Which of the following equipment could a pen tester use to perform shoulder surfing?

1. A. Binoculars
2. B. Painted ultraviolet material
3. C. Microphone
4. D. All the above

Correct Answer: A

Snort, an open source network-based intrusion detection sensor, is the most widely installed NIDS in the world. It can be configured to run in the four modes. Which one of the following modes reads the packets off the network and displays them in a continuous stream on the console (screen)?

1. A. Packet Sniffer Mode
2. B. Packet Logger Mode
3. C. Network Intrusion Detection System Mode
4. D. Inline Mode

Correct Answer: A

Which of the following documents helps in creating a confidential relationship between the pen tester and client to protect critical and confidential information or trade secrets?

1. A. Penetration Testing Agreement
2. B. Rules of Behavior Agreement
3. C. Liability Insurance
4. D. Non-Disclosure Agreement

Correct Answer: D

Which one of the following acts makes reputational risk of poor security a reality because it requires public disclosure of any security breach that involves personal information if it is unencrypted or if it is reasonably believed that the information has been acquired by an unauthorized person?

1. A. California SB 1386
2. B. Sarbanes-Oxley 2002
3. C. Gramm-Leach-Bliley Act (GLBA)
4. D. USA Patriot Act 2001

Correct Answer: A

Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable.
What kind of results did Jim receive from his vulnerability analysis?

1. A. True negatives
2. B. False negatives
3. C. False positives
4. D. True positives

Correct Answer: B