Which of the following business challenges could be solved by using a vulnerability scanner?


A. Auditors want to discover if all systems are following a standard naming convention.
B. A web server was compromised and management needs to know if any further systems were compromised.
C. There is an emergency need to remove administrator access from multiple machines for an employee that quit.
D. There is a monthly requirement to test corporate compliance with host application usage and security policies.

Which of the following techniques does a vulnerability scanner use in order to detect a vulnerability on a target service?


A. Port scanning
B. Banner grabbing
C. Injecting arbitrary data
D. Analyzing service response

A network administrator received an administrative alert at 3:00 a.m. from the intrusion detection system. The alert was generated because a large number of packets were coming into the network over ports 20 and 21. During analysis, there were no signs of attack on the FTP servers. How should the administrator classify this situation?


A. True negatives
B. False negatives
C. True positives
D. False positives

In the software security development life cycle process, threat modeling occurs in which phase?


A. Design
B. Requirements
C. Verification
D. Implementation

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?


A. Set a BIOS password.
B. Encrypt the data on the hard drive.
C. Use a strong logon password to the operating system.
D. Back up everything on the laptop and store the backup in a safe place.

A Network Administrator was recently promoted to Chief Security Officer at a local university. One of employee's new responsibilities is to manage the implementation of an RFID card access system to a new server room on campus. The server room will house student enrollment information that is securely backed up to an off-site location.

During a meeting with an outside consultant, the Chief Security Officer explains that he is concerned that the existing security controls have not been designed properly. Currently, the Network Administrator is responsible for approving and issuing RFID card access to the server room, as well as reviewing the electronic access logs on a weekly basis.

Which of the following is an issue with the situation?


A. Segregation of duties
B. Undue influence
C. Lack of experience
D. Inadequate disaster recovery plan

Which of the following is a strong post designed to stop a car?


A. Gate
B. Fence
C. Bollard
D. Reinforced rebar

Which of the following cryptography attack methods is usually performed without the use of a computer?


A. Ciphertext-only attack
B. Chosen key attack
C. Rubber hose attack
D. Rainbow table attack

A hacker was able to sniff packets on a company's wireless network. The following information was discovered:

Using the Exlcusive OR, what was the original message?


A. 00101000 11101110
B. 11010111 00010001
C. 00001101 10100100
D. 11110010 01011011
00001101 10100100
D. 11110010 01011011

Which of the following is an example of an asymmetric encryption implementation?


A. SHA1

B. PGP
C. 3DES
D. MD5