In terms of digital information storage which of the following is a multiple of a bit?

In terms of digital information storage which of the following is a multiple of a bit?

• overbite
• zebibit
• cubit
• weebit

EXPLANATION

Zetta- and Zebi-

• Zettabit. A unit of information or storage abbreviated Zbit or Zb. One zettabit most typically equals 10²¹ or 1,000,000,000,000,000,000,000 bits (one sextillion or one trilliard in long scale measure*). Note: Zettabit is not yet used; thought it’s only a matter of time before it is.
• Zebibit. A unit of information or storage abbreviated Zibit or Zib. This is the absolute binary measure equaling 1,180,591,620,717,411,303,424 (2⁷⁰) bits. Use it when precision is needed. Note: Zebibit is not yet used; thought it’s only a matter of time before it is.
• Zettabyte. A unit of information or storage abbreviated ZB. Again, there are/will be confusing interpretations for this term for different contexts (also see the more general discussion above).
• 1,000,000,000,000,000,000,000 bytes (10²¹) when used in a networking context, clocks, or performance measures.
• 1,180,591,620,717,411,303,424 (2⁷⁰) bytes. This definition is used for memory, file and formatted disk size, and other contexts where binary notation fits better.
• Zebibyte. A unit of information or storage abbreviated ZiB. This is the specific measure of the binary representation of 1,180,591,620,717,411,303,424 (2⁷⁰) bytes. When precision is demanded, this is the term to use.

SOURCE

https://www.cknow.com/cms/ref/bits-bytes-and-multiple-bytes.html

Read More

XML is a widely used data format used in everything from web services to documents to images. Where XML is used, there must be an XML parser. Which type of attack takes advantage of a widely available feature of XML parsers?

XML is a widely used data format used in everything from web services to documents to images. Where XML is used, there must be an XML parser. Which type of attack takes advantage of a widely available feature of XML parsers?

• XML Entropy Scoping (XXS)
• XML Extra Sanitizing (XXS)
• XML Extensive Threads (XXT)
• XML External Entities (XXE) 

EXPLANATION

An XML External Entity (XXE) attack (sometimes called an XXE injection attack) is based on Server Side Request Forgery (SSRF). This type of attack abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service (DoS) as well as access local and remote content and services.

SOURCE

https://www.acunetix.com/blog/articles/xml-external-entity-xxe-vulnerabilities/

Read More

Which of these would be a good way to mitigate against some of the most common security misconfigurations?

Which of these would be a good way to mitigate against some of the most common security misconfigurations?

• Have a patch management process that includes a task to check current vulnerability databases.
• Have a patch management process that includes a task to back up critical drives.
• Have a patch management process that includes a task to review and update configurations.
• Have a patch management process that includes a task to reboot servers monthly. 

EXPLANATION

 

Patch Priority	System patch distribution shall begin by:	System patch installation/application shall be completed by:
Critical	Distribution shall begin within 72 hours of patch availability.	100% of systems - 30 days
High	Distribution shall begin within 5 business days of patch availability.	100% of systems - 30 days
Medium	Distribution shall begin within 30 calendar days of patch availability.	100% of systems - 90 days
Low	Distribution shall begin within 90 calendar days of patch availability.	100% of systems - 150 days

 

 

Read More

Which one of the following is not a legitimate form of Cross-Site Scripting?

Which one of the following is not a legitimate form of Cross-Site Scripting?

• Bypass XXS
• DOM XXS
• Stored XXS
• Reflected XXS 

EXPLANATION

There are several types of Cross-site Scripting attacks: stored/persistent XSS, reflected/non-persistent XSS, and DOM-based XSS. You can read more about them in an article titled Types of XSS.

SOURCE

https://www.acunetix.com/websitesecurity/cross-site-scripting/

Read More

Which routing protocol is designed to use areas to scale large hierarchical networks?

Which routing protocol is designed to use areas to scale large hierarchical networks?

• BGP
• OSPF
• EIGRP
• RIP

EXPLANATION

Border Gateway Protocol is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet. The protocol is classified as a path vector protocol

Open Shortest Path First is a routing protocol for Internet Protocol networks. It uses a link state routing algorithm and falls into the group of interior gateway protocols, operating within a single autonomous system. It is defined as OSPF Version 2 in RFC 2328 for IPv4. The updates for IPv6 are specified as OSPF Version 3 in RFC 5340. OSPF supports the Classless Inter-Domain Routing addressing model.

 Enhanced Interior Gateway Routing Protocol is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers. Partial functionality of EIGRP was converted to an open standard in 2013 and was published with informational status as in 2016.

 The Routing Information Protocol is one of the oldest distance-vector routing protocols which employ the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. The largest number of hops allowed for RIP is 15, which limits the size of networks that RIP can support.

Read More

In a virtual environment that includes a SAN and VMware ESXI 5.0 or later, which of these steps would you perform last (before re-scanning storage adapters) when removing a storage LUN?

In a virtual environment that includes a SAN and VMware ESXI 5.0 or later, which of these steps would you perform last (before re-scanning storage adapters) when removing a storage LUN?

• Verify that the LUN is no longer used for storing VMs, templates, HA heartbeats, etc.
• Detach LUN in VMware client
• Disconnect LUN in SAN interface
• Unmount datastore  [Partially Correct Please share your answers on commnet box]

EXPLANATION

Removing a LUN in ESXi/ESX 4.x is complex. Improvements are made in ESXi 5.0 and later to streamline the procedure to make it easier for Administrators to remove LUNs.
 

Unmounting a LUN checklist

Before unmounting a LUN, ensure that:

• If the LUN is being used as a VMFS datastore, all objects, (such as virtual machines, snapshots, and templates) stored on the VMFS datastore are unregistered or moved to another datastore.
  
  Note: All CD/DVD images located on the VMFS datastore must also be unregistered from the virtual machines.
   
• The datastore is not used for vSphere HA heartbeat.
• The datastore is not part of a datastore cluster.

  SOURCE

 https://kb.vmware.com/s/article/2004605

Read More

What is not a standard windows UART baud rate?

What is not a standard windows UART baud rate?

• 150 Baud
• 300 Baud
• 55 Baud
• 110 baud 

EXPLANATION

It started a long long time ago with teletypes — I think 75 baud. Then it's been mostly doubling ever since, with a few fractional (x1.5) multiples, for example 28,800, where there were constraints on phone-line modem tech that didn't quite allow it to double. Standard crystal values came from these early baudrates, and their availability dictates future rates. E.g.,
 7.3728MHz167.3728MHz64=460,800baud=115,200baud.

Most UARTS use a clock of 2n×16
of the baudrate, more modern parts (e.g. NXP LPC) have fractional dividers to get a wider range by using non-binary multiples.
Other common standards are 31,250 (MIDI) and 250K (DMX), both likely chosen as nice multiples of 'round' clocks like 1MHz etc.

Read More