Which of the following are variants of mandatory access control mechanisms? (Choose two.)

An attacker uses a communication channel within an operating system that is neither designed nor
intended to transfer information. What is the name of the communications channel?

Which of the following is used to indicate a single-line comment in structured query language
(SQL)?

What is the primary drawback to using advanced encryption standard (AES) algorithm with a 256
bit key to share sensitive data?

Pentest results indicate that voice over IP traffic is traversing a network. Which of the following
tools will decode a packet capture and extract the voice conversations?

Information gathered from social networking websites such as Facebook, Twitter and LinkedIn can
be used to launch which of the following types of attacks? (Choose two.)

Which of the following examples best represents a logical or technical control?

Which of the following resources does NMAP need to be used as a basic vulnerability scanner
covering several vectors like SMB, HTTP and FTP?

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of
engagement states that the penetration test be done from an external IP address with no prior
knowledge of the internal IT systems. What kind of test is being performed?

How can a policy help improve an employee’s security awareness?