Thursday, August 14, 2008
ASEC Test
By Yong Xiang:
Section A MCQ
Section B 4 structured question.
Read questions . Start them in a new page.
Write legibly.
d
Introduction – Various scanning tools
Passwords and Access control – Default or weak passwords, permissions.
Problem with default / weak passwords, permission controls
Scripts and DLL – Malicious scripts and DLL loading paths.
Buffer overflow – Heap overflow, stack overflow. Effects of the exploit
Proprietary Format and protocols. - Security through obscurity is not good.
Format string exploits – how is it conducted? Effects of the exploit (what can you do with it – countermeasures).
Integer overflow – when does it happen, preventive measures.
SQL injection – conducting the exploit, using meta data, protecting the database credentials.
Web vulnerabilities – error messages, forceful browsing, cross site scripting, data tampering, (http sessions, form data, cookies). May need to know answer what is the attack, based on a scenario.
Information disclosure – passwords stored in text file memory
Know vulnerabilities and countermeasure, be prepared to identify the attack based on a scenario. Distribution of marks for section b
20,25,20,15
Section B – Format String, DLL, Integer overflow, SQL injection, web vulnerabilities, information disclosure.
MCQ may have buffer overflow. MCQ study everything.
Section A MCQ
Section B 4 structured question.
Read questions . Start them in a new page.
Write legibly.
d
Introduction – Various scanning tools
Passwords and Access control – Default or weak passwords, permissions.
Problem with default / weak passwords, permission controls
Scripts and DLL – Malicious scripts and DLL loading paths.
Buffer overflow – Heap overflow, stack overflow. Effects of the exploit
Proprietary Format and protocols. - Security through obscurity is not good.
Format string exploits – how is it conducted? Effects of the exploit (what can you do with it – countermeasures).
Integer overflow – when does it happen, preventive measures.
SQL injection – conducting the exploit, using meta data, protecting the database credentials.
Web vulnerabilities – error messages, forceful browsing, cross site scripting, data tampering, (http sessions, form data, cookies). May need to know answer what is the attack, based on a scenario.
Information disclosure – passwords stored in text file memory
Know vulnerabilities and countermeasure, be prepared to identify the attack based on a scenario. Distribution of marks for section b
20,25,20,15
Section B – Format String, DLL, Integer overflow, SQL injection, web vulnerabilities, information disclosure.
MCQ may have buffer overflow. MCQ study everything.
posted by DISM 1B02 at
2:44 PM
21 Comments
ISPA Test
supplied by Koon Ming:
Topics 1 - 9
10 MCQ and 5 Questions
NO ACL COmmands
But need to know what is acl, maybe is from mcq
MST tested questions may not come out.
Topic 1 MCQ, structured not, skippable, no cobit, maybe no security policies
------Topic 4-----
- Page 77 Dont think lai is interested
- Page 71-75 Different kinds of email risks
- Page 65
- Page 57 Distributed model <-- Not very important
- Page 57 Disaster recovery
- Page 54 Computer center operations <-- Ops security, maybe something from there. Need to know physical security
- Segregation of dutues <-- quite important
-------Topic 5 Data Management--------
- There will be questions in structured and MCQ
- Page 93-95, Flat file approach
- Page 97-106 maybe won't be tested
- 3 DBMS structures may not be asked in structured
- Page 114, data in a distributed environment
- Page 116, What are the two distributed database
- Page 118, Concurrency control
- Page 120, Access control
- Page 125, Backup controls
-------Topic 6 SDLC ------
- Turn key,
- Page 141, SDLC… Auditor's role in SDLC phase
- Page 156, Good for MCQ
- Page 172, Controlling and auditinv SDLC, must know, mayube strucutred
-------Topic 7 -----------
- May have MCQ and structured
- Study auditors point of view
- Topologies are not important
- Page 227, Controls of E-commerce (worth reading because of audit point of view)
------Topic 8--------
- Input is important!
- Processign and output control not very important, maybe mcq
-----Topic 9--------
Test data and para simulation.. May be tested in MCQ only
Topics 1 - 9
10 MCQ and 5 Questions
NO ACL COmmands
But need to know what is acl, maybe is from mcq
MST tested questions may not come out.
Topic 1 MCQ, structured not, skippable, no cobit, maybe no security policies
------Topic 4-----
- Page 77 Dont think lai is interested
- Page 71-75 Different kinds of email risks
- Page 65
- Page 57 Distributed model <-- Not very important
- Page 57 Disaster recovery
- Page 54 Computer center operations <-- Ops security, maybe something from there. Need to know physical security
- Segregation of dutues <-- quite important
-------Topic 5 Data Management--------
- There will be questions in structured and MCQ
- Page 93-95, Flat file approach
- Page 97-106 maybe won't be tested
- 3 DBMS structures may not be asked in structured
- Page 114, data in a distributed environment
- Page 116, What are the two distributed database
- Page 118, Concurrency control
- Page 120, Access control
- Page 125, Backup controls
-------Topic 6 SDLC ------
- Turn key,
- Page 141, SDLC… Auditor's role in SDLC phase
- Page 156, Good for MCQ
- Page 172, Controlling and auditinv SDLC, must know, mayube strucutred
-------Topic 7 -----------
- May have MCQ and structured
- Study auditors point of view
- Topologies are not important
- Page 227, Controls of E-commerce (worth reading because of audit point of view)
------Topic 8--------
- Input is important!
- Processign and output control not very important, maybe mcq
-----Topic 9--------
Test data and para simulation.. May be tested in MCQ only
posted by DISM 1B02 at
2:43 PM
0 Comments
PM test
10 mcq
1 network diagram
1 cost calculation
2 unknown... check past year papers...
1 network diagram
1 cost calculation
2 unknown... check past year papers...
posted by DISM 1B02 at
2:42 PM
0 Comments