A consultant has been hired by the V.P. of a large financial organization to assess the company’s
security posture. During the security testing, the consultant comes across child pornography on
the V.P.’s computer. What is the consultant’s obligation to the financial organization?

How is sniffing broadly categorized?

An engineer is learning to write exploits in C++ and is using the exploit tool Backtrack. The
engineer wants to compile the newest C++ exploit and name it calc.exe. Which command would
the engineer use to accomplish this?

A computer technician is using a new version of a word processing software package when it
is discovered that a special sequence of characters causes the entire computer to crash. The
technician researches the bug and discovers that no one else experienced the problem. What is
the appropriate next step?

What is the most secure way to mitigate the theft of corporate information from a laptop that was
left in a hotel room?

The intrusion detection system at a software development company suddenly generates multiple
alerts regarding attacks against the company’s external webserver, VPN concentrator, and DNS
servers. What should the security team do to determine which alerts to check first?

A corporation hired an ethical hacker to test if it is possible to obtain users’ login credentials using
methods other than social engineering. Access to offices and to a network node is granted.
Results from server scanning indicate all are adequately patched and physical access is denied,
thus, administrators have access only through Remote Desktop. Which technique could be used
to obtain login credentials?

Which of the following scanning tools is specifically designed to find potential exploits in Microsoft
Windows products?

Which of the statements concerning proxy firewalls is correct?

Which of the following is an example of two factor authentication?