McAfee Certified Assessment Specialist Network

Similar documents
McAfee Certified Product Specialist McAfee epolicy Orchestrator

Professional Penetration Testing Techniques and Vulnerability Assessment ...

CYBERTRON NETWORK SOLUTIONS

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

Intel Security Certified Product Specialist McAfee Network Security Platform (NSP)

CEH Version8 Course Outline

Learn Ethical Hacking, Become a Pentester

SONDRA SCHNEIDER JOHN NUNES

Intel Security Certified Product Specialist Data Loss Prevention Endpoint (DLPe)

Vulnerability Assessment and Penetration Testing


EC Council Certified Ethical Hacker V8

Penetration Testing with Kali Linux

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Build Your Own Security Lab

Ethical Hacking as a Professional Penetration Testing Technique

Certified Ethical Hacker Exam Version Comparison. Version Comparison

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

CIS 4204 Ethical Hacking Fall, 2014

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Ethical Hacking Course Layout

Web App Security Audit Services

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Audience. Pre-Requisites

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Healthcare Information Security Governance and Public Safety II

CRYPTUS DIPLOMA IN IT SECURITY

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Course Title: Course Description: Course Key Objective: Fee & Duration:

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Course Content: Session 1. Ethics & Hacking

PKF Avant Edge. Penetration Testing. Stevie Heong CISSP, CISA, CISM, CGEIT, CCNP

Web application security: automated scanning versus manual penetration testing.

Hackers are here. Where are you?

Bypassing CAPTCHAs by Impersonating CAPTCHA Providers

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Network Attacks and Defenses

(WAPT) Web Application Penetration Testing

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

FSP-201: Ethical Hacking & IT Security

Malicious Network Traffic Analysis

Preliminary Course Syllabus

Pwning Intranets with HTML5

[CEH]: Ethical Hacking and Countermeasures

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Using Nessus In Web Application Vulnerability Assessments

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Security Certifications. Presentatie SecCert 101 Jordy Kersten MSc., ISC2 Ass., CEH, OSCP

Total Protection for Compliance: Unified IT Policy Auditing

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

MANAGED SECURITY TESTING

Network Security Exercise #8

RMAR Technologies Pvt. Ltd.

The McAfee SECURE TM Standard

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

INFORMATION SECURITY TRAINING

Securing Cisco Network Devices (SND)

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

CS5008: Internet Computing

Intel Security Certified Product Specialist

Information Security. Training

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Threat Intelligence Pty Ltd Specialist Security Training Catalogue

Attack Vector Detail Report Atlassian

locuz.com Professional Services Security Audit Services

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Reference Architecture: Enterprise Security For The Cloud

Don t scan, just ask A new approach of identifying vulnerable web applications. 28th Chaos Communication Congress, 12/28/11 - Berlin

Assessing Network Security

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Cyber Essentials. Test Specification

Certified Ethical Hacker (CEH)

Web Application Security

ETHICAL HACKING. By REAL TIME FACULTY

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Certified Cyber Security Expert V Web Application Development

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

1. LAB SNIFFING LAB ID: 10

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Transcription:

McAfee Certified Assessment Specialist Network Exam preparation guide

Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample Test Questions 5 Answer Key 7

Introduction This guide has been developed as a resource for your preparation to challenge the McAfee Certified Assessment Specialist Network Exam (MA0-150). The following information is provided in this guide: Learn more about the McAfee Security Certification Program Identify how to register for the exam Locate resources to help you prepare for the exam Review the objectives that the exam may cover Review examples of questions that may appear on the exam Becoming McAfee Certified To be successful in today s competitive IT landscape, you must be able to demonstrate your technology expertise and skills using the latest tools and methodologies. The McAfee Security Certification Program provides product and assessment certifications, validating your knowledge and ability in a variety of security-related categories. McAfee Assessment Certification is designed for security practitioners (penetration testers, auditors, consultants, administrators) with one to three years of experience. This certification level allows candidates to demonstrate knowledge in the following high-level assessment areas: Profiling and inventorying Vulnerability identification Vulnerability exploitation Expanding influence To become McAfee Certified, you must pass one or more McAfee Security Certification Program exams. McAfee has partnered with Prometric, a leading global provider of comprehensive testing and assessment services, to administer our certification program. Prometric makes the certification process easy from start to finish. With more than 5,000 global locations, you can conveniently test your knowledge and become McAfee Certified. Earning a McAfee Certified Assessment Specialist Certification will not guarantee you a job, but it can help you stand out from other job candidates by helping to validate that you have the skills required to perform the job function covered by those certifications. Certification also helps show potential employers your commitment to continued learning and career growth. Some of the benefits of becoming McAfee Certified include: Access to the McAfee Certification Candidate Portal A PDF copy of your certificate emailed to you or your employers Provide access to your employers to verify your certifications Exam Details The McAfee Certified Assessment Specialist Network Exam is a computer-based exam offered through Prometric Testing Centers. To locate the most convenient Prometric Testing Center, please visit http://www.prometric.com/mcafee. McAfee Certified Assessment Specialist Network Exam details: Exam number: MA0-150 Number of test questions: 100 technical McAfee uses a rounded cut score to determine the passing mark for each exam Test duration: two hours Certification granted: McAfee Certified Assessment Specialist Network The exam timer does not begin until the first technical question (post demographic) You will not be allowed to access any resources or references during the exam period 3

Recommended Exam Preparation The McAfee Security Certification Program recommends the following exam preparation strategies: Security practitioners with one to three years experience in penetration testing, auditing, or consulting Attend an authorized training course (Ultimate Hacking): https://mcafee.edu.netexam.com/ Review the objectives and sample questions provided in this guide Exam Objectives You can prepare yourself for the exam by reviewing all of the sections outlined. Please note that although all of these sections are represented in each exam form, all questions are presented randomly for every challenge attempt. Section one: Casing the establishment Footprinting Identify and understand whois lookups Identify and understand Google hacking Identify and understand DNS interrogation Identify how to properly perform network reconnaissance Scanning Identify and understand how to launch Syn scan and TCP connect scan Using basic display filters Identify how idle scans work Identify passive scan fingerprinting Identify and understand how to perform ping sweeps Enumeration Identify and understand how to conduct banner grabbing Identify ports and how they relate to specific services Identify and understand how to perform tools-based vulnerability assessment Identify and understand SMB enumeration Section two: System hacking Hacking Microsoft Windows Identify and understand how to use Microsoft Windows administration tools Identify and understand how to utilize metasploit Identify and understand user accounts and permissions Identify and understand how to use lanman Identify what is meant by brute forcing accounts Identify exploit development Hacking UNIX Identify and understand UNIX file structure Identify and understand user accounts and permissions Identify and understand UNIX administration commands Identify what is meant by brute forcing accounts 4

Section three: Infrastructure hacking Network devices Identify SNMP querying Identify and understand basic administration ports Identify and understand routing and switching Identify and understand routing protocols Address resolution protocol (ARP) poisoning Wireless hacking Identify and understand basic security mechanisms Identify and understand how to crack wired equivalent privacy (WEP) Identify and understand how a WiFi protected access (WPA) enterprise is attacked Section four: Application and data hacking Hacking code Identify and understand the concept of buffer overflow Identify the concepts of reverse engineering Web hacking Identify and understand SQL injection Identify and understand cross-site scripting Identify and understand the concept of cipher suites Understand the use of vulnerability scanners Identify and understand authentication mechanisms Identify and understand HTTP session management Hacking the Internet user Identify and understand the concept of social engineering Identify and understand phishing Identify the method of URL shortening Sample Test Questions The following questions are provided for review. These questions are similar in style and content to the questions referenced in the McAfee Certified Assessment Specialist Network Exam. The answers are provided after the questions. 1. An attack in which a snippet of code is left on a website and persists in its database with the intention of being executed by a victim s browser is called: d. Cross-domain policy revocation 5

2. An attack in which a snippet of code is played back to the victim with the assistance of a catalyst, such as an RSS feed is called: d. Cross-domain policy revocation 3. The following is an example of what type of attack? joe OR asdfzxcv = asdfzxcv -- d. SQL injection 4. The following is an example of what type of attack? <img src= http://hacmebank.com/transfer?account=bob&amount=1000000&for=mallory > d. SQL injection 5. Which of the following type of SQL injection is an attack that is carried out against a web application that does not display an error message? a. Secret b. Quiet c. Covert d. Blind 6. Checking the referrer header is not considered a good countermeasure against cross-site scripting (XSS) because the header is: a. Optional b. Required c. Not defined d. Tightly coupled 6

Answer Key 1. B 2. C 3. D 4. A 5. D 6. A McAfee, Inc. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2011 McAfee, Inc. 21400gde_cert-assessment-exam_0311_fnl_ASD

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information