EC COUNCIL-Ethical Hacking and Countermeasures V7 Set 12

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Which element of Public Key Infrastructure (PKI) verifies the applicant?

Which Open Web Application Security Project (OWASP) implements a web application full of known vulnerabilities?

After gaining access to the password hashes used to protect access to a web based application, knowledge of which cryptographic algorithms would be useful to gain access to the application?

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

An attacker has been successfully modifying the purchase price of items purchased on the company's web site. The security administrators verify the web server and Oracle database have not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs and found no attacks that could have caused this. What is the mostly likely way the attacker has been able to modify the purchase price?

Which of the following items is unique to the N-tier architecture method of designing software applications?

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output: HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-ModifieWed, 28 Dec 2010 15:32:21 GMT ETaG. "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?