Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model
(CMM)?

Which of the following attack could be avoided by creating more security awareness in the organization and
provide adequate security knowledge to all employees?

Which of the following attack includes social engineering, link manipulation or web site forgery techniques?

Examine the following characteristics and identify which answer best indicates the likely cause of this behavior:
Core operating system files are hidden
Backdoor access for attackers to return
Permissions changing on key files
A suspicious device driver
Encryption applied to certain files without explanation
Logfiles being wiped

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Debbie from finance called to tell you that she downloaded and installed a free wallpaper program that sets the
wallpaper on her computer to match the current weather outside but now her computer runs slowly and the disk
drive activity light is always on. You take a closer look and when you do a simple port scan to see which ports
are open on her computer, you notice that TCP/80 is open. You point a web browser at her computer’s IP
Address and port and see a site selling prescription drugs.
Apart from the wallpaper changing software, what did Debbie install without her knowledge?

A virus is a program that can replicate itself on a system but not necessarily spread itself by network
connections.
What is malware that can spread itself over open network connections?

What would you call an attack where an attacker can influence the state of the resource between check and
use?
This attack can happen with shared resources such as files, memory, or even variables in multithreaded
programs. This can cause the software to perform invalid actions when the resource is in an unexpected state.
The steps followed by this attack are usually the following: the software checks the state of a resource before
using that resource, but the resource’s state can change between the check and the use in a way that
invalidates the results of the check.

In what way could Java applets pose a security threat?

What is one disadvantage of content-dependent protection of information?