Upload
ling-ling-lemon
View
248
Download
8
Tags:
Embed Size (px)
DESCRIPTION
Â
Citation preview
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK04 ► TIS01_Checkup
Question 1Correct
Mark 1.00 out of1.00
Flagquestion
Question 2Correct
Mark 1.00 out of1.00
Flagquestion
Question 3Partially correct
Mark 0.67 out of1.00
Flagquestion
Question 4Correct
Mark 1.00 out of1.00
Flagquestion
Question 5
Started on Sunday, 16 February 2014, 5:44 PMState Finished
Completed on Sunday, 16 February 2014, 5:59 PMTime taken 14 mins 29 secs
Marks 9.67/10.00Grade 96.67 out of a maximum of 100.00
Information security means protecting information and information systems from authorizedaccess, use, disclosure, disruption, modification, or destruction.
Select one:True
False
The correct answer is 'False'.
Which of the following are three attributes of information security?
Select one or more:a. Integrity
b. Authorization
c. Availability
d. Confidentiality
The correct answer is: Confidentiality, Integrity, Availability
Match the following:
Integrity Protecting information from being changed by unauthorized parties.
Confidentiality Protecting information from being changed by unauthorized parties.
Availability Enabling authorized parties to access information when requested.
The correct answer is: Integrity – Protecting information from being changed by unauthorizedparties., Confidentiality – Protecting information from being disclosed to unauthorized parties.,Availability – Enabling authorized parties to access information when requested.
Which types of threats will most affect Confidentiality?
Select one or more:a. Malicious code infection
b. Theft
c. DoS
d. Power supply failure
The correct answer is: Malicious code infection, Theft
Suppose clients cannot access their bank transaction records online. Which information
Quiz navigation
Finish review
1 2 3 4 5 6
7 8 9 10
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Correct
Mark 1.00 out of1.00
Flagquestion
Question 6Correct
Mark 1.00 out of1.00
Flagquestion
Question 7Correct
Mark 1.00 out of1.00
Flagquestion
Question 8Correct
Mark 1.00 out of1.00
Flagquestion
Question 9Correct
Mark 1.00 out of1.00
security attribute of the online banking system is in trouble?
Select one:a. Integrity
b. Information leakage
c. Confidentiality
d. Availability
The correct answer is: Availability
Match the concepts relating to the people using information:
Non-repudiation
The provision of proof of the origin such that the sender cannot deny sending the message
Authorization Determines whether a particular person has the right to perform a certain activity
Authentication Proving that a user is the person he or she claims to be
Accountability Tracking of network resources accessed by users for the purpose of assigning responsibility
The correct answer is: Non-repudiation – The provision of proof of the origin such that the sendercannot deny sending the message, Authorization – Determines whether a particular person hasthe right to perform a certain activity, Authentication – Proving that a user is the person he orshe claims to be, Accountability – Tracking of network resources accessed by users for thepurpose of assigning responsibility
The bottom-up approach to information security implementation is often initiated by uppermanagement.
Select one:True
False
The correct answer is 'False'.
Arrange the SDLC stages in correct order:
Stage 1 Planning and Requirement Analysis
Stage 2 Defining Requirements
Stage 3 Designing the product architecture
Stage 4 Developing the Product
Stage 5 Product Testing
Stage 6 Deployment in the Market and Maintenance
The correct answer is: Stage 1 – Planning and Requirement Analysis, Stage 2 – DefiningRequirements, Stage 3 – Designing the product architecture, Stage 4 – Developing the Product,Stage 5 – Product Testing, Stage 6 – Deployment in the Market and Maintenance
Match the following information security terms and concepts:
Vulnerability Weaknesses in a system or mechanism that expose information to attack or damage
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3
Flagquestion
Question 10Correct
Mark 1.00 out of1.00
Flagquestion
Exploit A technique used to compromise a system
Threat A category of objects, persons or other entities that presents a danger to asset
Asset Organization resource being protected
Exposure When a vulnerability known to an attacker is present
The correct answer is: Vulnerability – Weaknesses in a system or mechanism that exposeinformation to attack or damage, Exploit – A technique used to compromise a system, Threat –A category of objects, persons or other entities that presents a danger to asset, Asset –Organization resource being protected, Exposure – When a vulnerability known to an attacker ispresent
Which attributes of information systems will be affected by insider threat to an organization?
Select one or more:a. Confidentiality
b. Reputation
c. Integrity
d. Availability
The correct answer is: Confidentiality, Integrity, Availability
Finish review
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK04 ► TIS02_Checkup
Question 2Correct
Mark 1.00 out of1.00
Flagquestion
Question 3Incorrect
Mark 0.00 out of1.00
Flagquestion
Question 4Partially correct
Mark 0.67 out of1.00
Flagquestion
Question 5
Question 1Correct
Mark 2.00 out of2.00
Flagquestion
Started on Monday, 17 February 2014, 10:52 AMState Finished
Completed on Monday, 17 February 2014, 10:55 AMTime taken 2 mins 45 secs
Marks 13.00/15.00Grade 86.67 out of a maximum of 100.00
Risk is defined as the potential that a given threat will exploit vulnerabilities
of an asset or group of assets and thereby cause harm to theorganization.
Which processes are included in risk management?
Select one or more:a. Risk Acceptance
b. Evaluation and assessment
c. Risk mitigation
d. Risk assessment
The correct answer is: Risk assessment, Risk mitigation, Evaluation and assessment
Which of the following are true about qualitative risk assessment?
Select one or more:a. Measuring risk in terms of monetary values and frequency
b. Entire value of the asset is considered to be at risk
c. Identify and rate risks relative to each other
d. Prioritizes the risks and identifies areas for immediate improvement
The correct answer is: Prioritizes the risks and identifies areas for immediate improvement,Identify and rate risks relative to each other, Entire value of the asset is considered to be at risk
In qualitative risk assessment, risk is the product of the following items:
Select one or more:a. Asset
b. Threat
c. Probability
d. Vulnerability
The correct answer is: Asset, Vulnerability, Threat
Based on qualitative risk assessment, calcuate the risk by using the following estimation:
Quiz navigation
Finish review
1 2 3 4 5 6
7 8 9 10 11 12
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Correct
Mark 2.00 out of2.00
Flagquestion
Question 6Correct
Mark 1.00 out of1.00
Flagquestion
Question 7Correct
Mark 2.00 out of2.00
Flagquestion
Question 8Correct
Mark 1.00 out of1.00
Flagquestion
Question 9Correct
Mark 1.00 out of1.00
Flagquestion
Question 10Correct
Mark 1.00 out of1.00
Flagquestion
Numerical values: High (3), Medium (2), Low (1)
Value of product design drawing: High
Criticality of weak password vulnerability: Medium
Probability of insider threat of selling the product design: Low
Answer: 6
The correct answer is: 6
In quantitative risk assessment, annual loss expectancy (ALE) is defined as:
Select one:a. Asset value x Exposure factor
b. Asset value x Annualized rate of occurrence
c. Exposure factor x Annualized rate of occurrence
d. Asset value x Exposure factor x Annualized rate of occurrence
The correct answer is: Asset value x Exposure factor x Annualized rate of occurrence
By using quantitative risk assessment, calculate the annual loss expectancy (ALE) due to thethreat of smartphone case damage.
Value of smartphone: HK$5,000
Replacement cost of case: 30% of asset value
Probability of breaking the case: once per two years
Answer: 750
The correct answer is: 750
Which of the following is true about risk avoidance?
Select one:a. Purchasing insurance or outsourcing projects to other organizations
b. Application of policies, education and training , and technology
c. Remove certain functions of the system or shut down the system when risks are identified
d. Accepting the stated risks
The correct answer is: Remove certain functions of the system or shut down the system whenrisks are identified
Which of the following is true about risk reduction?
Select one:a. Remove certain functions of the system or shut down the system when risks are identified
b. Application of policies, education and training , and technology
c. Accepting the stated risks
d. Purchasing insurance or outsourcing projects to other organizations
The correct answer is: Application of policies, education and training , and technology
Match the correct statements to ways of discover vulnerabilities:
Performing penetration testing Active means
Receiving alerts of vulnerabilities from public sources Passive means
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Plus all the value
5000*(30% / 2) = 750
From out side
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3
Question 11Correct
Mark 1.00 out of1.00
Flagquestion
Question 12Partially correct
Mark 0.33 out of1.00
Flagquestion
The correct answer is: Performing penetration testing – Active means, Receiving alerts ofvulnerabilities from public sources – Passive means
Match the following security management concepts:
The process of comparing the performance metrics to bestpractices used in other organization
Benchmarking
It is a historic value of performance metric for comparingperformance when changes have occurred
Baseline
A layered defense consisting of two or more protective methods Defense in Depth
The failure of a component will result in the failure of the entiresystem
Single Point of Failure
The correct answer is: The process of comparing the performance metrics to best practicesused in other organization – Benchmarking, It is a historic value of performance metric forcomparing performance when changes have occurred – Baseline, A layered defense consistingof two or more protective methods – Defense in Depth, The failure of a component will result inthe failure of the entire system – Single Point of Failure
Match the following security documentation:
High-level statements or plan to specify the activities that are required,limited, or forbidden
Standards
Statements specify what shall be used to support security policies Security Polices
Instructions that specify how tasks are to be performed Procedures
The correct answer is: High-level statements or plan to specify the activities that are required,limited, or forbidden – Security Polices, Statements specify what shall be used to supportsecurity policies – Standards, Instructions that specify how tasks are to be performed –Procedures
Finish review
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK06 ► TIS03_Checkup
Question 1Correct
Mark 1.00 out of1.00
Flagquestion
Question 2Correct
Mark 1.00 out of1.00
Flagquestion
Question 3Partially correct
Mark 0.75 out of1.00
Flagquestion
Question 4Incorrect
Mark 0.00 out of
Started on Thursday, 27 February 2014, 10:08 AMState Finished
Completed on Thursday, 27 February 2014, 10:40 AMTime taken 31 mins 46 secs
Marks 20.25/24.00Grade 84.38 out of a maximum of 100.00
Which of the following are true about footprinting?
Select one or more:a. It is non-intrusive methodology of reconnaissance
b. Used by attackers to collect all possible information about the victim
c. It is intrusive methodology of reconnaissance
d. Information collected in footprinting stage can be very useful in helping the hackers tocarry out subsequent stages in their hacking process
The correct answer is: It is non-intrusive methodology of reconnaissance, Used by attackers tocollect all possible information about the victim, Information collected in footprinting stage can bevery useful in helping the hackers to carry out subsequent stages in their hacking process
Arrange the correct sequence of hacking.
Step 1 Reconnaissance
Step 2 Scanning
Step 3 Gaining Access
Step 4 Maintaining Access
Step 5 Clearing Tracks
The correct answer is: Step 1 – Reconnaissance, Step 2 – Scanning, Step 3 – Gaining Access,Step 4 – Maintaining Access, Step 5 – Clearing Tracks
Select the possible information sources in the footprinting stage:
Select one or more:a. Whois database
b. Common vulnerability databases such CVE and Microsoft Security Bulletin
c. Job opening advertisement
d. Social networking services
e. Query the DNS for resource records
The correct answer is: Job opening advertisement, Social networking services, Whois database,Query the DNS for resource records
What are the typical information stored in whois database?
Select one or more:a. Administrative and technical contact details
Quiz navigation
Finish review
1 2 3 4 5 6
7 8 9 10 11 12
13 14 15
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clear log
1.00
Flagquestion
Question 5Correct
Mark 1.00 out of1.00
Flagquestion
Question 8Correct
Mark 1.00 out of1.00
Flagquestion
Question 9Correct
Mark 1.00 out of1.00
Flagquestion
Question 6Correct
Mark 3.00 out of3.00
Flagquestion
Question 7Correct
Mark 3.00 out of3.00
Flagquestion
b. Registrant company size
c. Name servers information
d. Creation and expiration date of the domain name
e. Registrant domain name and registrar name
The correct answer is: Registrant domain name and registrar name, Creation and expiration dateof the domain name, Administrative and technical contact details, Name servers information
Based on the information of whois database, what can a hacker do?
Select one or more:a. Perform DNS zone transfer
b. Conduct social engineering attack
c. Crack administrator password in DNS servers
d. Perform SQL injection attack on web server
The correct answer is: Conduct social engineering attack, Perform DNS zone transfer
To prevent hackers rely on the information from whois database to conductattacks, organization should try to avoid giving away too much specific information by using a generic descriptive role-based
name and contact information.
Domain Name System (DNS) servers contain a portion of a domain database or namespace called a zone. A zone stores [resource records]
associated with a particular resource records into a zone file.
Match the descriptions to the names of DNS resource records:
Alias for the specified host name CNAME
Mail exhange servers for a domain MX
Host name to its IP address A
Map IP address to its host name PTR
Software and hardware information of a host HINFO
Name servers for a domain NS
The correct answer is: Alias for the specified host name – CNAME, Mail exhange servers for adomain – MX, Host name to its IP address – A, Map IP address to its host name – PTR,Software and hardware information of a host – HINFO, Name servers for a domain – NS
Shown below is the interactive mode of nslookup:
c:\>nslookup www.vtc.edu.hk
Select one:True
False
The correct answer is 'False'.
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
Mean some commonname of job
Question 10Correct
Mark 3.00 out of3.00
Flagquestion
Question 12Partially correct
Mark 0.50 out of1.00
Flagquestion
Question 13Incorrect
Mark 0.00 out of1.00
Flagquestion
Question 14Incorrect
Mark 0.00 out of1.00
Flagquestion
Question 15Correct
Mark 1.00 out of1.00
Question 11Correct
Mark 4.00 out of4.00
Flagquestion
Select the commands in correct sequence to query records on email servers of vtc.edu.hk:
C:\> nslookupDefault Server: cwcc2k24.vtc.hkAddress: 192.168.1.63> set type= MX
> vtc.edu.hk
Resource records are maintained and managed by the
authoritative server (SOA) and the process of replicating all these records to other
secondary name servers is known as a zone transfer.
Given your primary DNS server is ns1.mad.net.hk. Supose you find the DNS server(ns9.pacman.net.hk) of the target domain ab.org.hk. Match the correct steps of a zone transferon the target.
Step 1 C:\>nslookup
Step 2 >server ns9.pacman.net.hk
Step 3 >set type=MX
Step 4 >ls -d pacman.net.hk
The correct answer is: Step 1 – C:\>nslookup, Step 2 – >server ns9.pacman.net.hk, Step 3 –>set type=ANY, Step 4 – >ls -d ab.org.hk
To preventing leakage of sensitive information stored in the DNS server, administrator should:
Select one or more:a. Do not allow zone transfer to authorized secondary name servers
b. Restrict zone transfer only to the specific and authorized secondary name servers
c. Configure firewall to allow only certain authorized IP addresses to access the DNS serverthrough TCP port 53
d. Configure firewall to allow only certain authorized IP addresses to access the DNS serverthrough UDP port 53
The correct answer is: Restrict zone transfer only to the specific and authorized secondaryname servers, Configure firewall to allow only certain authorized IP addresses to access theDNS server through TCP port 53
To find out the network range of a company, what information is required as input to thecorresponding regional Internet registry (RIR)?
Select one:a. IP address of the company DNS server
b. IP address of company web server
c. Domain name of the company
d. FQDN of company web server
The correct answer is: IP address of company web server
Match the trace route command to corresponding operating system:
Linux
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3
Flagquestion
traceroute www.cisco.com
Windows 7 tracert www.cisco.com
The correct answer is: Linux – traceroute www.cisco.com, Windows 7 – tracert www.cisco.com
Finish review
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK06 ► TIS04_Checkup
Question 1Correct
Mark 1.00 out of1.00
Flagquestion
Question 2Correct
Mark 1.00 out of1.00
Flagquestion
Question 3Correct
Mark 1.00 out of1.00
Flagquestion
Question 4Correct
Mark 1.00 out of1.00
Flagquestion
Started on Sunday, 2 March 2014, 7:17 PMState Finished
Completed on Sunday, 2 March 2014, 7:37 PMTime taken 20 mins 37 secs
Marks 23.00/24.00Grade 95.83 out of a maximum of 100.00
Which of the following are true about scanning process?
Select one or more:a. Discovering live systems on the network
b. Identifying the types and versions of applications
c. Identifying services running on hosts
d. Gathering general information about the target and its network infrastructure
The correct answer is: Discovering live systems on the network, Identifying services running onhosts, Identifying the types and versions of applications
Identify the major types of scanning:
Select one or more:a. Malware scanning
b. Port scanning
c. Network scanning
d. Vulnerability scanning
The correct answer is: Network scanning, Port scanning, Vulnerability scanning
Match the descriptions to the steps of scanning:
Identifying ports and services running in a host Discover open ports
Using banner grabbing and OS fingerprinting Identify the OS and services
Listing hosts alive on a network
Identify live systems
Identify hosts have not been patched Scan for vulnerabilities
The correct answer is: Identifying ports and services running in a host – Discover open ports,Using banner grabbing and OS fingerprinting – Identify the OS and services, Listing hosts aliveon a network – Identify live systems, Identify hosts have not been patched – Scan forvulnerabilities
What types of information are discovered by ping command?
Select one or more:a. The round-trip time of a packet
b. The bandwidth of a network connection
c. Identify if a host is alive
Quiz navigation
Finish review
1 2 3 4 5 6
7 8 9 10 11 12
13 14 15 16 17 18
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Question 5Correct
Mark 1.00 out of1.00
Flagquestion
Question 6Partially correct
Mark 0.50 out of1.00
Flagquestion
Question 7Correct
Mark 1.00 out of1.00
Flagquestion
Question 8Correct
Mark 1.00 out of1.00
Flagquestion
d. Reliability of a network connection
The correct answer is: Identify if a host is alive, The round-trip time of a packet, Reliability of anetwork connection
Match the descriptions to the ICMP message types:
Echo Reply Type 0
Time Exceeded Type 11
Echo Request Type 8
Destination Unreachable Type 3
The correct answer is: Echo Reply – Type 0, Time Exceeded – Type 11, Echo Request – Type8, Destination Unreachable – Type 3
Which of the following are true about ping sweep?
Select one or more:a. It is very quiet
b. Easily detected by network intrusion detection systems (NIDS) and host-based IDS(HIDS)
c. A series of pings automatically sent to a range of IP addresses
d. Operated by manually entering the individual target’s address
The correct answer is: A series of pings automatically sent to a range of IP addresses, Easilydetected by network intrusion detection systems (NIDS) and host-based IDS (HIDS)
Match the descriptions to the TCP connection states:
Completed the handshake, session established Established
Available for connections Listen
Received a SYN and sent the ACK, waiting for reply Half-open
Not listening Closed
The correct answer is: Completed the handshake, session established – Established, Availablefor connections – Listen, Received a SYN and sent the ACK, waiting for reply – Half-open, Notlistening – Closed
Match the descriptions to the TCP flags:
Closes a connection FIN
Data within a segment is urgent and should be prioritized URG
Aborts a connection in response to an error RST
Initiates a connection SYN
Acknowledges received data ACK
Data should be sent immediately PSH
The correct answer is: Closes a connection – FIN, Data within a segment is urgent and shouldbe prioritized – URG, Aborts a connection in response to an error – RST, Initiates a connection– SYN, Acknowledges received data – ACK, Data should be sent immediately – PSH
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
Question 9Correct
Mark 1.00 out of1.00
Flagquestion
Question 10Correct
Mark 1.00 out of1.00
Flagquestion
Question 11Correct
Mark 1.00 out of1.00
Flagquestion
Question 12Correct
Mark 1.00 out of1.00
Flagquestion
Question 14Partially correct
Mark 0.50 out of1.00
Question 13Correct
Mark 3.00 out of3.00
Flagquestion
Select the correct statements about TCP connect scan:
Select one or more:a. Using three-way handshake
b. Closed ports with a RST/ACK
c. Open ports will respond with a SYN/ACK
d. Open ports will respond with a RST/ACK
The correct answer is: Using three-way handshake, Open ports will respond with a SYN/ACK,Closed ports with a RST/ACK
Select the correct statements about FIN scan:
Select one or more:a. Sending a UDP packet with the FIN flag set
b. Sending a TCP packet with the FIN flag set
c. Closed ports will respond with RST
d. Port is filtered if an ICMP destination unreachable error with code 1 is received
The correct answer is: Sending a TCP packet with the FIN flag set, Closed ports will respondwith RST, Port is filtered if an ICMP destination unreachable error with code 1 is received
Which of the following are features of Nmap?
Select one or more:a. Host discovery
b. Port scanning
c. Vulnerability scanning
d. Scriptable interaction with the target
e. OS and version detection
The correct answer is: Host discovery, Port scanning, OS and version detection, Scriptableinteraction with the target
Match the Nmap commands to scan types:
nmap -sP 192.168.5.1-254 Ping sweep
nmap -sS 192.168.5.10 SYN scan
nmap -sT 192.168.5.10 TCP connect scan
nmap -O 192.168.10.100 OS fingerprinting
The correct answer is: nmap -sP 192.168.5.1-254 – Ping sweep, nmap -sS 192.168.5.10 – SYNscan, nmap -sT 192.168.5.10 – TCP connect scan, nmap -O 192.168.10.100 – OS fingerprinting
Vulnerabilities are weaknesses in the software or system configuration that can be
exploited . They are often associated with missing patches .
Select the correct statements about network-based vulnerability scanner:
Select one or more:a. Detect vulnerable web servers
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Flagquestion
Question 15Correct
Mark 3.00 out of3.00
Flagquestion
Question 16Correct
Mark 3.00 out of3.00
Flagquestion
Question 17Correct
Mark 1.00 out of1.00
Flagquestion
Question 18Correct
Mark 1.00 out of1.00
Flagquestion
b. Detect misconfigured firewalls
c. Reveal risky user activities
d. Detect signs that if an attacker has already compromised a system
The correct answer is: Detect misconfigured firewalls, Detect vulnerable web servers
Identify the purposes of the following Nmap command:
nmap -sV -p 22,53,110,143 192.168.15.128
Select one or more:a. It tests if the target systen is running SSH
b. Determine the service and version information of open ports
c. It tests if the target systen is running IMAP
d. It tests if the target systen is running TELNET
The correct answer is: Determine the service and version information of open ports, It tests if thetarget systen is running IMAP, It tests if the target systen is running SSH
Identify the purposes of the following Nmap command:
nmap -sO 192.168.15.128
Select one:a. Determine which protocol is supported and its port status
b. Perform SYN scan and OS detection
c. Determine the OS version information
d. Determine the service and version information of open ports
The correct answer is: Determine which protocol is supported and its port status
To avoid controversy of network scanning:
Select one or more:a. Always have a personal reason for performing scans
b. Always have a legitimate reason for performing scans
c. Target your scan as tightly as possible
d. Ensure that you have permission to scan
e. Target your scan as broad as possible
The correct answer is: Ensure that you have permission to scan, Target your scan as tightly aspossible, Always have a legitimate reason for performing scans
The easier way to defend against port scans is to close unnecessary services on the targetedsystems.
Select one:True
False
The correct answer is 'True'.
Finish review
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK08 ► TIS05_Checkup
Question 1Correct
Mark 1.00 out of1.00
Flagquestion
Question 2Correct
Mark 1.00 out of1.00
Flagquestion
Question 4Incorrect
Mark 0.00 out of1.00
Flagquestion
Question 3Correct
Mark 3.00 out of3.00
Flagquestion
Started on Monday, 17 March 2014, 9:56 AMState Finished
Completed on Monday, 17 March 2014, 10:13 AMTime taken 17 mins 26 secs
Marks 26.50/28.00Grade 94.64 out of a maximum of 100.00
Which of the following are true about penetration testing?
Select one or more:a. Consists of malicious attacks to steal sensitive information
b. Provides proof of concept (POC) attacks to demonstrate the vulnerabilities are exist
c. A legal and authorized attempt to locate and exploit the vulnerabilities of systems
d. Provides specific recommendations for addressing and fixing the issues that werediscovered
The correct answer is: Provides proof of concept (POC) attacks to demonstrate thevulnerabilities are exist, Provides specific recommendations for addressing and fixing the issuesthat were discovered, A legal and authorized attempt to locate and exploit the vulnerabilities ofsystems
Which of the following are true about black box testing?
Select one or more:a. Simulate a knowledgeable internal threat,
b. Simulates the actions and procedures of a real attacker.
c. It is very valuable and can demonstrate privilege escalation from a trusted employee
d. Pen testers have to figure out the vulnerabilities of the system on their own from scratch.
The correct answer is: Pen testers have to figure out the vulnerabilities of the system on theirown from scratch., Simulates the actions and procedures of a real attacker.
Description - White Box TestingPen testers have full knowledge of the network, system, and infrastructure
they’re targeting. Simulate a knowledgeable internal threat , such as a
disgruntled network administrator or other trusted user.
Which are the activities in the preparation stage of a PT?
Select one or more:a. Gathering as much information as possible about the target of evaluation
b. Agree with the client what you are going to test
c. Define the goal of the test
d. Define rules of engagement (ROE)
The correct answer is: Agree with the client what you are going to test, Define rules ofengagement (ROE), Define the goal of the test
Quiz navigation
Finish review
1 2 3 4 5 6
7 8 9 10 11 12
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Question 5Correct
Mark 5.00 out of5.00
Flagquestion
Question 6Correct
Mark 1.00 out of1.00
Flagquestion
Question 8Correct
Mark 1.00 out of1.00
Flagquestion
Question 9Correct
Mark 1.00 out of1.00
Flagquestion
Question 10Correct
Mark 1.00 out of1.00
Flag
Question 7Correct
Mark 5.00 out of5.00
Flagquestion
Identify the correct sequence of PT:
Step 1 - Reconnaissance
Step 2 - Scanning
Step 3 - Gaining Access
Step 4 - Maintaining Access
Step 5 - Covering Tracks
Match the descriptions to the correct PT phases:
True attacks are carried out against the targets Gaining Access
Gathering as much information as possible about the target Reconnaissance
A way back into the compromised machine or system Maintaining Access
Hiding attack activities from detecting by security professionals Covering Tracks
Detecting live hosts in the network Scanning
The correct answer is: True attacks are carried out against the targets – Gaining Access,Gathering as much information as possible about the target – Reconnaissance, A way back intothe compromised machine or system – Maintaining Access, Hiding attack activities fromdetecting by security professionals
– Covering Tracks, Detecting live hosts in the network – Scanning
Network and port scanning, OS detection - Nmap
Port scanning, transferring files and a backdoor - Netcat
Detect vulnerabilities and misconfiguration - Nessus
Develop and execute exploit code against a remote target - Metasploit Framework
Web application security scanner - Netsparker
Which of the following tools will be used in Scanning Phase?
Select one or more:a. OpenVAS
b. Nmap
c. Netcat
d. Metasploit Framework
The correct answer is: Netcat, Nmap, OpenVAS
Which of the following tools will be used in Maintaining Access Phase?
Select one or more:a. OpenVAS
b. Metasploit Framework
c. Nmap
d. Netcat
The correct answer is: Netcat, Metasploit Framework
Identify if the descriptions are benefits of PT or not:
Reactive elimination of identified risks False
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3
question
Question 11Partially correct
Mark 0.50 out of1.00
Flagquestion
Question 12Correct
Mark 7.00 out of7.00
Flagquestion
Helps safeguard the organization against failure through preventing financialloss
True
Enhancement of IT knowledge True
Helps to recover from malicious attacks False
Proving due diligence and compliance to industry regulators True
The correct answer is: Reactive elimination of identified risks – False, Helps safeguard theorganization against failure through preventing financial loss – True, Enhancement of ITknowledge – True, Helps to recover from malicious attacks – False, Proving due diligence andcompliance to industry regulators – True
Which of the following are true about technical report of PT?
Select one or more:a. Present the high level findings of the test
b. Technical details of the test
c. Present the specific goals of the test
d. Descriptions of impact and remediation suggestions of the test
The correct answer is: Technical details of the test, Descriptions of impact and remediationsuggestions of the test
Read the HKMA guideline "Management of Security Risks in Electronic Banking Services".Complete the following:
For institutions offering e-banking services of higher risk , they should
consider to include in their independent assessments penetration testing having
regard to different types of online attacks . In between such independent
assessments, AIs ( Authorised Institutions ) should evaluate the effectiveness of their
security arrangements on an ongoing basis , and regularly make use of
scanning tools to scan for security weaknesses in their networks andsystems.
Finish review
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK08 ► TIS06_Checkup
Question 1Correct
Mark 1.00 out of1.00
Flagquestion
Question 2Correct
Mark 1.00 out of1.00
Flagquestion
Question 3Correct
Mark 1.00 out of1.00
Flagquestion
Question 4Correct
Started on Monday, 17 March 2014, 10:20 AMState Finished
Completed on Monday, 17 March 2014, 10:45 AMTime taken 24 mins 39 secs
Marks 17.50/18.00Grade 97.22 out of a maximum of 100.00
Which OSI layer do web exploitation attacks focus on?
Select one:a. Layer 7
b. Layer 3
c. Layer 2
d. Layer 4
The correct answer is: Layer 7
Select the factors lead to vulnerability of web applications:
Select one or more:a. More secured applications are available on market
b. Insecure software configuration
c. Strong passwords
d. Availability of information on new vulnerabilities and exploits
e. Availability of sophisticated hacking tools
The correct answer is: Availability of sophisticated hacking tools, Insecure softwareconfiguration, Availability of information on new vulnerabilities and exploits
Which of the following are true about OWASP?
It focused on improving the security of operating systems False
It focused on improving the security of software True
OWASP is a worldwide not-for-profit charitable organization True
The OWASP Top Ten is referenced by many organizations to develop secureapplications
True
The correct answer is: It focused on improving the security of operating systems – False, Itfocused on improving the security of software – True, OWASP is a worldwide not-for-profitcharitable organization – True, The OWASP Top Ten is referenced by many organizations todevelop secure applications – True
Match the OWASP Top 10 (2013):
Using Known Vulnerable Components
Quiz navigation
Finish review
1 2 3 4 5 6
7 8 9 10 11 12
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Mark 1.00 out of1.00
Flagquestion
Question 5Partially correct
Mark 0.75 out of1.00
Flagquestion
Question 6Partially correct
Mark 0.75 out of1.00
Flagquestion
Using Known Vulnerable Components A9
Cross-Site Request Forgery (CSRF) A8
Missing Function Level Access Control A7
Sensitive Data Exposure A6
Broken Authentication and Session Management A2
Injection A1
Insecure Direct Object References A4
Unvalidated Redirects and Forwards A10
Security Misconfiguration A5
Cross-Site Scripting (XSS) A3
The correct answer is: Using Known Vulnerable Components – A9, Cross-Site Request Forgery(CSRF) – A8, Missing Function Level Access Control – A7, Sensitive Data Exposure – A6,Broken Authentication and Session Management – A2, Injection – A1, Insecure Direct ObjectReferences – A4, Unvalidated Redirects and Forwards – A10, Security Misconfiguration – A5,Cross-Site Scripting (XSS) – A3
Which of the following are true about cross-site scripting (XSS)?
Forces a logged-on victim’s browser to send a forged HTTP request to avulnerable web application
True
An application takes untrusted data and sends it to a web browser without
proper validation or escaping True
Allows attackers to execute scripts in the victim’s browser True
Bypass basic web application authentication, manipulating data and viewingsensitive data
False
The correct answer is: Forces a logged-on victim’s browser to send a forged HTTP request to avulnerable web application – False, An application takes untrusted data and sends it to a webbrowser without proper validation or escaping – True, Allows attackers to execute scripts in thevictim’s browser – True, Bypass basic web application authentication, manipulating data andviewing sensitive data – False
Which of the following are true about SQL injection?
Bypass basic web application authentication, manipulating data and viewingsensitive data
True
Allows attackers to execute scripts in the victim’s browser False
An application takes untrusted data and sends it to a web browser withoutproper validation or escaping
True
Forces a logged-on victim’s browser to send a forged HTTP request to avulnerable web application
False
The correct answer is: Bypass basic web application authentication, manipulating data andviewing sensitive data – True, Allows attackers to execute scripts in the victim’s browser –False, An application takes untrusted data and sends it to a web browser without propervalidation or escaping – False, Forces a logged-on victim’s browser to send a forged HTTP
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
False
False
Question 7Correct
Mark 1.00 out of1.00
Flagquestion
Question 8Correct
Mark 1.00 out of1.00
Flagquestion
Question 9Correct
Mark 4.00 out of4.00
Flagquestion
Question 11Correct
Question 10Correct
Mark 4.00 out of4.00
Flagquestion
request to a vulnerable web application – False
Given the following SQL statement, select the correct descriptions.
SELECT * FROM users WHERE uname = ' ' or 1 = 1 -- '
Select one or more:a. The SQL statement if executed by server will return ALL of the records in the users table
b. The input is ' or 1 = 1 --'
c. The input is ' or 1 = 1 --
d. Where “--" is a comment that means everything follows will be ignored
The correct answer is: Where “--" is a comment that means everything follows will be ignored,The input is ' or 1 = 1 --, The SQL statement if executed by server will return ALL of the recordsin the users table
Determine if the following methods are true in preventing and detecting web-based attacks?
Keep up to date with patching and hot fixes True
Use reverse web proxies to protect application server True
Prevent public web server from accessing by external networks False
Web applications should be stored on a separate partition from operatingsystem
True
Apply least privilege to all accounts True
Use web proxies to protect application server False
Using web server vulnerability scanners to identify vulnerabilities True
The correct answer is: Keep up to date with patching and hot fixes – True, Use reverse webproxies to protect application server – True, Prevent public web server from accessing byexternal networks – False, Web applications should be stored on a separate partition fromoperating system – True, Apply least privilege to all accounts – True, Use web proxies to protectapplication server – False, Using web server vulnerability scanners to identify vulnerabilities –True
Prevention of SQL Injection:
Using bind variables instead of embedding user input in the SQL statement.
Every passed string parameter should be validated . Special characters that have a
special meaning in SQL must be removed or escaped .
Prevention of XSS:Using default security mechanism of web development framework.
Web application needs to ensure that all variable output is encoded
before being returned to the end user .
Which of the following are correct end user practices to prevent CSRF?
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3
Mark 1.00 out of1.00
Flagquestion
Question 12Correct
Mark 1.00 out of1.00
Flagquestion
Should properly log out the secure site before visiting other sites Correct
For work performance, should log in a secure site (e-banking) and anothersite at the same time
Incorrect
Should not log in to a secure site (e-banking), and another site at the sametime
Correct
Do not to respond to suspicious messages and not to click on links withinmessages
Correct
Respond to suspicious messages to find out the source Incorrect
Disable active content and scripting in browser Correct
The correct answer is: Should properly log out the secure site before visiting other sites –Correct, For work performance, should log in a secure site (e-banking) and another site at thesame time – Incorrect, Should not log in to a secure site (e-banking), and another site at thesame time – Correct, Do not to respond to suspicious messages and not to click on links withinmessages – Correct, Respond to suspicious messages to find out the source – Incorrect,Disable active content and scripting in browser – Correct
Which of the following are possible threats to organization from social media (e.g. Facebook,Twitter)?
Select one or more:a. Phishing
b. Packet sniffing
c. ARP spoofing
d. Cross site request forgery (CSRF)
e. Cross site scripting (XSS)
f. Malware infection
The correct answer is: Cross site scripting (XSS), Cross site request forgery (CSRF), Malwareinfection, Phishing
Finish review
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!
ww
w.tracker-softw
You are logged in as LAI Siu Chung (Logout)
eLearning Resources IT Resources Support VTC Search
Home ► ITP4405_IT_ICT_cfyung_3 ► WK10 ► TIS07_Checkup
Question 1Not yetanswered
Marked out of1.00
Flagquestion
Question 3Not yetanswered
Marked out of5.00
Flagquestion
Question 4Not yetanswered
Marked out of6.00
Flagquestion
Question 2Not yetanswered
Marked out of4.00
Flagquestion
Question 5Not yetanswered
Marked out of4.00
Flagquestion
Question 6Not yet
Which of the following are correct about the purposes of malware analysis?
To assist in building of defenses to protect the network Correct
To learn advanced programming techniques Incorrect
To develop indicators to detect malware infections Correct
To understand how a specific piece of malware functions Correct
Which of the following are true about host-based signatures developed by malware analysis?
TRUE Identify files created/modified by the malware
FALSE Detect malware by monitoring network traffic
TRUE Detect malicious code on victim computers
TRUE Detect specific registry changes by the malware
Match the following types of malware:
Backdoor Allow attacker executes commands on the local system bypassingsecurity controls Trojan Downloader Exists only to download other malicious code
Rootkit Hide the existence of certain processes or programs from detection
Botnet Group of Internet computers infected by malicious code to receive thesame instructions from a C2 server Worm Self-replicating malicious code that invades computers on a network
Static analysis involves analyzing the code or structure of a program to determine its
function without running it.
Dynamic analysis involves running the malware and observing its
behavior on the system. Before running the malware safely, youmust set up an environment that will allow you to study the running malware without damaging to your system or network.
Typical static analysis techniques to gather information of malware:
Using antivirus tools to confirm maliciousness
Using hashes to fingerprint malware
Unpack the packed malware
Gathering information from a file’s string, functions , and headers
Which of the following are true about the hash of a malware?
Quiz navigation
Finish attempt ...
Time left 0:36:42
1 2 3 4 5 6
7 8 9 10 11 12
13 14 15 16 17 18
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are.c
om
Clic
k to
BUY N
OW
!PD
F-XChange Edito
r
ww
w.tracker-softw
are
.co
m
Question 7Not yetanswered
Marked out of4.00
Flagquestion
Question 10Not yetanswered
Marked out of4.00
Flagquestion
answered
Marked out of4.00
Flagquestion
Question 8Not yetanswered
Marked out of1.00
Flagquestion
Question 9Not yetanswered
Marked out of4.00
Flagquestion
Question 11Not yetanswered
Marked out of4.00
Flagquestion
Question 12Not yetanswered
Marked out of1.00
Flagquestion
FALSE Used to verify the integrity of a malware
TRUE A label to identify the malware
TRUE Online searching for the hash to see if the malware has already been identified
TRUE Share with other analysts to help them to identify malware
Which of the following are true about packed malware?
TRUE To bypass firewalls and antivirus scanners
TRUE Use wrapper program decompresses the packed file and then executes theunpacked malware FALSE Packed malware is not harmful to system
TRUE Before performing any analysis, the packed malware must be unpacked
Which of the following functions are often included in packed programs?
Select one or more:a. CreateService
b. InternetOpen
c. GetProcAddress
d. LoadLibary
Which of the following are true about string searching?
TRUE A simple way to get hints about the functionality of a program
TRUE Strings in a program may be stored in either ASCII or Unicode format
TRUE Strings are used in a program to print a message, connects to a website
FALSE To recover the original program source codes
Which of the following are true about Portable Executable (PE) file format?
TRUE Header includes information about the code, the type of application, required libraryfunctions, and space requirements TRUE Information in the PE header is of great value to the malware writer
TRUE A file format for executables, object code, DLLs, used in 32-bit and 64-bit versionsof Windows operating systems FALSE A file format for executables, object code, DLLs, used in 32-bit and 64-bit versions
of Linux
Match the following PE header information:
Imports Functions from other libraries that are used by the malware
Time Date Stamp When the executable was compiled
Exports Functions were called by other programs
Resources Strings, icons, menus, and other information included in the malware
Which of the following is the most useful pieces of information about an executable?
Select one:a. Time Date Stamp
b. A list of resources
c. A list of export functions
d. A list of import functions
Question 15Not yetanswered
Marked out of5.00
Flagquestion
Question 16Not yetanswered
Marked out of1.00
Flagquestion
Question 17Not yetanswered
Marked out of1.00
Flagquestion
Question 18Not yetanswered
Marked out of5.00
Flagquestion
Question 13Not yetanswered
Marked out of4.00
Flagquestion
Question 14Not yetanswered
Marked out of4.00
Flagquestion
Match the following common dynamically linked libraries (DLLs):
Advapi32.dll Access Windows registry, manage Windows service and user accounts
Gdi32.dll Perform primitive drawing functions
Kernel32.dll Perform memory management and input/output operations
User32.dll Manipulates the standard elements of the Windows user interface
Match the information of common sections in a PE file:
text Contains the executable code
.rdata Import and export functions information
.data Global data accessed throughout the program
.rsrc Resources needed by the program
Which of the following are true about a safe environment for dynamic analysis?
TRUE Using dedicated physical machines in isolated network
TRUE Using VMs with host-only network setting
FALSE Using VMs with bridged network setting
FALSE Using production physical machines with connection to Internet
TRUE Before executing the malware, make sure all service packs, patches, hot fixes andany applications needed are installed in VMs
Match the following functions to the tools
Shows real-time file system, registry and process/thread activity Processor Monitor
List active processes, DLLs loaded by a process Process Explorer
Intercept and log network traffic Wireshark
Take and compare two registry snap-shots Regshot
Capture DNS requests made by malware ApateDNS
Which step of dynamic analysis will take a first snapshot of registry before executing themalware?
Select one:a. Network traffic
b. Comparison
c. System status
d. Baseline
Anti-virus programs have two basic modes of operations:
(1) Static file scanningScan a file or a volume to check to see if any of the files arecurrently infected with malware.
(2) Dynamic file scanningAll files that the operating system opens or uses are scanned first before
they are fully opened .
You are logged in as LAI Siu Chung (Logout)
ITP4405_IT_ICT_cfyung_3
NextClic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w Clic
k to
BUY N
OW
!
w