSession() method of the HttpServletRequest interface returns the current session associated with the request, or creates a new session if no session exists. The method has two syntaxes as follows: public HttpSession getSession(): This method creates a new session if it does not exist. public HttpSession getSession(boolean create): This method becomes similar to the above method if create is true, and returns the current session if create is false. It returns null if no session exists. Answer: B is incorrect. The getSession(false) method returns a pre-existing session. It returns null if the client has no session associated with it.

A SQL statement or a PL/SQL block can be executed by entering a semicolon (;) or a slash (/), or by using the RUN command at SQL prompt. When a semicolon (;) is entered at the end of a command, the command is completed and executed. When a slash (/) is entered, the command in the buffer is executed. It can also be used to execute a PL/SQL block. The RUN command is used to execute a command in the buffer. Note: The SQL buffer stores the most recently used SQL commands and PL/SQL blocks. It does not store SQL* Plus commands. It can be edited or saved to a file. Note: A SQL command can be saved in the buffer by entering a blank line. Reference: Oracle8i Online Documentation, Contents: "SQL*PLUS Users Guide and Reference", "Learning SQL*PLUS Basics,3 of 4", "Understanding SQL COMMAND Syntax"

According to the question, you highest priority is to scan the Web applications for vulnerability.

Whois queries are used to determine the IP address ranges associated with clients. A whois query can be run on most UNIX environments. In a Windows environment, the tools such as WsPingPro and Sam Spade can be used to perform whois queries. Whois queries can also be executed over the Web from www.arin.net and www.networksolutions.com. Answer: B is incorrect. A SQL injection attack is a process in which an attacker tries to execute unauthorized SQL statements. These statements can be used to delete data from a database, delete database objects such as tables, views, stored procedures, etc. An attacker can either directly enter the code into input variables or insert malicious code in strings that can be stored in a database. For example, the following line of code illustrates one form of SQL injection attack: query = "SELECT * FROM users WHERE name = '" + userName + "';" This SQL code is designed to fetch the records of any specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious hacker, the SQL statement may do more than the code author intended. For example, if the attacker puts the "userName" value as ' or ''=', the SQL statement will now be as follows: SELECT * FROM users WHERE name = '' OR ''=''; Answer: D is incorrect. Web ripping is a technique in which the attacker copies the whole structure of a Web site to the local disk and obtains all files of the Web site. Web ripping helps an attacker to trace the loopholes of the Web site. Answer: C is incorrect. Snooping is an activity of observing the content that appears on a computer monitor or watching what a user is typing. Snooping also occurs by using software programs to remotely monitor activity on a computer or network device. Hackers or attackers use snooping techniques and equipment such as keyloggers to monitor keystrokes, capture passwords and login information, and to intercept e-mail and other private communications. Sometimes, organizations also snoop their employees legitimately to monitor their use of organizations' computers and track Internet usage.

There are different portions that can be included in the firewall policy. These portions include the acceptable use statement, the network connection statement, the contracted worker statement, and the firewall administrator statement. The contracted worker statement portion of the policy is related to the contracted or the temporary workers. It states the rights and permissions for these workers. Some of the items hat can be included in this portion are as follows: No contractors can use FTP unless specifically granted to use it. No contractors shall have access to TELNET unless specifically granted to use it. No contractors shall have access to unauthorized resources. No contractors shall have access to scan the network. Answer: A is incorrect. Only authorized resources should be accessed by the contractors.

A demilitarized zone (DMZ) is the most secure place to host a server that will be accessed publicly through the Internet. Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network. It is the boundary between the Internet and an internal network, usually a combination of firewalls and bastion hosts that are gateways between inside networks and outside networks. DMZ provides a large enterprise network or corporate network the ability to use the Internet while still maintaining its security. Answer: B is incorrect. Hosting a server on the intranet for public access will not be good from a security point of view.

A Cascading Style Sheet (CSS) is a separate text file that keeps track of design and formatting information, such as colors, fonts, font sizes, and margins, used in Web pages. CSS is used to provide Web site authors greater control on the appearance and presentation of their Web pages. It has codes that are interpreteA, Dpplied by the browser on to the Web pages and their elements. CSS files have .css extension. There are three types of Cascading Style Sheets: External Style Sheet Embedded Style Sheet Inline Style Sheet Answer: A is incorrect. A style sheet is a set of additional tags used to describe the appearance of individual HTML tags. These tags can

SSL and TLS protocols are used to provide secure communication between a client and a server over the Internet.

You will use the tee command to write its content to standard output and simultaneously copy it into the specified file. The tee command is used to split the output of a program so that it can be seen on the display and also be saved in a file. It can also be used to capture intermediate output before the data is altered by another command or program. The tee command reads standard input, then writes its content to standard output, and simultaneously copies it into the specified file(s) or variables. The syntax of the tee command is as follows: tee [-a] [-i] [File] where, the -a option appends the output to the end of File instead of writing over it and the -i option is used to ignore interrupts. Answer: A is incorrect. The concatenate (cat) command is used to display or print the contents of a file. Syntax: cat filename For example, the following command will display the contents of the /var/log/dmesg file: cat /var/log/dmesg Note: The more command is used in conjunction with the cat command to prevent scrolling of the screen while displaying the contents of a file. Answer: C is incorrect. The less command is used to view (but not change) the contents of a text file, one screen at a time. It is similar to the more command. However, it has the extended capability of allowing both forwarB, Dackward navigation through the file. Unlike most Unix text editors/viewers, less does not need to read the entire file before starting; therefore, it has faster load times with large files. The command syntax of the less command is as follows: less [options] file_name Where,

C:\Documents and Settings\user-nwz\Desktop\1.JPG

Answer: B is incorrect. The more command is used to view (but not modify) the contents of a text file on the terminal screen at a time. The syntax of the more command is as follows: more [options] file_name Where,

C:\Documents and Settings\user-nwz\Desktop\1.JPG

A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans include specific strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also include a monitoring process and triggers for initiating planned actions. Answer: A is incorrect. Disaster recovery is the process, policies, and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Answer: C is incorrect. It deals with the plans and procedures that identify and prioritize the critical business functions that must be preserved. Answer: B is incorrect. It includes the plans and procedures documented that ensure the continuity of critical operations during any period where normal operations are impossible.

Durability is the attribute of ACID which confirms that the committed data will be saved by the system such that, even in the event of a failure or system restart, the data will be available in its correct state. Answer: B is incorrect. Atomicity is the attribute of ACID which confirms that, in a transaction involving two or more discrete pieces of information, either all of the pieces are committed or none are. Answer: D is incorrect. Consistency is the attribute of ACID which confirms that a transaction either creates a new and valid state of data, or, if any failure occurs, returns all data to its state before the transaction was started. Answer: C is incorrect. Isolation is the attribute of ACID which confirms that a transaction in process and not yet committed must remain isolated from any other transaction.

The routing algorithm uses certain variables to create a metric of a path. It is the metric that is actually used for path determination. Variables that are used to create a metric of a path are as follows: Hop count: It is the total number of routers that a data packet goes through to reach its destination. Cost: It is determined by the administrator or calculated by the router. Bandwidth: It is defined as the bandwidth that the link provides. Maximum transmission unit (MTU): It is the largest message size that a link can route. Load: It states the amount of work the CPU has to perform and the number of packets the CPU needs to analyze and make calculations on.

Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig is a wireless connection management utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to based on a user's preferences and various default settings. This can be used instead of, or in the absence of, a wireless network utility from the manufacturer of a computer's wireless networking device. The drivers for the wireless adapter query the NDIS Object IDs and pass the available network names to the service. WZC also introduce some security threats, which are as follows: WZC will probe for networks that are already connected. This information can be viewed by anyone using a wireless analyzer and can be used to set up fake access points to connect. WZC attempts to connect to the wireless network with the strongest signal. Attacker can create fake wireless networks with high- power antennas and cause computers to associate with his access point. Answer: D is incorrect. WZC does not interfere in the configuration of encryption and MAC filtering. Answer: B is incorrect. In a ping flood attack, an attacker sends a large number of ICMP packets to the target computer using the ping command, i.e., ping -f target_IP_address. When the target computer receives these packets in large quantities, it does not respond and hangs.

The routing table displays various RIP and Connected routes. There is no routing entry for 10.10.100.0/24, but there is a default route in the routing table using 172.18.1.1 as the next hop router. Given that 10.10.100.0/24 does not have a direct entry in the routing table, RouterA will forward traffic to the default route next hop address of 172.18.1.1. Answer: A is incorrect. The address does not appear in the routing table as a next hop router, in addition to being an actual subnet number for 192.168.10.0/24. Answer: C is incorrect. 172.18.50.1 is the next hop for reaching 192.168.11.0. Answer: B is incorrect. 172.18.60.1 is the next hop for reaching 192.168.12.0.

Firewall logs will show all incoming and outgoing traffic. By examining those logs you can detect anomalous traffic, which can indicate the presence of malicious code such as rootkits. Answer: B is incorrect. While an IDS might be the most obvious solution in this scenario, it is not the only one. Answer: C is incorrect. It is very unlikely that anything in your domain controller logs will show the presence of a rootkit, unless that rootkit is on the domain controller itself. Answer: A is incorrect. A DMZ is an excellent firewall configuration but will not aid in detecting rootkits.

The MARGINHEIGHT and MARGINWIDTH attributes are used in the tag to adjust the top and left margins of a Web page to be displayed in Netscape Navigator. Specifying MARGINHEIGHT="0" and MARGINWIDTH="0" within the tag will create a borderless page structure when viewed in Netscape Navigator. Answer: D is incorrect. The TOPMARGIN and LEFTMARGIN attributes are used in the tag to adjust the top and left margins of a Web page to be displayed in Internet Explorer. Specifying TOPMARGIN="0" and LEFTMARGIN="0" within the tag will create a borderless page structure when viewed in Internet Explorer. Answer: C is incorrect. These attributes are used to adjust margins and not to delete text from margins.

A null session is an anonymous connection to a freely accessible network share called IPC$ on Windows-based servers. It allows immediate read and write access with Windows NT/2000 and read-access with Windows XP and 2003. The command to be inserted at the DOS-prompt is as follows: net use \\IP address_or_host name\ipc$ "" "/user:" net use Port numbers 139 TCP and 445 UDP can be used to start a NULL session attack.

The hard or soft NFS mount options are used to specify whether a program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error. Answer: A is incorrect. The intr NFS mount option allows NFS requests to be interrupted if the server goes down or cannot be reached. Answer: C is incorrect. The nfsvers=2 or nfsvers=3 NFS mount options are used to specify which version of the NFS protocol to use. Answer: D is incorrect. The fsid=num NFS mount option forces the file handle and file attributes settings on the wire to be num.

A firewall is a set of related programs configured to protect private networks connected to the Internet from intrusion. It is used to regulate the network traffic between different computer networks. It permits or denies the transmission of a network packet to its destination based on a set of rules. A firewall is often installed on a separate computer so that an incoming packet does not get into the network directly. Answer: B is incorrect. Windows Defender is a software product designed by Microsoft to provide continuous security against malware. If it detects anything suspicious, an alert will appear on the screen. Windows Defender can also be used to scan a computer for suspicious software. It can remove or quarantine any malware or spyware it finds. Answer: C is incorrect. Software Explorer is a tool of Windows Defender. It is used to remove, enable, or disable the programs running on a computer. Answer: D is incorrect. Quarantined items is a tool of Windows Defender. It is used to remove or restore a program blocked by Windows Defender.

Packet filtering firewalls work on the first three layers of the OSI reference model, which means all the work is done between the network and physical layers. When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). A packet filter passes or blocks packets at a network interface based on source and destination addresses, ports, or protocols. The process is used in conjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewall program for protecting a local network from unwanted intrusion. This type of firewall can be best used for network perimeter security. Answer: B is incorrect. An Intrusion detection system (IDS) is software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet. These attempts may take the form of attacks, as examples, by crackers, malware and/or disgruntled employees. An IDS cannot directly detect attacks within properly encrypted traffic. An intrusion detection system is used to detect several types of malicious behaviors that can compromise the security and trust of a computer system. This includes network attacks against vulnerable services, data driven attacks on applications, host based attacks such as privilege escalation, unauthorized logins and access to sensitive files, and malware (viruses, trojan horses, and worms). Answer: A is incorrect. A proxy server exists between a client's Web-browsing program and a real Internet server. The purpose of the proxy server is to enhance the performance of user requests and filter requests. A proxy server has a database called cache where the most frequently accessed Web pages are stored. The next time such pages are requested, the proxy server is able to suffice the request locally, thereby greatly reducing the access time. Only when a proxy server is unable to fulfill a request locally does it forward the request to a real Internet server. The proxy server can also be used for filtering user requests. This may be done in order to prevent the users from visiting non-genuine sites. Answer: D is incorrect. A honeypot is a term in computer terminology used for a trap that is set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated, and monitored, and which seems to contain information or a resource of value to attackers.

AS PATH Inference is one of the prominent techniques used for creating Internet maps. This technique relies on various BGP collectors that collect information such as routing updates and tables and provide this information publicly. Each BGP entry contains a Path Vector attribute called the AS Path. This path represents an autonomous system forwarding path from a given origin for a given set of prefixes. These paths can be used to infer AS-level connectivity and in turn be used to build AS topology graphs. However, these paths do not necessarily reflect how data is actually forwardeA, Ddjacencies between AS nodes only represent a policy relationship between them. A single AS link can in reality be several router links. It is also much harder to infer peering between two AS nodes, as these peering relationships are only propagated to an ISP's customer networks. Nevertheless, support for this type of mapping is increasing as more and more ISP's offer to peer with public route collectors such as Route-Views and RIPE. New toolsets are emerging such as Cyclops and NetViews that take advantage of a new experimental BGP collector BGPMon. NetViews can not only build topology maps in seconds but visualize topology changes moments after occurring at the actual router. Hence, routing dynamics can be visualized in real time. Answer: B is incorrect. There is no such Internet mapping technique.

Answer: D is incorrect. Firewalking is a technique for gathering information about a remote network protected by a firewall. This technique can be used effectively to perform information gathering attacks. In this technique, an attacker sends a crafted packet with a TTL value that is set to expire one hop past the firewall. If the firewall allows this crafted packet through, it forwards the packet to the next hop. On the next hop, the packet expires and elicits an ICMP "TTL expired in transit" message to the attacker. If the firewall does not allow the traffic, there should be no response, or an ICMP "administratively prohibited" message should be returned to the attacker. A malicious attacker can use firewalking to determine the types of ports/protocols that can bypass the firewall. To use firewalking, the attacker needs the IP address of the last known gateway before the firewall and the IP address of a host located behind the firewall. The main drawback of this technique is that if an administrator blocks ICMP packets from leaving the network, it is ineffective. Answer: A is incorrect. Path MTU discovery (PMTUD) is a technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentation. Path MTU discovery works by setting the DF (Don't Fragment) option bit in the IP headers of outgoing packets. Then, any device along the path whose MTU is smaller than the packet will drop it, and send back an ICMP "Fragmentation Needed" (Type 3, Code 4) message containing its MTU, allowing the source host to reduce its path MTU appropriately. The process repeats until the MTU is small enough to traverse the entire path without fragmentation. If the path MTU changes after the connection is set up and is lower than the previously determined path MTU, the first large packet will cause an ICMP error and the new, lower path MTU will be found. Conversely, if PMTUD finds that the path allows a larger MTU than what is possible on the lower link, the OS will periodically reprobe to see if the path has changed and now allows larger packets. On Linux this timer is set by default to ten minutes.

Ad Hoc Association is a type of attack in which an attacker tries to connect directly to an unsecured station to circumvent the AP security or to attack the station. Any wireless card or USB adapter can be used to perform this attack.

With either encryption method (WEP or WPA) you can give the password to customers who need it, and even change it frequently (daily if you like). So this won't be an inconvenience for customers.

Contactless tokens are the third main type of physical tokens. Unlike connected tokens, they form a logical connection to the client computer but do not require a physical connection. The absence of the need for physical contact makes them more convenient than both connected and disconnected tokens. As a result, contactless tokens are a popular choice for keyless entry systems and electronic payment solutions such as Mobil Speedpass, which uses RFID to transmit authentication information from a keychain token. However, there have been various security concerns raised about RFID tokens after researchers at Johns Hopkins University and RSA Laboratories discovered that RFID tags could be easily cracked and cloned. Another downside is that contactless tokens have relatively short battery lives, usually only 3-5 years, which is low compared to USB tokens which may last up to 10 years. However, some tokens do allow the batteries to be changed, thus reducing costs. Answer: A is incorrect. Virtual tokens are a new concept in multi-factor authentication first introduced in 2005 by security company Sestus. Virtual tokens work by sharing the token generation process between the Internet website and the user's computer and have the advantage of not requiring the distribution of additional hardware or software. In addition, since the user's device is communicating directly with the authenticating website, the solution is resistant to man-in-the-middle attacks and similar forms of online fraud. Answer: B is incorrect. Connected tokens are tokens that must be physically connected to the client computer. Tokens in this category will automatically transmit the authentication information to the client computer once a physical connection is made, eliminating the need for the user to manually enter the authentication information. However, in order to use a connected token, the appropriate input device must be installed. The most common types of physical tokens are smart cards and USB tokens, which require a smart card reader and a USB port, respectively. Answer: C is incorrect. Disconnected tokens have neither a physical nor logical connection to the client computer. They typically do not require a special input device, and instead use a built-in screen to display the generated authentication data, which the user enters manually via a keyboard or keypad. Disconnected tokens are the most common type of security token used (usually in combination with a password) in two-factor authentication for online identification.