- (Topic 2)
Data mining is a process of sorting through data to identify patterns and establish relationships. Which of the following data mining parameters looks for patterns where one event is connected to another event?

Correct Answer:D

Data mining is a process of sorting through data to identify patterns and establish relationships. Following are the data mining parameters: Association: Looking for patterns where one event is connected to another event. Sequence or path analysis: Looking for patterns where one event leads to another later event. Classification: Looking for new patterns (may result in a change in the way the data is organized but is acceptable). Clustering: Finding and visually documenting groups of facts not previously known. Forecasting: Discovering patterns in data that can lead to reasonable predictions about the future (This area of data mining is known as predictive analytics).

- (Topic 2)
Which of the following tools uses Internet Control Message Protocol (ICMP)?

Correct Answer:D

A ping scanner is a tool that sends ICMP ECHO requests across a network and rapidly makes a list of responding nodes. Internet Control Message Protocol (ICMP) is an integral part of IP. It is used to report an error in datagram processing. The Internet Protocol (IP) is used for host-to-host datagram service in a network. The network is configured with connecting devices called gateways. When an error occurs in datagram processing, gateways or destination hosts report the error to the source hosts through the
ICMP protocol. The ICMP messages are sent in various situations, such as when a datagram cannot reach its destination, when the gateway cannot direct the host to send traffic on a shorter route, when the gateway does not have the buffering capacity, etc. Answer A, B, C are incorrect. These tools do not use ICMP to perform their functions.

- (Topic 4)
Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active Directory domain-based network. The domain contains one hundred Windows XP Professional client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will use Wired Equivalent Privacy (WEP) for all the connections. According to the company's security policy, the client computers must be able to automatically connect to the wireless LAN. However, the unauthorized computers must not be allowed to connect to the wireless LAN and view the wireless network. Mark wants to configure all the wireless access points and client computers to act in accordance with the company's security policy. What will he do to accomplish this? (Choose three)

Correct Answer:ABD

To configure all the wireless access points and client computers to act in accordance with the company's security policy, Mark will take the following actions: Configure the authentication type for the wireless LAN to Shared Key. Shared Key authentication provides access control. Disable SSID Broadcast and enable MAC address filtering on all the wireless access points. Disabling SSID Broadcast and enabling MAC address filtering will prevent unauthorized wireless client computers from connecting to the access point (AP). Only the computers with particular MAC addresses will be able to connect to the wireless access points. On each client computer, add the SSID for the wireless LAN as the preferred network. Answer E is incorrect. Setting the authentication type for the wireless LAN to Open System will disable Wired Equivalent Privacy (WEP). This level of WEP will not provide security.

- (Topic 3)
The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. Which of the following statements are true about SARA? (Choose two)

Correct Answer:AD

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool. It has the following functions: It operates under Unix, Linux, MAC OS/X, or Windows (through coLinux) OS. It integrates the National Vulnerability Database (NVD). It can be used to perform SQL injection tests. It can be used to perform exhaustive XSS tests. It can be adapted to multiple firewalled environments. It supports remote self scan and API facilities. It is used for CIS benchmark initiatives. It also supports plug-in facility for third party apps. It supports CVE standards. It works as an enterprise search module. It works in both standalone or demo mode. Answer C is incorrect. SARA can be used to perform SQL injection tests. Answer B is incorrect. SARA can be used to perform exhaustive XSS tests.

- (Topic 3)
Mark works as the Network Administrator for XYZ CORP. The company has a Unix-based network. Mark wants to scan one of the Unix systems to detect security vulnerabilities. To accomplish this, he uses TARA as a system scanner. What can be the reasons that made Mark use TARA?

Correct Answer:BCD

Tiger Analytical Research Assistant (TARA) is a set of scripts that scans a Unix system for security problems. Following are the pros and cons of using TARA. Pros:
It is open source. It is very modular. It can work on a wide variety of platforms. It is composed mostly of bash scripts; hence, it can run on any Unix platform with little difficulty. Cons: It has a very specific function of seeking paths to root. Answer A is incorrect. It is a limitation of TARA that reduces its flexibility to be used for different purposes.

- (Topic 3)
John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He
executes the following command in the terminal: echo $USER, $UID Which of the following will be displayed as the correct output of the above command?

Correct Answer:B

According to the scenario, John is a root user. Hence, the value of the environmental variables $USER and $UID will be root and 0, respectively.