282 Chapter 11 ■ Practice Test 3
- Brenda is analyzing the web server logs after a successful compromise of her organization’s
web-based order processing application. She finds an entry in the log file showing that a
user entered the following information as his last name when placing an order:
Smith’;DROP TABLE orders;--What type of attack was attempted?
A. Buffer overflow
B. Cross-site scripting
C. Cross-site request forgery
D. SQL injection- What type of policy describes how long data is kept before destruction?
A. Classification
B. Audit
C. Record retention
D. Availability - What is the goal of the BCP process?
A. RTO < MTD
B. MTD < RTO
C. RPO < MTD
D. MTD < RPO - During which phase of the incident response process would administrators design new
security controls intended to prevent a recurrence of the incident?
A. Reporting
B. Recovery
C. Remediation
D. Lessons Learned
112. Bethany received an email from one of her colleagues with an unusual attachment named
smime.p7s. She does not recognize the attachment and is unsure what to do. What is the
most likely scenario?
A. This is an encrypted email message.
B. This is a phishing attack.
C. This is embedded malware.
D. This is a spoofing attack.For questions 113–115, please refer to the following scenario:Kim is the database security administrator for Aircraft Systems, Inc. (ASI). ASI is a
military contractor engaged in the design and analysis of aircraft avionics systems