The company ABC recently contracted a new accountant. The accountant will be working with the financial statements. Those financial statements need to be approved by the CFO and then they will be sent to the accountant but the CFO is worried because he wants to be sure that the information sent to the accountant was not modified once he approved it. What of the following options can be useful to ensure the integrity of the data?


A. The document can be sent to the accountant using an exclusive USB for that document.
B. The CFO can use a hash algorithm in the document once he approved the financial statements.
C. The financial statements can be sent twice, one by email and the other delivered in USB and the accountant can compare both to be sure it is the same document.
D. The CFO can use an excel file with a password.

The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw away papers with confidential information about the new product and the opposition found it in the garbage. What is the name of the technique used by the opposition?


A. Hack attack
B. Sniffing
C. Dumpster diving
D. Spying

What is the role of test automation in security testing?


A. It can accelerate benchmark tests and repeat them with a consistent test setup. But it cannot replace manual testing completely.
B. It is an option but it tends to be very expensive.
C. It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.
D. Test automation is not usable in security due to the complexity of the tests.

If executives are found liable for not properly protecting their company's assets and information systems, what type of law would apply in this situation?


A. Civil
B. International
C. Criminal
D. Common

An attacker is trying to redirect the traffic of a small office. That office is using their own mail server, DNS server and NTP server because of the importance of their job. The attacker gains access to the DNS server and redirects the direction www.google.com to his own IP address. Now when the employees of the office want to go to Google they are being redirected to the attacker machine. What is the name of this kind of attack?


A. ARP Poisoning
B. Smurf Attack
C. DNS spoofing
D. MAC Flooding

What two conditions must a digital signature meet?


A. Has to be unforgeable, and has to be authentic.
B. Has to be legible and neat.
C. Must be unique and have special characters.
D. Has to be the same number of characters as a physical signature and must be unique.

Craig received a report of all the computers on the network that showed all the missing patches and weak passwords. What type of software generated this report?


A. a port scanner
B. a vulnerability scanner
C. a virus scanner
D. a malware scanner

Which of the following statements regarding ethical hacking is incorrect?


A. Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization's systems.
B. Testing should be remotely performed offsite.
C. An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.
D. Ethical hacking should not involve writing to or modifying the target systems.

During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?


A. Identify and evaluate existing practices
B. Create a procedures document
C. Conduct compliance testing
D. Terminate the audit

Ricardo wants to send secret messages to a competitor company. To secure these messages, he uses a technique of hiding a secret message within an ordinary message. The technique provides 'security through obscurity'.

What technique is Ricardo using?


A. Steganography
B. Public-key cryptography
C. RSA algorithm
D. Encryption