A company firewall engineer has configured a new DMZ to allow public systems to be located away from the internal network. The engineer has three security zones set:

The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote desktop server in the DMZ. Which rule would best fit this requirement?


A. Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389
B. Permit 217.77.88.12 11.12.13.50 RDP 3389
C. Permit 217.77.88.12 11.12.13.0/24 RDP 3389
D. Permit 217.77.88.0/24 11.12.13.50 RDP 3389

While conducting a penetration test, the tester determines that there is a firewall between the tester's machine and the target machine. The firewall is only monitoring TCP handshaking of packets at the session layer of the OSI model. Which type of firewall is the tester trying to traverse?


A. Packet filtering firewall
B. Application-level firewall
C. Circuit-level gateway firewall
D. Stateful multilayer inspection firewall

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of the following choices would be a common vulnerability that usually exposes them?


A. Cross-site scripting
B. SQL injection
C. Missing patches
D. CRLF injection

At a Windows Server command prompt, which command could be used to list the running services?


A. Sc query type= running
B. Sc query \servername
C. Sc query
D. Sc config

Which type of access control is used on a router or firewall to limit network activity?


A. Mandatory
B. Discretionary
C. Rule-based
D. Role-based

Which of the following examples best represents a logical or technical control?


A. Security tokens
B. Heating and air conditioning
C. Smoke and fire alarms
D. Corporate security policy

What is one thing a tester can do to ensure that the software is trusted and is not changing or tampering with critical data on the back end of a system it is loaded on?


A. Proper testing
B. Secure coding principles
C. Systems security and architecture review
D. Analysis of interrupts within the software

If the final set of security controls does not eliminate all risk in a system, what could be done next?


A. Continue to apply controls until there is zero risk.
B. Ignore any remaining risk.
C. If the residual risk is low enough, it can be accepted.
D. Remove current controls since they are not completely effective.

Least privilege is a security concept that requires that a user is


A. limited to those functions required to do the job.
B. given root or administrative privileges.
C. trusted to keep all data and access to that data under their sole control.
D. given privileges equal to everyone else in the department.

John the Ripper is a technical assessment tool used to test the weakness of which of the following?


A. Usernames
B. File permissions
C. Firewall rulesets
D. Passwords