You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to
sensitive information about the company clients. You have rummaged through their trash and found very little information.
You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

1. A. Nmap
2. B. Netcraft
3. C. Ping sweep
4. D. Dig

Correct Answer: B

The objective of this act was to protect consumers personal financial information held by financial institutions and their service providers.

1. A. HIPAA
2. B. Sarbanes-Oxley 2002
3. C. Gramm-Leach-Bliley Act
4. D. California SB 1386a

Correct Answer: C

Which of the following are the default ports used by NetBIOS service?

1. A. A.-135, 136, 139, 445B.134, 135, 136, 137C.137, 138, 139, 140D.133, 134, 139, 142

Correct Answer: A

Which vulnerability assessment phase describes the scope of the assessment, identifies and ranks the critical assets, and creates proper information protection procedures such as effective planning, scheduling, coordination, and logistics?

1. A. Threat-Assessment Phase
2. B. Pre-Assessment Phase
3. C. Assessment Phase
4. D. Post-Assessment Phase

Correct Answer: B

Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate.
He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT.
Which firewall would be most appropriate for Harold?

1. A. Application-level proxy firewall
2. B. Data link layer firewall
3. C. Packet filtering firewall
4. D. Circuit-level proxy firewall

Correct Answer: A