A security analyst is performing an audit on the network to determine if there are any deviations from the security policies in place. The analyst discovers that a user from the IT department had a dial-out modem installed.
Which security policy must the security analyst check to see if dial-out modems are allowed?

1. A. Firewall-management policy
2. B. Acceptable-use policy
3. C. Permissive policy
4. D. Remote-access policy

Correct Answer: D

When purchasing a biometric system, one of the considerations that should be reviewed is the processing speed. Which of the following best describes what it is meant by processing?

1. A. The amount of time and resources that are necessary to maintain a biometric system
2. B. How long it takes to setup individual user accounts
3. C. The amount of time it takes to be either accepted or rejected from when an individual provides identification and authentication information
4. D. The amount of time it takes to convert biometric data into a template on a smart card

Correct Answer: C

What is the following command used for?
net use targetipc$ "" /u:""

1. A. Grabbing the etc/passwd file
2. B. Grabbing the SAM
3. C. Connecting to a Linux computer through Samba.
4. D. This command is used to connect as a null session
5. E. Enumeration of Cisco routers

Correct Answer: D

What is the role of test automation in security testing?

1. A. It is an option but it tends to be very expensive.
2. B. It should be used exclusivel
3. C. Manual testing is outdated because of low speed and possible test setup inconsistencies.
4. D. Test automation is not usable in security due to the complexity of the tests.
5. E. It can accelerate benchmark tests and repeat them with a consistent test setu
6. F. But it cannot replace manual testing completely.

Correct Answer: D

Gilbert, a web developer, uses a centralized web API to reduce complexity and increase the Integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT. POST. GET. and DELETE and can improve the overall performance, visibility, scalability, reliability, and portability of an application. What is the type of web-service API mentioned in the above scenario?

1. A. JSON-RPC
2. B. SOAP API
3. C. RESTful API
4. D. REST API

Correct Answer: C
*REST is not a specification, tool, or framework, but instead is an architectural style for web services that serves as a communication medium between various systems on the web. *RESTful APIs, which are also known as RESTful services, are designed using REST principles and HTTP communication protocols RESTful is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE
RESTful API: RESTful API is a RESTful service that is designed using REST principles and HTTP communication protocols. RESTful is a collection of resources that use HTTP methods such as PUT, POST, GET, and DELETE. RESTful API is also designed to make applications independent to improve the overall performance, visibility, scalability, reliability, and portability of an application. APIs with the following features can be referred to as to RESTful APIs: o Stateless: The client end stores the state of the session; the server is restricted to save data during the request processing o Cacheable: The client should save responses (representations) in the cache. This feature can enhance API performance pg. 1920 CEHv11 manual.
https://cloud.google.com/files/apigee/apigee-web-api-design-the-missing-link-ebook.pdf
The HTTP methods GET, POST, PUT or PATCH, and DELETE can be used with these templates to read, create, update, and delete description resources for dogs and their owners. This API style has become popular for many reasons. It is straightforward and intuitive, and learning this pattern is similar to learning a
programming language API. APIs like this one are commonly called RESTful APIs, although they do not display all of the characteristics that define REST (more on REST later).