Which of the following security operations is used for determining the attack surface of an organization?
A. Reviewing the need for a security clearance for each employee
B. Running a network scan to detect network services in the corporate DMZ
C. Training employees on the security policy regarding social engineering
D. Using configuration management to determine when and where to apply security patches
You are performing a penetration test. You achieved access via a bufferoverflow exploit and you proceed to find interesting data, such as files with usernames and passwords. You find a hidden folder that has the administrator's bank account password and login information for the administrator's bitcoin account.
What should you do?
A. Do not transfer the money but steal the bitcoins.
B. Report immediately to the administrator.
C. Transfer money from the administrator's account to another account.
D. Do not report it and continue the penetration test.
Rebecca has noted multiple entries in her logs about users attempting to connect on ports that are either not opened or ports that are not for public usage.
How can she restrict this type of abuse by limiting access to only specific IP addresses that are trusted by using one of the built-in Linux Operating System tools?
A. Ensure all files have at least a 755 or more restrictive permissions.
B. Configure rules using ipchains.
C. Configure and enable portsentry on his server.
D. Install an intrusion detection system on her computer such as Snort.
Which set of access control solutions implements two-factor authentication?
A. USB token and PIN
B. Fingerprint scanner and retina scanner
C. Password and PIN
D. Account and password
Which of the following ensures that updates to policies, procedures, and configurations are made in a controlled and documented fashion?
A. Regulatory compliance
B. Peer review
C. Change management
D. Penetration testing
Bluetooth uses which digital modulation technique to exchange information between paired devices?
A. PSK (phase-shift keying)
B. FSK (frequency-shift keying)
C. ASK (amplitude-shift keying)
D. QAM (quadrature amplitude modulation)
Some passwords are stored using specialized encryption algorithms known as hashes.
Why is this an appropriate method?
A. It is impossible to crack hashed user passwords unless the key used to encrypt them is obtained.
B. If a user forgets the password,it can be easily retrieved using the hash key stored by administrators.
C. Hashing is faster compared to more traditional encryption algorithms.
D. Passwords stored using hashes are non-reversible,making finding the password much more difficult.
File extensions provide information regarding the underlying server technology. Attackers can use this information to search vulnerabilities and launch attacks.
How would you disable file extensions in Apache servers?
A. Use disable-eXchange
B. Use mod_negotiation
C. Use Stop_Files
D. Use Lib_exchanges
You are programming a buffer overflow exploit and you want to create a NOP sled of 200 bytes in the program exploit.c

What is the hexadecimal value of NOP instruction?
A. 0x60
B. 0x80
C. 0x70
D. 0x90
Buffer X in an Accounting application module for Brownies Inc. can contain 200 characters.
The programmer makes an assumption that 200 characters are more than enough.
Because there were no proper boundary checks being conducted, Bob decided to insert 400 characters
into the 200-character buffer. (Overflows the buffer).
Below is the code snippet:

How can you protect/fix the problem of your application as shown above?
A. Because the counter starts with 0,we would stop when the counter is less than 200
B. Because the counter starts with 0,we would stop when the counter is more than 200
C. Add a separate statement to signify that if we have written less than 200 characters to the buffer,the stack should stop because it cannot hold any more data
D. Add a separate statement to signify that if we have written 200 characters to the buffer,the stack should stop because it cannot hold any more data