Dear all -
I tried out the practice exams and I don't agree with the following answers for the following questions.
Question:
18. You almost have your Linux machine up and running, but you need to install one last program before finishing. You run 'tar -xzvf', which creates a directory called 'New Program'. In this directory, you perform the list command and among the files, you notice that the directory contains a file called 'configure'. Which of the following commands would you use to correctly compile the program? (Choose all that apply.)
a. make
b. ./configure
c. make install
d. compile
Answer(s): a. make
b. ./configure
c. make install
My argument:
The answer is incorrect because "make install" doesn't compile the code but rather just installs the binaries and shared files to their correct location.
Question:
12. You are the administrator for a network. An employee comes to you and says that they were checking their email and something strange happened. They were navigating their Inbox when they came to an email that opened in the preview pane. When this happened, they saw a brief popup and their hard drive light began flashing. Based on this information, which type of attack has most likely taken place?
a. XSS
b. Buffer Overflow
c. Hidden field manipulation
d. Preview Pane exploit
Answer(s): a. XSS
My argument:
The question gives me the impression that the employee is making use of an email client because of the preview pane. I understand that OWA has a preview pane as well and that's all web based. However, is usually the case that XSS affects web services rather than mail. Anyway .. other than that there's the brief popup which rarely happens when an XSS occurs, and then there's the flashing hard drive. XSS doesn't usually lead to client compromise - i.e. no arbitrary code is executed on the client side (except for javascript which is run with limited privilages) - therefore no flashing hard drives.
I chose buffer overflow because it sounded much more plausible.
What do you guys think?
