Which of the following is NOT true of cryptography?

Which Open Web Application Security Project (OWASP) implements a web application full of
known vulnerabilities?

Which of the following best describes session key creation in SSL?

A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses
the nslookup interactive mode for the search. Which command should the hacker type into the
command shell to request the appropriate records?

How many bits encryption does SHA-1 use?

After gaining access to the password hashes used to protect access to a web based application,
knowledge of which cryptographic algorithms would be useful to gain access to the application?

There is some dispute between two network administrators at your company. Your boss asks you
to come and meet with the administrators to set the record straight. Which of these are true about
PKI and encryption?
Select the best answers.

To send a PGP encrypted message, which piece of information from the recipient must the sender
have before encrypting the message?

A client has approached you with a penetration test requirements. They are concerned with the
possibility of external threat, and have invested considerable resources in protecting their Internet
exposure. However, their main concern is the possibility of an employee elevating his/her
privileges and gaining access to information outside of their respective department.
What kind of penetration test would you recommend that would best address the client’s concern?

An attacker has been successfully modifying the purchase price of items purchased on the
company’s web site. The security administrators verify the web server and Oracle database have
not been compromised directly. They have also verified the Intrusion Detection System (IDS) logs
and found no attacks that could have caused this. What is the mostly likely way the attacker has
been able to modify the purchase price?