A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?


A. Scanning
B. Reconnaissance
C. Escalation
D. Enumeration

The practical realities facing organizations today make risk response strategies essential. Which of the following is NOT one of the five basic responses to risk?


A. Accept
B. Mitigate
C. Delegate
D. Avoid

You are about to be hired by a well known Bank to perform penetration tests. Which of the following documents describes the specifics of the testing, the associated violations, and essentially protects both the banks interest and your liabilities as a tester?


A. Service Level Agreement
B. Non-Disclosure Agreement
C. Terms of Engagement
D. Project Scope

A big company, who wanted to test their security infrastructure, wants to hire elite pen testers like you. During the interview, they asked you to show sample reports from previous penetration tests. What should you do?


A. Share reports, after NDA is signed
B. Share full reports, not redacted
C. Decline but, provide references
D. Share full reports with redactions

Security and privacy of/on information systems are two entities that requires lawful regulations. Which of the following regulations defines security and privacy controls for Federal information systems and organizations?


A. NIST SP 800-53
B. PCI-DSS
C. EU Safe Harbor
D. HIPAA

Which of the following tools would MOST LIKELY be used to perform security audit on various of forms of network systems?


A. Intrusion Detection System
B. Vulnerability scanner
C. Port scanner
D. Protocol analyzer

Knowing the nature of backup tapes, which of the following is the MOST RECOMMENDED way of storing backup tapes?


A. In a cool dry environment
B. Inside the data center for faster retrieval in a fireproof safe
C. In a climate controlled facility offsite
D. On a different floor in the same building

What is the approximate cost of replacement and recovery operation per year of a hard drive that has a value of $300 given that the technician who charges $10/hr would need 10 hours to restore OS and Software and needs further 4 hours to restore the
database from the last backup to the new hard disk? Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).


A. $440
B. $100
C. $1320
D. $146

Which among the following is a Windows command that a hacker can use to list all the shares to which the current user context has access?


A. NET FILE
B. NET USE
C. NET CONFIG
D. NET VIEW

Matthew received an email with an attachment named YouWon$10Grand.zip. The zip file contains a file named HowToClaimYourPrize.docx.exe. Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to
Matthews APPDATAIocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?


A. Key-logger
B. Trojan
C. Worm
D. Macro Virus