SCP sc0-471 online test

Strategic Infrastructure Security Exam

What students need to know about the sc0-471 exam

  • Total None Questions & Answers

Question 1

During a routine security inspection of the clients in your network, you find a program called
cgiscan.c on one of the computers. You investigate the file, reading part of the contents. Using the
portion of the program shown below, identify the function of the program. Temp[1] = "GET /cgi-
bin/phf HTTP/1.0\n\n"; Temp[2] = "GET /cgi-bin/Count.cgi HTTP/1.0\n\n"; Temp[3] = "GET /cgi-
bin/test-cgi HTTP/1.0\n\n"; Temp[4] = "GET /cgi-bin/php.cgi HTTP/1.0\n\n"; Temp[5] = "GET /cgi-
bin/handler HTTP/1.0\n\n"; Temp[6] = "GET /cgi-bin/webgais HTTP/1.0\n\n"; Temp[7] = "GET /cgi-
bin/websendmail HTTP/1.0\n\n";

  • A. The program is designed to launch the user's email program.
  • B. The program is designed to manage the counters on a target web server.
  • C. The program is simply old temp files, and nothing of interest.
  • D. The program is designed to test the functionality of the cgi email scripts that are installed on the server.
  • E. The program is a vulnerability scanner



Question 2

When using multiple alphabets, what type of cipher is being used?

  • A. Polyalphabetic Cipher
  • B. Multiple Cipher
  • C. Multialphabetic Cipher
  • D. Confusion Cipher
  • E. Diffusion Cipher



Question 3

DES is often defined as no longer "secure enough" to handle high security requirements. Why is this?

  • A. DES is more vulnerable to dictionary attacks than other algorithms
  • B. DES is more vulnerable to brute-force attacks than other algorithms
  • C. DES uses a 32-bit key length, which can be cracked easily
  • D. DES uses a 64-bit key, which can be cracked easily
  • E. The DES key can be cracked in a short time



Question 4

Your organization assigns an Annual Loss Expectancy to assets during a risk analysis meeting. You
have a server which if down for a day will lose the company $35,000, and has a serious root access
attack against it once per month. What is the ALE for this attack against this server?

  • A. $35,000
  • B. $120,000
  • C. $2,916
  • D. $3,500
  • E. $420,000



Question 5

While configuring TCP Wrappers on your Linux system, you desire to create a line that will effect the
single host accessing the telnet service. Which of the following lines will achieve this
desired result?

  • A. in.telnetd
  • B. HOST( in.telnetd
  • C. in.telnetd: HOST_10.20.23.45
  • D. in.telnetd: ONLY_10.20.23.45/32
  • E. in.telnetd:



Question 6

Which three of the following are examples of the reason that Message Authentication is needed?

  • A. Packet Loss
  • B. Content Modification
  • C. Masquerading
  • D. Public Key Registration
  • E. Sequence Modification

B, C, E


Question 7

Which two of the following are factors that must be considered in determining the likelihood of
occurrence during a risk analysis review?

  • A. What are the methods available to attack this asset?
  • B. What are the costs associated with protecting this asset?
  • C. Does the threat have sufficient capability to exercise the attack?
  • D. Does the threat have the motivation or incentive to exercise the attack?
  • E. Are any of the assets worthy of an attack?

C, D


Question 8

Recently, you have seen an increase in intrusion attempts and in network traffic. You decide to use
Snort to run a packet capture and analyze the traffic that is present. Looking at the example, what
type of traffic did Snort capture in this log file?

  • A. Linux Ping Reply
  • B. Windows 2000 Ping Reply
  • C. Windows NT 4.0 Ping Request
  • D. Linux Ping Request
  • E. Windows 2000 Ping Request
  • E. Windows 2000 Ping Request



Question 9

You have been given the task of writing your organization's security policy. During your research you
find that there are several established standards for security policy design. Which of the following are
accepted standards?

  • A. ISO 17799
  • B. BS 197
  • C. ISO 979
  • D. BS 7799
  • E. ISO 179

A, D


Question 10

To maintain the security of your network you routinely run several checks of the network and
computers. Often you use the built-in tools, such as netstat.If you run the following command,
netstat -s which of the following will be the result?

  • A. Displays all connections and listening ports
  • B. Displays Ethernet statistics.
  • C. Displays addresses and port numbers in numerical form
  • D. Shows connections for the protocol specified
  • E. Displays per-protocol statistics


To page 2