- (Topic 5)
What information should an IT system analysis provide to the risk assessor?

1. A. Management buy-in
2. B. Threat statement
3. C. Security architecture
4. D. Impact analysis

Correct Answer: C

- (Topic 8)
In order to attack a wireless network, you put up an access point and override the signal of the real access point. As users send authentication data, you are able to capture it. What kind of attack is this?

1. A. WEP attack
2. B. Drive by hacking
3. C. Rogue access point attack
4. D. Unauthorized access point attack

Correct Answer: C
The definition of a Rogue access point is:
1. A wireless access point (AP) installed by an employee without the consent of the IT department. Without the proper security configuration, users have exposed their company's network to the outside world.
2. An access point (AP) set up by an attacker outside a facility with a wireless network. Also called an "evil twin, " the rogue AP picks up beacons (signals that advertise its presence) from the company's legitimate AP and transmits identical beacons, which some client machines inside the building associate with.

- (Topic 5)
During a penetration test, a tester finds a target that is running MS SQL 2000 with default credentials. The tester assumes that the service is running with Local System account. How can this weakness be exploited to access the system?

1. A. Using the Metasploit psexec module setting the SA / Admin credential
2. B. Invoking the stored procedure xp_shell to spawn a Windows command shell
3. C. Invoking the stored procedure cmd_shell to spawn a Windows command shell
4. D. Invoking the stored procedure xp_cmdshell to spawn a Windows command shell

Correct Answer: D

- (Topic 4)
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products?

1. A. Microsoft Security Baseline Analyzer
2. B. Retina
3. C. Core Impact
4. D. Microsoft Baseline Security Analyzer

Correct Answer: D

- (Topic 6)
To what does “message repudiation” refer to what concept in the realm of email security?

1. A. Message repudiation means a user can validate which mail server or servers a message was passed through.
2. B. Message repudiation means a user can claim damages for a mail message that damaged their reputation.
3. C. Message repudiation means a recipient can be sure that a message was sent from a particular person.
4. D. Message repudiation means a recipient can be sure that a message was sent from a certain host.
5. E. Message repudiation means a sender can claim they did not actually send a particular message.

Correct Answer: E
A quality that prevents a third party from being able to prove that a communication between two other parties ever took place. This is a desirable quality if you do not want your communications to be traceable.
Non-repudiation is the opposite quality—a third party can prove that a communication between two other parties took place. Non-repudiation is desirable if you want to be able to trace your communications and prove that they occurred. Repudiation – Denial of message submission or delivery.