|Exam Name||:||McAfee Certified Assessment Specialist-(R) UH|
|Questions and Answers||:||177 Q & A|
|Updated On||:||February 23, 2018|
|PDF Download Mirror||:||MA0-150 Brain Dump|
|Get Full Version||:||Pass4sure MA0-150 Full Version|
A web application that implements three invalid login attempts is mitigating against
Reverse brute force attacks.
Denial of service.
Brute force attacks.
What type of attack leverages the trust that a user has in a website?
Cross-site request forgery
Trust boundary issues
What does the command "xlsclients -display 192.168.1.1:0.0 -/' do?
Lists the IPs of clients connected to a server
Lists the windows on a remote X Windows display
Opens a xterm window on a remote system
Performs a Man-in-the-Middle attack against a X Windows server
What is the security best-practice countermeasure to prevent port redirection?
Implementing host-based firewall ACLs
Consuming all ports with legitimate programs
Setting strong file system ACLs
A corporate user has just been hacked and shell code is installed. The attacker is running with NT AUTHORITY/SYSTEM privileges and cannot escalate to any other account. What protection mechanism will prevent the user's data from compromise?
Full disk encryption
Encrypted File System
Tight file level ACLs
A consultant is hired to perform social engineering for a company known as MegaVal. The consultant decides to impersonate MegaVal's website (www.megaval.com) by creating a new site (www.megaval- survey.com). To make the new site look legitimate, the consultant creates HTML for a login page and then uses MegaVal's cascading style sheets (CSS). Using email addresses harvested from MegaVal's website, the consultant sends emails to MegaVal employees requiring them to take part in a mandatory survey. The consultant now waits to see if any MegaVal employees login to the site and capture their usernames and passwords. After collecting numerous set of credentials, the consultant navigates to owa.megaval.com and is able to login to MegaVal employees Outlook web access accounts. What is the security issue?
MegaVal failed to remove OWA from IIS.
The MS Exchange server should be placed in the DMZ.
Firewalls did not restrict traffic.
Multi-factor authentication was not implemented.
However, the consultant receives the following error message:
Which of the following commands would the consultant execute in order to enable xp_cmdshell remotely?
exec spconfigure 'xpcmdshell', 1
exec sp_configure 'enable xp_cmdshell', 1
exec sp_configure 'load on start xp_cmdsheH', 1
exec sp_configure 'sac xp_cmdshell', 1
Start display at page:
Download "McAfee Certified Assessment Specialist Network"
1 McAfee Certified Assessment Specialist Network Exam preparation guide
2 Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample Test Questions 5 Answer Key 7
3 Introduction This guide has been developed as a resource for your preparation to challenge the McAfee Certified Assessment Specialist Network Exam (">MA0-150). The following information is provided in this guide: Learn more about the McAfee Security Certification Program Identify how to register for the exam Locate resources to help you prepare for the exam Review the objectives that the exam may cover Review examples of questions that may appear on the exam Becoming McAfee Certified To be successful in today s competitive IT landscape, you must be able to demonstrate your technology expertise and skills using the latest tools and methodologies. The McAfee Security Certification Program provides product and assessment certifications, validating your knowledge and ability in a variety of security-related categories. McAfee Assessment Certification is designed for security practitioners (penetration testers, auditors, consultants, administrators) with one to three years of experience. This certification level allows candidates to demonstrate knowledge in the following high-level assessment areas: Profiling and inventorying Vulnerability identification Vulnerability exploitation Expanding influence To become McAfee Certified, you must pass one or more McAfee Security Certification Program exams. McAfee has partnered with Prometric, a leading global provider of comprehensive testing and assessment services, to administer our certification program. Prometric makes the certification process easy from start to finish. With more than 5,000 global locations, you can conveniently test your knowledge and become McAfee Certified. Earning a McAfee Certified Assessment Specialist Certification will not guarantee you a job, but it can help you stand out from other job candidates by helping to validate that you have the skills required to perform the job function covered by those certifications. Certification also helps show potential employers your commitment to continued learning and career growth. Some of the benefits of becoming McAfee Certified include: Access to the McAfee Certification Candidate Portal A PDF copy of your certificate ed to you or your employers Provide access to your employers to verify your certifications Exam Details The McAfee Certified Assessment Specialist Network Exam is a computer-based exam offered through Prometric Testing Centers. To locate the most convenient Prometric Testing Center, please visit McAfee Certified Assessment Specialist Network Exam details: Exam number: ">MA0-150 Number of test questions: 100 technical McAfee uses a rounded cut score to determine the passing mark for each exam Test duration: two hours Certification granted: McAfee Certified Assessment Specialist Network The exam timer does not begin until the first technical question (post demographic) You will not be allowed to access any resources or references during the exam period 3
4 Recommended Exam Preparation The McAfee Security Certification Program recommends the following exam preparation strategies: Security practitioners with one to three years experience in penetration testing, auditing, or consulting Attend an authorized training course (Ultimate Hacking):
5 Section three: Infrastructure hacking Network devices Identify SNMP querying Identify and understand basic administration ports Identify and understand routing and switching Identify and understand routing protocols Address resolution protocol (ARP) poisoning Wireless hacking Identify and understand basic security mechanisms Identify and understand how to crack wired equivalent privacy (WEP) Identify and understand how a WiFi protected access (W) enterprise is attacked Section four: Application and data hacking Hacking code Identify and understand the concept of buffer overflow Identify the concepts of reverse engineering Web hacking Identify and understand SQL injection Identify and understand cross-site scripting Identify and understand the concept of cipher suites Understand the use of vulnerability scanners Identify and understand authentication mechanisms Identify and understand HTTP session management Hacking the Internet user Identify and understand the concept of social engineering Identify and understand phishing Identify the method of URL shortening Sample Test Questions The following questions are provided for review. These questions are similar in style and content to the questions referenced in the McAfee Certified Assessment Specialist Network Exam. The answers are provided after the questions. 1. An attack in which a snippet of code is left on a website and persists in its database with the intention of being executed by a victim s browser is called: d. Cross-domain policy revocation 5
6 2. An attack in which a snippet of code is played back to the victim with the assistance of a catalyst, such as an RSS feed is called: d. Cross-domain policy revocation 3. The following is an example of what type of attack? joe OR asdfzxcv = asdfzxcv -- d. SQL injection 4. The following is an example of what type of attack? <img src= > d. SQL injection 5. Which of the following type of SQL injection is an attack that is carried out against a web application that does not display an error message? a. Secret b. Quiet c. Covert d. Blind 6. Checking the referrer header is not considered a good countermeasure against cross-site scripting (XSS) because the header is: a. Optional b. Required c. Not defined d. Tightly coupled 6
7 Answer Key 1. B 2. C 3. D 4. A 5. D 6. A McAfee, Mission College Boulevard Santa Clara, CA McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, . or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. 2011 McAfee, gde_cert-assessment-exam_0311_fnl_ASD
CSRF: Attack and Defense
By Jeremiah Blatz Managing Consultant McAfee Foundstone Professional Services Table of Contents Definition of CSRF 3 Attack Vectors 4 Inline image links 4 Auto-submitting forms 5 Phishing 5 Capabilities
More information Security Assessment Methodologies
1. Introduction SensePost is an information security consultancy that provides security assessments, consulting, training and managed vulnerability scanning services to medium and large enterprises across
More information Protecting Your Critical Assets
Protecting Your Critical Assets Lessons Learned from Operation Aurora By McAfee Labs and McAfee Foundstone Professional Services Table of Contents Executive Summary 3 How Aurora Worked 3 What We Learned
More information 7.0 Self Service Guide
7.0 Self Service Guide 2010 Sage Technologies Limited, publisher of this work. . No part of this documentation may be copied, photocopied, reproduced, translated, microfilmed,
More information Barracuda Web Application Firewall
Barracuda Networks Technical Documentation Barracuda Web Application Firewall Administrator s Guide Version 7.6 RECLAIM YOUR NETWORK Notice 2004-2011, Barracuda Networks, .,
More information Preliminary Course Syllabus
Preliminary Course Syllabus Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Elements of this syllabus are subject to change. Key Data Course
More information Service Catalogue 2011-2012
Service Catalogue 2011-2012 Executive Summary As the world s first not-for-profit comprehensive global public-private partnership against cyber threats, the International Multilateral Partnership Against
More information Security Implementation Guide
Security Implementation Guide Version 34.0, Summer 15 salesforcedocs Last updated: July 29, 2015 2000 2015 salesforcem, inc. . Salesforce is a registered trademark of salesforcem,