Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

Company A and Company B have just merged and each has its own Public Key Infrastructure (PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company A and Company B trust one another and each private PKI can validate digital certificates from the other company?

In the OSI model, where does PPTP encryption take place?

A penetration tester is hired to do a risk assessment of a company ' s DMZ.  The rules of engagement states that the penetration test be done from an external IP address with no prior knowledge of the internal IT systems.  What kind of test is being performed?

Which of the following examples best represents a logical or technical control?

Which of the following business challenges could be solved by using a vulnerability scanner?

During a penetration test, a tester finds that the web application being analyzed is vulnerable to Cross Site Scripting (XSS). Which of the following conditions must be met to exploit this vulnerability?

Which statement best describes a server type under an N-tier architecture?

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256 bit key to share sensitive data?

What sequence of packets is sent during the initial TCP three-way handshake?

Nathan is testing some of his network devices. Nathan is using Macof to try and flood the ARP cache of these switches. If these switches ' ARP cache is successfully flooded, what will be the result?

What type of Virus is shown here?

What type of encryption does WPA2 use?

Hampton is the senior security analyst for the city of Columbus in Ohio. His primary responsibility is to ensure that all physical and logical aspects of the city ' s computer network are secure from all angles. Bill is an IT technician that works with Hampton in the same IT department. Bill ' s primary responsibility is to keep PC ' s and servers up to date and to keep track of all the agency laptops that the company owns and lends out to its employees. After Bill setup a wireless network for the agency, Hampton made sure that everything was secure. He instituted encryption, rotating keys, turned off SSID broadcasting, and enabled MAC filtering. According to agency policy, only company laptops are allowed to use the wireless network, so Hampton entered all the MAC addresses for those laptops into the wireless security utility so that only those laptops should be able to access the wireless network.

Hampton does not keep track of all the laptops, but he is pretty certain that the agency only purchases Dell laptops. Hampton is curious about this because he notices Bill working on a Toshiba laptop one day and saw that he was on the Internet. Instead of jumping to conclusions, Hampton decides to talk to Bill ' s boss and see if they had purchased a Toshiba laptop instead of the usual Dell. Bill ' s boss said no, so now Hampton is very curious to see how Bill is accessing the Internet. Hampton does site surveys every couple of days, and has yet to see any outside wireless network signals inside the company ' s building.

How was Bill able to get Internet access without using an agency laptop?

Leesa is the senior security analyst for a publicly traded company. The IT department recently rolled out an intranet for company use only with information ranging from training, to holiday schedules, to human resources data. Leesa wants to make sure the site is not accessible from outside and she also wants to ensure the site is Sarbanes-Oxley (SOX) compliant. Leesa goes to a public library as she wants to do some Google searching to verify whether the company ' s intranet is accessible from outside and has been indexed by Google. Leesa wants to search for a website title of " intranet " with part of the URL containing the word " intranet " and the words " human resources " somewhere in the webpage.

What Google search will accomplish this?

Which of the following steganography utilities exploits the nature of white space and allows the user to conceal information in these white spaces?

Jason is the network administrator of Spears Technology. He has enabled SNORT IDS to detect attacks going through his network. He receives Snort SMS alerts on his iPhone whenever there is an attempted intrusion to his network.

He receives the following SMS message during the weekend.

An attacker Chew Siew sitting in Beijing, China had just launched a remote scan on Jason ' s network with the hping command.

Which of the following hping2 command is responsible for the above snort alert?

_____________ is a type of symmetric-key encryption algorithm that transforms a fixed-length block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length.

A Trojan horse is a destructive program that masquerades as a benign application. The software initially appears to perform a desirable function for the user prior to installation and/or execution, but in addition to the expected function steals information or harms the system.

The challenge for an attacker is to send a convincing file attachment to the victim, which gets easily executed on the victim machine without raising any suspicion. Today ' s end users are quite knowledgeable about malwares and viruses. Instead of sending games and fun executables, Hackers today are quite successful in spreading the Trojans using Rogue security software.

What is Rogue security software?

Switches maintain a CAM Table that maps individual MAC addresses on the network to physical ports on the switch.

In MAC flooding attack, a switch is fed with many Ethernet frames, each containing different source MAC addresses, by the attacker. Switches have a limited memory for mapping various MAC addresses to physical ports. What happens when the CAM table becomes full?