A developer for a company is tasked with creating a program that will allow customers to update
their billing and shipping information. The billing address field used is limited to 50 characters.
What pseudo code would the developer use to avoid a buffer overflow attack on the billing address
field?

If the final set of security controls does not eliminate all risk in a system, what could be done next?

In keeping with the best practices of layered security, where are the best places to place intrusion
detection/intrusion prevention systems? (Choose two.)

What is one thing a tester can do to ensure that the software is trusted and is not changing or
tampering with critical data on the back end of a system it is loaded on?

Which of the following algorithms provides better protection against brute force attacks by using a
160-bit message digest?

What is the best defense against privilege escalation vulnerability?

Company A and Company B have just merged and each has its own Public Key Infrastructure
(PKI). What must the Certificate Authorities (CAs) establish so that the private PKIs for Company

A and Company B trust one another and each private PKI can validate digital certificates from the
other company?

Fingerprinting VPN firewalls is possible with which of the following tools?

A company has publicly hosted web applications and an internal Intranet protected by a firewall.
Which technique will help protect against enumeration?

Which of the following is a primary service of the U.S. Computer Security Incident Response Team
(CSIRT)?