The "black box testing" methodology enforces what kind of restriction?


A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the external operation of a system is accessible to the tester.

Log monitoring tools performing behavioral analysis have alerted several suspicious logins on a Linux server occuring during non-business hours. After further examination of all login activities, it is notices that none of the logins have occurred during typical work hours. A Linux administrator who is investigating this problem realized the system time on the Linux server is wrong by more than twelve hours. What protocol used on Linux serves to synchronize the time has stopped working?


A. NTP
B. TimeKeeper
C. OSPF
D. PPP

The "Gray-box testing" methodology enforces what kind of restriction?


A. Only the internal operation of a system is known to the tester.
B. The internal operation of a system is completely known to the tester.
C. The internal operation of a system is only partly accessible to the tester.
D. Only the external operation of a system is accessible to the tester.

When you return to your desk after a lunch break, you notice a strange email in your inbox. The sender is someone you did business with recently, but the subject line has strange characters in it. What should you do?


A. Forward the message to your companys security response team and permanently delete the message from your computer.
B. Reply to the sender and ask them for more information about the message contents.
C. Delete the email and pretend nothing happened.
D. Forward the message to your supervisor and ask for her opinion on how to handle the situation.

You have successfully logged on a Linux system. You want to now cover your track. Your login attempt may be logged on several files located in /var/log. Which file does NOT belong to the list:


A. wtmp
B. user.log
C. btmp
D. auth.log

Elliot is in the process of exploiting a web application that uses SQL as a back-end database. He is determined that the application is vulnerable to SQL injection and has introduced conditional timing delays into injected queries to determine whether they are successful. What type of SQL injection is Elliot most likely performing?


A. NoSQL injection
B. Blind SQL injection
C. Union-based SQL injection
D. Error-based SQL injection

Matthew, a black hat, has managed to open a meterpreter session to one of the kiosk machines in Evil Corps lobby. He checks his current SID, which is S-1-5-21-12233523971872883824-861252104-501. What needs to happen before Matthew has full administrator access?


A. He needs to gain physical access.
B. He must perform privilege escalation.
C. He already has admin privileges, as shown by the 501 at the end of the SID.
D. He needs to disable antivirus protection.

Gavin owns a white-hat firm and is performing a website security audit for one of his clients. He begins by running a scan which looks for common misconfigurations and outdated software versions. Which of the following tools is he most likely using?


A. Armitage
B. Nikto
C. Metasploit
D. Nmap

Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?


A. Use security policies and procedures to define and implement proper security settings.
B. Use digital certificates to authenticate a server prior to sending data.
C. Validate and escape all information sent to a server.
D. Verify access right before allowing access to protected information and UI controls.

It is an entity or event with the potential to adversely impact a system through unauthorized access, destruction, disclosure, denial of service or modification of data. Which of the following terms best matches the definition?


A. Attack
B. Vulnerability
C. Threat
D. Risk