Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)
A tester is attempting to capture and analyze the traffic on a given network and realizes that the network has several switches. What could be used to successfully sniff the traffic on this switched network? (Choose three.)
Which of the following are variants of mandatory access control mechanisms? (Choose two.)
Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can be used to launch which of the following types of attacks? (Choose two.)
A Certificate Authority (CA) generates a key pair that will be used for encryption and decryption of email. The integrity of the encrypted email is dependent on the security of which of the following?
What are the three types of authentication?
A tester has been using the msadc.pl attack script to execute arbitrary commands on a Windows NT4 web server. While it is effective, the tester finds it tedious to perform extended functions.
On further research, the tester come across a perl script that runs the following msadc functions:system("perl msadc.pl -h $host -C \"echo open $your >testfile\"");
Which exploit is indicated by this script?
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
What is the best defense against privilege escalation vulnerability?
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use?
What information should an IT system analysis provide to the risk assessor?
A large company intends to use Blackberry for corporate mobile phones and a security analyst is assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to demonstrate how an attacker could circumvent perimeter defenses and gain access to the corporate network. What tool should the analyst use to perform a Blackjacking attack?
A penetration tester is hired to do a risk assessment of a company's DMZ. The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems. What kind of test is being performed?
Which of the following viruses tries to hide from anti-virus programs by actively altering and corrupting the chosen service call interruptions when they are being run?
Which of the following is used to indicate a single-line comment in structured query language (SQL)?
Which security strategy requires using several, varying methods to protect IT systems against attacks?
Which of the following business challenges could be solved by using a vulnerability scanner?
A tester has been hired to do a web application security test. The tester notices that the site is dynamic and must make use of a back end database.
In order for the tester to see if SQL injection is possible, what is the first character that the tester should use to attempt breaking a valid SQL request?
The precaution of prohibiting employees from bringing personal computing devices into a facility is what type of security control?
Which United States legislation mandates that the Chief Executive Officer (CEO) and the Chief Financial Officer (CFO) must sign statements verifying the completeness and accuracy of financial reports?
