NEW QUESTION 1

Which of the following methods is used to get a cookie from a client? Note: Here, request is a reference of type HttpServletRequest, and response is a reference of type HttpServletResponse.

• A. Cookie [] cookies = request.getCookies();
• B. Cookie [] cookies = request.getCookie(String str)
• C. Cookie [] cookies = response.getCookie(String str)
• D. Cookie [] cookies = response.getCookies()

Answer: A

Explanation:

The getCookies() method of the HttpServletRequest interface is used to get the cookies from a client. This method returns an array of cookies. Answer B, C are incorrect. The getCookie(String str) method does not exist. Answer D is incorrect. The getCookies() method is present in the HttpServletRequest interface and not in the HttpServletResponse interface.

NEW QUESTION 2

Which of the following statements is true about a relational database?

• A. It is difficult to extend a relational database.
• B. The standard user and application program interface to a relational database is Programming Language (PL).
• C. It is a collection of data items organized as a set of formally-described tables.
• D. It is a set of tables containing data fitted into runtime defined categories.

Answer: C

Explanation:

A relational database is a collection of data items organized as a set of formally-described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables. Answer B is incorrect. The standard user and application program interface to a relational database is the structured query language (SQL). Answer A is incorrect. In addition to being relatively easy to create and access, a relational database has the important advantage of being easy to extend. Answer D is incorrect. A relational database is a set of tables containing data fitted into predefined categories. Each table (which is sometimes called a relation) contains one or more data categories in columns. Each row contains a unique instance of data for the categories defined by the columns.

NEW QUESTION 3

You work as a Desktop Support Technician for XYZ CORP. The company uses a Windows-based network comprising 50 Windows XP Professional computers. You want to
include the Safe Mode with Command Prompt feature into the boot.ini file of a Windows XP Professional computer. Which of the following switches will you use?

• A. /safeboot:network /sos /bootlog /noguiboot
• B. /safeboot:minimal /sos /bootlog /noguiboot
• C. /safeboot:minimal(alternateshell) /sos /bootlog /noguiboot
• D. /safeboot:dsrepair /sos

Answer: C

Explanation:

Safe-mode boot switches are used in the Windows operating systems to use the afe-mode boot feature. To use this feature the user should press F8 during boot. These modes are available in the Boot.ini file. Users can also automate the boot process using this feature. Various switches used for various modes are given below:

NEW QUESTION 4

In 1947, the American Institute of Certified Public Accountants (AICPA) adopted GAAS to establish standards for audits. Which of the following categories of audit standards established by GAAS are related to professional and technical competence, independence, and professional due care?

• A. Reporting standards
• B. Risk Analysis standards
• C. General standards
• D. Field work standards

Answer: C

Explanation:
In 1947, the American Institute of Certified Public Accountants (AICPA) adopted Generally Accepted Auditing Standards (GAAS) to establish standards for audits. The standards cover the following three categories: General Standards: They relate to professional and technical competence, independence, and professional due care. Field Work Standards: They relate to the planning of an audit, evaluation of internal control, and obtaining sufficient evidential matter upon which an opinion is based. Reporting Standards: They relate to the compliance of all auditing standards and adequacy of disclosure of opinion in the audit reports. If an opinion cannot be reached, the auditor is required to explicitly state their assertions. Answer B is incorrect. There was no such category of standard established by GAAS.

NEW QUESTION 5

You work as the Network Administrator for XYZ CORP. The company has a Unix-based network. You want to do RARP mapping from hardware mapping addresses to IP addresses. Which of the following Unix configuration files can you use to accomplish the task?

• A. /etc/dhcpd.conf
• B. /etc/motd
• C. /etc/exports
• D. /etc/ethers

Answer: D

Explanation:

In Unix, the /etc/ethers file is used by system administrators for RARP mapping from hardware mapping addresses to IP addresses.
Answer A is incorrect. In Unix, the /etc/dhcpd.conf file is the configuration file for the DHCP server daemon. Answer C is incorrect. In Unix, the /etc/exports file describes exported file systems for NFS services. Answer B is incorrect. In Unix, the /etc/motd file automatically displays the message of the day after a successful login.

NEW QUESTION 6

You are the Security Consultant and you frequently do vulnerability assessments on client computers. You want to have a standardized approach that would be applicable to all of your clients when doing a vulnerability assessment. What is the best way to do this?

• A. Utilize OVAL.
• B. Create your own standard and use it with all clients.
• C. Utilize each client's security policies when doing a vulnerability assessment for that client.
• D. Utilize the Microsoft security recommendations.

Answer: A

Explanation:

Open Vulnerability Assessment Language (OVAL) is a common language for security professionals to use when checking for the presence of vulnerabilities on computer systems. OVAL provides a baseline method for performing vulnerability assessments on local computer systems. Answer D is incorrect. While Microsoft security standards will be appropriate for many of your clients, they won't help clients using Linux, Macintosh, or Unix. They also won't give you insight into checking your firewalls or routers. Answer C is incorrect. This would not fulfill the requirement of having a standardized approach applicable to all clients. B is incorrect. This would not be the best way. You should use common industry standards, like OVAL.

NEW QUESTION 7

Which of the following statements about invalidating a session is true?

• A. The getCreationTime() method can be called on an invalidated session.
• B. The invalidate() method belongs to the HttpServletRequest interface.
• C. A session can be invalidated programmatically as well as using the deployment descriptor.
• D. The getAttribute(String name) method throws an IllegalArgumentException if called on an invalidated session.

Answer: C

Explanation:

An existing session can be invalidated in the following two ways: Setting timeout in the deployment descriptor: This can be done by specifying timeout between the <session-timeout> tags as follows: <session-config> <session-timeout> 10 </session- timeout> </session-config> This will set the time for session timeout to be ten minutes. Setting timeout programmatically: This will set the timeout for a specific session. The syntax for setting the timeout programmatically is as follows: session.setMaxInactiveInterval(10*60) In this method, the timeout is specified in seconds. Hence, this will set the time for the session timeout to be ten minutes. Answer A is incorrect. The getCreationTime() method returns the time when the session was created. The time is measured in milliseconds since midnight January 1, 1970. This method throws an IllegalStateException if it is called on an invalidated session. Answer D is incorrect. The getAttribute(String name) method of the HttpSession interface returns the value of the named attribute as an object. It returns a null value if no attribute with the given name is bound to the session. This method throws an IllegalStateException if it is called on an invalidated session. Answer B is incorrect. The invalidate() method belongs to the HttpSession interface.

NEW QUESTION 8

Which of the following policies helps reduce the potential damage from the actions of one person?

• A. CSA
• B. Separation of duties
• C. Internal audit
• D. Risk assessment

Answer: B

Explanation:

Separation of duties (SoD) is the concept of having more than one person required to complete a task. It is alternatively called segregation of duties or, in the political realm, separation of powers. Segregation of duties helps reduce the potential damage from the actions of one person. IS or end-user department should be organized in a way to achieve adequate separation of duties. According to ISACA's Segregation of Duties Control matrix, some duties should not be combined into one position. This matrix is not an industry standard, just a general guideline suggesting which positions should be separated and which require compensating controls when combined. Answer A is incorrect. Cisco Security Agent (CSA) is an endpoint intrusion prevention system. It is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack. CSA uses a two or three-tier client- server architecture. The Management Center 'MC' (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur. Answer C is incorrect. Internal auditing is a profession and activity involved in helping organizations achieve their stated objectives. It does this by using a systematic methodology for analyzing business processes, procedures and activities with the goal of highlighting organizational problems and recommending solutions. Answer D is incorrect. Risk assessment is a step in a risk management process.

NEW QUESTION 9

You want to monitor the network infrastructure of a software-based company. The network infrastructure of the company consists of the following: Windows TCP/IP services Web and mail servers URLs Applications (MS Exchange, SQL etc.) Which of the following network monitoring solutions can you use to accomplish the task?

• A. Axence nVision
• B. CommandCenter NOC
• C. Netmon
• D. Cymphonix Network Composer

Answer: A

Explanation:

Axence nVision is an advanced solution for a comprehensive network management. It is used to monitor network infrastructure such as Windows, TCP/IP services, web and mail servers, URLs, and applications (MS Exchange, SQL, etc.). It is also used to monitor routers and switches such as network traffic, interface status, and connected computers. It collects the network inventory and audit license usage. It also gives alerts in case of a program installation or any configuration change on a remote node. With the agent, an administrator can easily monitor user activities and can access computers remotely. Answer B is incorrect. CommandCenter NOC is a simple and effective tool that performs network monitoring with a powerful polling engine. It provides polling, Windows and UNIX/Linux server management, intrusion detection, vulnerability scanning, and traffic analysis in an integrated appliance. Answer D is incorrect. Cymphonix Network Composer is a precise Web gateway appliance. It is used to monitor Internet traffic by user, application, and threat. It consists of controls to shape access to Internet resources by user, group, and/or time of day. It also supports anonymous proxy blocking, policy management, and real time monitoring. Answer C is incorrect. Network Monitor (Netmon) is a protocol analyzer. It is used to analyze the network traffic. It is installed by default during the installation of the operating system. It can be installed by using Windows Components Wizard in the Add or Remove Programs tool in Control Panel. Network Monitor is used to perform the following tasks:
* 1. Capture frames directly from the network.
* 2. Display and filter captured frames immediately after capture or a later time.
* 3. Edit captured frames and transmit them on the network.
* 4. Capture frames from a remote computer.

NEW QUESTION 10

Which of the following are the reasons for implementing firewall in any network?

• A. Create a choke point
• B. Log Internet activity
• C. Log system activity
• D. Limit access control
• E. Implementing security policy
• F. Limit network host exposure

Answer: ABEF

Explanation:

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria. The four important roles of a firewall are as follows:
* 1. Implement security policy: A firewall is a first step in implementing security policies of an organization. Different policies are directly implemented at the firewall. A firewall can also work with network routers to implement Types-Of-Service (ToS) policies.
* 2. Creating a choke point: A firewall can create a choke point between a private network of
an organization and a public network. With the help of a choke point the firewall devices can monitor, filter, and verify all inbound and outbound traffic.
* 3. Logging Internet activity: A firewall also enforces logging of the errors and faults. It also provides alarming mechanism to the network.
* 4. Limiting network host exposure: A firewall can create a perimeter around the network to protect it from the Internet. It increases the security by hiding internal information.

NEW QUESTION 11

In which of the following attack techniques does an attacker try to intercept the successful handshake and then use a dictionary attack to retrieve the shared key?

• A. Shared key guessing
• B. Brute force attack
• C. Dictionary attack
• D. PSK cracking

Answer: D

Explanation:

PSK cracking is an attack technique in which an attacker tries to intercept the successful handshake and then uses a dictionary attack to retrieve the shared key. Answer A is incorrect. Shared key guessing is an attack technique in which an intruder by use of various cracking tools tries to guess the shared key of a wireless network and gain access to it. Answer C is incorrect. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit. Answer B is incorrect. In a brute force attack, an attacker uses software that tries a large number of the keys combinations in order to get a password. To prevent such attacks, users should create passwords more difficult to guess, e.g., using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations, etc.

NEW QUESTION 12

In a network, a data packet is received by a router for transmitting it to another network. For forwarding the packet to the other available networks, the router is configured with a static or a dynamic route. What are the benefits of using a static route?

• A. It is a fault tolerant path.
• B. It reduces load on routers, as no complex routing calculations are required.
• C. It reduces bandwidth usage, as there is no excessive router traffic.
• D. It provides precise control over the routes that packets will take across the network.

Answer: BCD

Explanation:

Static routing is a data communication concept that describes a way to configure path selection of routers in computer networks. This is achieved by manually adding routes to the routing table. However, when there is a change in the network or a failure occurs between two statically defined nodes, traffic will not be rerouted. Static routing is beneficial in many ways: Precise control over the routes that a packet will take across the network Reduced load on the routers, as no complex routing calculations are required Reduced bandwidth use, as there is no excessive router traffic. Easy to configure in small networks Answer A is incorrect. This is a property of a dynamic route. A static route cannot choose the best path. It can only choose the paths that are manually entered.
When there is a change in the network or a failure occurs between two statically defined nodes, traffic will not be rerouted.

NEW QUESTION 13

John works as a Network Administrator for Perfect Solutions Inc. The company has a Linux-based network. John is working as a root user on the Linux operating system. He is configuring the Apache Web server settings. He does not want the commands being used in the settings to be stored in the history. Which of the following commands can he use to disable history?

• A. history !!
• B. set +o history
• C. history !N
• D. set -o history

Answer: B

Explanation:

According to the scenario, John can use the set +o history command to disable history. Answer D is incorrect. John cannot use the set -o history command to accomplish his task. This command is used to enable disabled history.
Answer A is incorrect. John cannot use the history !! command to accomplish his task. This command is used to see the most recently typed command. Answer C is incorrect. John cannot use the history !N command to accomplish his task. This command is used to display the Nth history command.

NEW QUESTION 14

Which of the following commands can be used to find out where commands are located?

• A. type
• B. which
• C. env
• D. ls

Answer: AB

Explanation:

The which and type commands can be used to find out where commands are located.

NEW QUESTION 15

Zorp is a proxy firewall suite developed by Balabit IT Security. Which of the following statements are true about Zorp?

• A. It allows the administrators to fine-tune proxy decisions.
• B. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness.
• C. It allows full analysis of embedded protocols.
• D. The GPL version of Zorp lacks much of the usability and functions from the other versions.

Answer: ABC

Explanation:

Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions (with its built-in script language), and fully analyze embedded protocols (such as SSL with an embedded POP3 or HTTP protocol). The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway. Zorp aims for compliance with the Common Criteria/Application Level Firewall Protection Profile for Medium Robustness. Zorp is released under GNU/GPL and commercial license too. The GPL version is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only. Some of the Zorp supported protocols are Finger, Ftp, Http, Pop3, NNTP, IMAP4, RDP, RPC, SIP, SSL, SSH, Telnet, Whois, LDAP, RADIUS, TFtp, SQLNet NET8, Rsh, etc. Answer D is incorrect. The GPL version of Zorp is completely usable and functional; however, it lacks some of the more advanced functions available in the commercially available version only.

NEW QUESTION 16

Which of the following records is the first entry in a DNS database file?

• A. CNAME
• B. SOA
• C. SRV
• D. MX

Answer: B

Explanation:

Start of Authority (SOA) record is the first record in any DNS database file. The SOA resource record includes the following fields: owner, TTL, class, type, authoritative server, refresh, minimum TTL, etc. Answer A is incorrect. Canonical Name (CNAME) is a resource record that creates an alias for the specified Fully Qualified Domain Name (FQDN). It hides the implementation details of a network from the clients that are connected to the network. Answer D is incorrect. MX is a mail exchange resource record in the database file of a DNS server. It specifies a mail exchange server for a DNS domain name. Answer C is incorrect. SRV resource record is a DNS record that enables users to specify the location of servers for a specific service, protocol, and DNS domain. For example, if there are two servers in a domain, creating SRV records specifies which hosts serve as Web servers, and resolvers can then retrieve all the SRV resource records for the Web servers.

NEW QUESTION 17

You are tasked with creating an ACL to apply to Fa0/0 based on the following requirements: The ACL must be protocol specific. All traffic from host 10.10.45.2 and subnet 10.10.1.32/27 must be denied access through the router. Telnet and SSH must be denied for ALL hosts except the management host with the IP address of 10.10.0.100. This management host must not only have Telnet and SSH access, but access to any port in the TCP and UDP suite to any destination. HTTP, HTTPS, and DNS requests must be allowed for all hosts on subnets 10.10.2.0/24 and 10.10.3.0/24 to any destination. All remaining traffic must be denied. Cisco IOS applies an implied deny all at the end of an ACL. However, you must provide this configuration manually so that engineers can see hit counts on the deny all traffic when running the show ip access-lists command. Which of the following sets of commands will you choose to complete the configuration on Router A?

• A. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit tcp host 10.10.0.100 any RouterA(config)#access-list 110 permit udp host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0RouterA(config-if)#ip access-group 110 out
• B. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit ip host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 110 in
• C. RouterA(config)#access-list 110 deny ip host 10.10.45.2 any RouterA(config)#access-list 110 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 110 permit tcp host 10.10.0.100 any RouterA(config)#access-list 110 permit udp host 10.10.0.100 any RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 110 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 110 in
• D. RouterA(config)#access-list 99 deny ip host 10.10.45.2 any RouterA(config)#access-list 99 deny ip 10.10.1.32 0.0.0.31 any RouterA(config)#access-list 99 permit tcp host 10.10.0.100 any RouterA(config)#access-list 99 permit udp host 10.10.0.100 any RouterA(config)#access-list 99 permit tcp 10.10.2.0 0.0.1.255 any eq 80RouterA(config)#access-list 99 permit tcp 10.10.2.0 0.0.1.255 any eq 443RouterA(config)#access-list 99 permit udp 10.10.2.0 0.0.1.255 any eq 53 RouterA(config)#access-list 99 deny ip any any RouterA(config)#interface fa0/0 RouterA(config-if)#ip access-group 99 in

Answer: C

Explanation:

This ACL is an extended ACL. It meets the traffic requirements and is applied to Fa0/0 in the appropriate direction of in, which matches traffic going into the interface. In addition, this ACL meets the needs for subnets 10.10.2.0/24 and 10.10.3.0/24 by applying the subnet and wildcard mask of 10.10.2.0 0.0.1.255 for the lines that apply http, https, and dns. These subnets are covered by the wildcard mask 0.0.1.255. This wildcard mask is applied to a range of hosts from 10.10.2.0 through 10.10.3.255 which covers both of the subnets required. This is handy since both subnets are next to each other in their network numbers. Note: If the network numbers were not next to each other, for example 10.10.2.0/24 and 10.10.20.0/24, then the wildcard mask of 0.0.1.255 would be incorrect. A wildcard mask of 0.0.0.255 would be required. The configuration of the ACL would then be applied using the following commands: <!-- Only the relevant commands are displayed --> RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.0.255 any eq 80
RouterA(config)#access-list 110 permit tcp 10.10.2.0 0.0.0.255 any eq 443
RouterA(config)#access-list 110 permit udp 10.10.2.0 0.0.0.255 any eq 53
RouterA(config)#access-list 110 permit tcp 10.10.20.0 0.0.0.255 any eq 80
RouterA(config)#access-list 110 permit tcp 10.10.20.0 0.0.0.255 any eq 443
RouterA(config)#access-list 110 permit udp 10.10.20.0 0.0.0.255 any eq 53

NEW QUESTION 18

Peter works as a Web Developer for XYZ CORP. He is developing a Web site for the company. In one of the Web pages, Peter wants to ensure that certain information is consistent and visible while the other information changes. Which of the following will he use to accomplish this?

• A. Tables
• B. Navigation links
• C. Data elements
• D. Frames

Answer: D

Explanation:

Peter will use frames in the Web page. Frames are extensions of the HTML 3.2 standard introduced by Netscape. Elements such as navigation links and title graphic, can be placed in static individual frames. The <frame> tag defines the contents that will appear in each frame. It is used within the <frameset> tag. Frames allow users to display multiple HTML files at a time. Answer A is incorrect. A table is used to handle data in tabular form. Answer B is incorrect. Navigation links are used with the navigation bar to display a page. These hyperlinks are relative to the navigational structure of a Web site. Answer C is incorrect. Data elements are used to access data in XML format from a Web server.

NEW QUESTION 19

Which of the following allows the use of multiple virtual servers using different DNS names resolved by the same IP address?

• A. HTTP 1.1
• B. JAVA
• C. HTML
• D. VPN

Answer: A

Explanation:

HTTP 1.1 allows the use of multiple virtual servers, all using different DNS names resolved by the same IP address. The WWW service supports a concept called virtual server. A virtual server can be used to host multiple domain names on the same physical Web server. Using virtual servers, multiple FTP sites and Web sites can be hosted on a single computer. It means that there is no need to allocate different computers and software packages for each site. Answer D is incorrect. VPN stands for virtual private network. It allows users to use the Internet as a secure pipeline to their corporate local area networks (LANs). Remote users can dial-in to any local Internet Service Provider (ISP) and initiate a VPN session to connect to their corporate LAN over the Internet. Companies using VPNs significantly reduce long-distance dial-up charges. VPNs also provide remote employees with an inexpensive way of remaining connected to their company's LAN for extended periods.
Answer B is incorrect. Java is an object oriented programming language developed by Sun Microsystems. It allows the creation of platform independent executables. Java source code files are compiled into a format known as bytecode (files with .class extension). Java supports programming for the Internet in the form of Java applets. Java applets can be executed on a computer having a Java interpreter and a run-time environment known as Java Virtual Machine (JVM). Java Virtual Machines (JVMs) are available for most operating systems, including UNIX, Macintosh OS, and Windows. Answer C is incorrect. HTML stands for Hypertext Markup Language. It is a set of markup symbols or codes used to create Web pages and define formatting specifications. The markup tells the Web browser how to display the content of the Web page.

NEW QUESTION 20

Which of the following statements are true about data aggregation?

• A. A common aggregation purpose is to get more information about particular groups based on specific variables.
• B. Data aggregation cannot be user-based.
• C. Data aggregation is any process in which information is gathered and expressed in a summary form.
• D. Online analytic processing (OLAP) is a simple type of data aggregation.

Answer: ACD

Explanation:

Data aggregation is any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis. A common aggregation purpose is to get more information about particular groups based on specific variables such as age, profession, or income. The information about such groups can then be used for Web site personalization to choose content and advertising likely to appeal to an individual belonging to one or more groups for which data has been collected. For example, a site that sells music CDs might advertise certain CDs based on the age of the user and the data aggregate for their age group. Online analytic processing (OLAP) is a simple type of data aggregation in which the marketer uses an online reporting mechanism to process the information. Answer B is incorrect. Data aggregation can be user-based. Personal data aggregation services offer the user a single point for collection of their personal information from other Web sites. The customer uses a single master personal identification number (PIN) to give them access to their various accounts (such as those for financial institutions, airlines, book and music clubs, and so on). Performing this type of data aggregation is sometimes referred to as "screen scraping."

NEW QUESTION 21
......