Which method can provide a better return on IT security investment and provide a thorough and
comprehensive assessment of organizational security covering policy, procedure design, and
implementation?

What makes web application vulnerabilities so aggravating? (Choose two)

How does an operating system protect the passwords used for account logins?

An employee wants to defeat detection by a network-based IDS application. He does not want to
attack the system containing the IDS application.

Which of the following strategies can be used to defeat detection by a network-based IDS
application? (Choose the best answer)

Which of the following programs is usually targeted at Microsoft Office products?

Carl has successfully compromised a web server from behind a firewall by exploiting a
vulnerability in the web server program. He wants to proceed by installing a backdoor program.
However, he is aware that not all inbound ports on the firewall are in the open state.
From the list given below, identify the port that is most likely to be open and allowed to reach the
server that Carl has just compromised.

What is the main difference between a “Normal” SQL Injection and a “Blind” SQL Injection
vulnerability?

While scanning a network you observe that all of the web servers in the DMZ are responding to
ACK packets on port 80.
What can you infer from this observation?

Which of the following ensures that updates to policies, procedures, and configurations are made
in a controlled and documented fashion?

You are the security administrator for a large network. You want to prevent attackers from running
any sort of traceroute into your DMZ and discover the internal structure of publicly accessible
areas of the network.
How can you achieve this?