Thursday, August 14, 2008
ASEC Test
By Yong Xiang:
Section A MCQ
Section B 4 structured question.
Read questions . Start them in a new page.
Write legibly.
d
Introduction – Various scanning tools
Passwords and Access control – Default or weak passwords, permissions.
Problem with default / weak passwords, permission controls
Scripts and DLL – Malicious scripts and DLL loading paths.
Buffer overflow – Heap overflow, stack overflow. Effects of the exploit
Proprietary Format and protocols. - Security through obscurity is not good.
Format string exploits – how is it conducted? Effects of the exploit (what can you do with it – countermeasures).
Integer overflow – when does it happen, preventive measures.
SQL injection – conducting the exploit, using meta data, protecting the database credentials.
Web vulnerabilities – error messages, forceful browsing, cross site scripting, data tampering, (http sessions, form data, cookies). May need to know answer what is the attack, based on a scenario.
Information disclosure – passwords stored in text file memory
Know vulnerabilities and countermeasure, be prepared to identify the attack based on a scenario. Distribution of marks for section b
20,25,20,15
Section B – Format String, DLL, Integer overflow, SQL injection, web vulnerabilities, information disclosure.
MCQ may have buffer overflow. MCQ study everything.
Section A MCQ
Section B 4 structured question.
Read questions . Start them in a new page.
Write legibly.
d
Introduction – Various scanning tools
Passwords and Access control – Default or weak passwords, permissions.
Problem with default / weak passwords, permission controls
Scripts and DLL – Malicious scripts and DLL loading paths.
Buffer overflow – Heap overflow, stack overflow. Effects of the exploit
Proprietary Format and protocols. - Security through obscurity is not good.
Format string exploits – how is it conducted? Effects of the exploit (what can you do with it – countermeasures).
Integer overflow – when does it happen, preventive measures.
SQL injection – conducting the exploit, using meta data, protecting the database credentials.
Web vulnerabilities – error messages, forceful browsing, cross site scripting, data tampering, (http sessions, form data, cookies). May need to know answer what is the attack, based on a scenario.
Information disclosure – passwords stored in text file memory
Know vulnerabilities and countermeasure, be prepared to identify the attack based on a scenario. Distribution of marks for section b
20,25,20,15
Section B – Format String, DLL, Integer overflow, SQL injection, web vulnerabilities, information disclosure.
MCQ may have buffer overflow. MCQ study everything.
posted by DISM 1B02 at
2:44 PM
21 Comments
ISPA Test
supplied by Koon Ming:
Topics 1 - 9
10 MCQ and 5 Questions
NO ACL COmmands
But need to know what is acl, maybe is from mcq
MST tested questions may not come out.
Topic 1 MCQ, structured not, skippable, no cobit, maybe no security policies
------Topic 4-----
- Page 77 Dont think lai is interested
- Page 71-75 Different kinds of email risks
- Page 65
- Page 57 Distributed model <-- Not very important
- Page 57 Disaster recovery
- Page 54 Computer center operations <-- Ops security, maybe something from there. Need to know physical security
- Segregation of dutues <-- quite important
-------Topic 5 Data Management--------
- There will be questions in structured and MCQ
- Page 93-95, Flat file approach
- Page 97-106 maybe won't be tested
- 3 DBMS structures may not be asked in structured
- Page 114, data in a distributed environment
- Page 116, What are the two distributed database
- Page 118, Concurrency control
- Page 120, Access control
- Page 125, Backup controls
-------Topic 6 SDLC ------
- Turn key,
- Page 141, SDLC… Auditor's role in SDLC phase
- Page 156, Good for MCQ
- Page 172, Controlling and auditinv SDLC, must know, mayube strucutred
-------Topic 7 -----------
- May have MCQ and structured
- Study auditors point of view
- Topologies are not important
- Page 227, Controls of E-commerce (worth reading because of audit point of view)
------Topic 8--------
- Input is important!
- Processign and output control not very important, maybe mcq
-----Topic 9--------
Test data and para simulation.. May be tested in MCQ only
Topics 1 - 9
10 MCQ and 5 Questions
NO ACL COmmands
But need to know what is acl, maybe is from mcq
MST tested questions may not come out.
Topic 1 MCQ, structured not, skippable, no cobit, maybe no security policies
------Topic 4-----
- Page 77 Dont think lai is interested
- Page 71-75 Different kinds of email risks
- Page 65
- Page 57 Distributed model <-- Not very important
- Page 57 Disaster recovery
- Page 54 Computer center operations <-- Ops security, maybe something from there. Need to know physical security
- Segregation of dutues <-- quite important
-------Topic 5 Data Management--------
- There will be questions in structured and MCQ
- Page 93-95, Flat file approach
- Page 97-106 maybe won't be tested
- 3 DBMS structures may not be asked in structured
- Page 114, data in a distributed environment
- Page 116, What are the two distributed database
- Page 118, Concurrency control
- Page 120, Access control
- Page 125, Backup controls
-------Topic 6 SDLC ------
- Turn key,
- Page 141, SDLC… Auditor's role in SDLC phase
- Page 156, Good for MCQ
- Page 172, Controlling and auditinv SDLC, must know, mayube strucutred
-------Topic 7 -----------
- May have MCQ and structured
- Study auditors point of view
- Topologies are not important
- Page 227, Controls of E-commerce (worth reading because of audit point of view)
------Topic 8--------
- Input is important!
- Processign and output control not very important, maybe mcq
-----Topic 9--------
Test data and para simulation.. May be tested in MCQ only
posted by DISM 1B02 at
2:43 PM
0 Comments
PM test
10 mcq
1 network diagram
1 cost calculation
2 unknown... check past year papers...
1 network diagram
1 cost calculation
2 unknown... check past year papers...
posted by DISM 1B02 at
2:42 PM
0 Comments
Tuesday, March 18, 2008
Lin Feng's Birthday! (18 March - Tuesday)
Can leave comments or tag at the cBox.
posted by eFundamental at
10:27 AM
0 Comments
Web 2.0 @ NUS
Dear Chan Timothy,
We would like to invite you and your students to join us at the inaugural Open Source Day jointly organized by Sun Microsystems and NUS School of Computing. This event will be extremely beneficial for your students as they will get the latest updates on Open technologies and business models that are driving the Web 2.0 era from Sun experts and leading industry speakers.
The event will be held on the NUS campus on 28 March. To help facilitate transport arrangements, we would like to offer to your school a complimentary bus transfer from your campus to the event venue for a total of 40 students and above registered with us.
Please feel free to contact uniday-ext@sun.com for bulk registrations for your school and for transport arrangements.
Students can also register individually at http://sg.sun.com/events/opensource
For more information on the event, please refer to the e-invite below.
Thank you for your time and I look forward to seeing you at the very first Open Source Day!
Warmest regards,
Liang Seng Quee
Director, Strategic Initiative
Sun Microsystems
That's part of an email extracted from our .ichat account. There's another event of Web 2.0 coming up (again). So people who are interested in Web 2.0, it will be beneficial for you guys to attend this event I suppose. Of course, I'm not going.
We would like to invite you and your students to join us at the inaugural Open Source Day jointly organized by Sun Microsystems and NUS School of Computing. This event will be extremely beneficial for your students as they will get the latest updates on Open technologies and business models that are driving the Web 2.0 era from Sun experts and leading industry speakers.
The event will be held on the NUS campus on 28 March. To help facilitate transport arrangements, we would like to offer to your school a complimentary bus transfer from your campus to the event venue for a total of 40 students and above registered with us.
Please feel free to contact uniday-ext@sun.com for bulk registrations for your school and for transport arrangements.
Students can also register individually at http://sg.sun.com/events/opensource
For more information on the event, please refer to the e-invite below.
Thank you for your time and I look forward to seeing you at the very first Open Source Day!
Warmest regards,
Liang Seng Quee
Director, Strategic Initiative
Sun Microsystems
That's part of an email extracted from our .ichat account. There's another event of Web 2.0 coming up (again). So people who are interested in Web 2.0, it will be beneficial for you guys to attend this event I suppose. Of course, I'm not going.
posted by eFundamental at
10:23 AM
0 Comments
Friday, March 14, 2008
Application for use of Post Secondary Education Account (PSEA)
PSEA is administered by Ministry of Education and is opened for all eligible Singaporeans.
With effect from AY2008/2009, Edusave funds will be transferred to Post Secondary Education Account (PSEA). As such, all Edusave applications previously applied through the Polytechnic will no longer be valid.
Students who wish to use Post Secondary Education Account (PSEA) funds will have to submit the form : Standing Order For Use Of Post Secondary Education Account.
¿ The Standing Order is applicable only if the student has a Post Secondary Education Account (PSEA)
¿ Student can use their own or their sibling¿s PSEA to pay for tuition fee and other fees.
¿ The parent has to authorise the application if the student and/or sibling is below 21 years old.
HOW TO APPLY ?
The PSEA Standing Order Application Form and details on PSEA are available at MOE¿s website : http://www.moe.gov.sg/finance/PSEA/
APPLICATION PERIOD
Students must complete the PSEA Standing Order form and submit it to Finance Department, Singapore Polytechnic, by 10th April 2008.
Quoted from an email which is sent to our .ichat inbox. I bet most of us do not check that email so better post it in our class blog. So in summary, there's no more edusave for us already. So people who wanna continue using such fund, please remember to apply for this stupid PSEA scheme before the closing date. For information go to the link stated above.
With effect from AY2008/2009, Edusave funds will be transferred to Post Secondary Education Account (PSEA). As such, all Edusave applications previously applied through the Polytechnic will no longer be valid.
Students who wish to use Post Secondary Education Account (PSEA) funds will have to submit the form : Standing Order For Use Of Post Secondary Education Account.
¿ The Standing Order is applicable only if the student has a Post Secondary Education Account (PSEA)
¿ Student can use their own or their sibling¿s PSEA to pay for tuition fee and other fees.
¿ The parent has to authorise the application if the student and/or sibling is below 21 years old.
HOW TO APPLY ?
The PSEA Standing Order Application Form and details on PSEA are available at MOE¿s website : http://www.moe.gov.sg/finance/PSEA/
APPLICATION PERIOD
Students must complete the PSEA Standing Order form and submit it to Finance Department, Singapore Polytechnic, by 10th April 2008.
Quoted from an email which is sent to our .ichat inbox. I bet most of us do not check that email so better post it in our class blog. So in summary, there's no more edusave for us already. So people who wanna continue using such fund, please remember to apply for this stupid PSEA scheme before the closing date. For information go to the link stated above.
posted by eFundamental at
10:38 AM
1 Comments