Which of the following are advantages of adopting a Single Sign On (SSO) system? (Choose two.)

An ethical hacker for a large security research firm performs penetration tests, vulnerability tests,
and risk assessments. A friend recently started a company and asks the hacker to perform a
penetration test and vulnerability assessment of the new company as a favor. What should the
hacker’s next step be before starting work on this job?

A large company intends to use Blackberry for corporate mobile phones and a security analyst is
assigned to evaluate the possible threats. The analyst will use the Blackjacking attack method to
demonstrate how an attacker could circumvent perimeter defenses and gain access to
the corporate network. What tool should the analyst use to perform a Blackjacking attack?

ICMP ping and ping sweeps are used to check for active systems and to check

A hacker searches in Google for filetype:pcf to find Cisco VPN config files. Those files may contain
connectivity passwords that can be decoded with which of the following?

Which technical characteristic do Ethereal/Wireshark, TCPDump, and Snort have in common?

A pentester gains acess to a Windows application server and needs to determine the settings of
the built-in Windows firewall. Which command would be used?

The following is a sample of output from a penetration tester’s machine targeting a machine with
the IP address of 192.168.1.106:

What is most likely taking place?

A tester is attempting to capture and analyze the traffic on a given network and realizes that the
network has several switches. What could be used to successfully sniff the traffic on this switched
network? (Choose three.)

A newly discovered flaw in a software application would be considered which kind of security
vulnerability?