Which among the following information is not furnished by the Rules of Engagement (ROE) document?

1. A. Techniques for data collection from systems upon termination of the test
2. B. Techniques for data exclusion from systems upon termination of the test
3. C. Details on how data should be transmitted during and after the test
4. D. Details on how organizational data is treated throughout and after the test

Correct Answer: A

Which of the following is NOT related to the Internal Security Assessment penetration testing strategy?

1. A. Testing to provide a more complete view of site security
2. B. Testing focused on the servers, infrastructure, and the underlying software, including the target
3. C. Testing including tiers and DMZs within the environment, the corporate network, or partner company connections
4. D. Testing performed from a number of network access points representing each logical and physical segment

Correct Answer: B

Which of the following is not the SQL injection attack character?

1. A. $
2. B. PRINT
3. C. #
4. D. @@variable

Correct Answer: A

Which of the following contents of a pen testing project plan addresses the strengths, weaknesses, opportunities, and threats involved in the project?

1. A. Project Goal
2. B. Success Factors
3. C. Objectives
4. D. Assumptions

Correct Answer: D

The IP protocol was designed for use on a wide variety of transmission links. Although the maximum length of an IP datagram is 64K, most transmission links enforce a smaller maximum packet length limit, called a MTU.
The value of the MTU depends on the type of the transmission link. The design of IP accommodates MTU differences by allowing routers to fragment IP datagrams as necessary. The receiving station is responsible for reassembling the fragments back into the original full size IP datagram.
IP fragmentation involves breaking a datagram into a number of pieces that can be reassembled later. The IP source, destination, identification, total length, and fragment offset fields in the IP header, are used for IP fragmentation and reassembly.

The fragment offset is 13 bits and indicates where a fragment belongs in the original IP datagram. This value is a:

1. A. Multiple of four bytes
2. B. Multiple of two bytes
3. C. Multiple of eight bytes
4. D. Multiple of six bytes

Correct Answer: C