Which two security components should you implement on the sales personnel portable computers to increase security?
(Click the Exhibit button on the toolbar to see the case study.)
Each correct answer represents a complete solution. Choose two.

Mark works as a Network Administrator for Infonet Inc. The company has a Windows 2000 Active
Directory domain-based network. The domain contains one hundred Windows XP Professional
client computers. Mark is deploying an 802.11 wireless LAN on the network. The wireless LAN will
use Wired Equivalent Privacy (WEP) for all the connections. According to the company’s security
policy, the client computers must be able to automatically connect to the wireless LAN. However,
the unauthorized computers must not be allowed to connect to the wireless LAN and view the
wireless network. Mark wants to configure all the wireless access points and client computers to
act in accordance with the company’s security policy. What will he do to accomplish this?
Each correct answer represents a part of the solution. Choose three.

You work as a Security Administrator for DataSoft Inc. The company has a Windows-based
network. You have been assigned a project to strengthen the system security and also to provide
a user friendly environment to the employees so that they can work efficiently. Which of the
following concepts should you take into consideration to meet the goals of your project?

You enter the following URL on your Web browser:
http://www.we-are-secure.com/scripts/..%co%af../..%co%af../windows/system32/cmd.exe?/c+dir+c:\
What kind of attack are you performing?

Which of the following tools automates the password guessing in NetBIOS sessions and can also
be used to perform a manual dictionary attack?

RRD Job World wants to upgrade its network. The company decides to implement a TCP/IPbased network. According to the case study, RRD Job World is concerned about security. Which
of the following methods should the on-site employees use to communicate securely with the headquarters?
(Click the Exhibit button on the toolbar to see the case study.)

You work as a security manager in Mariotiss Inc. Your enterprise has been facing network and
software security threats since a few months. You want to renew your current security policies
and management to enhance the safety of your information systems. Which of the following is the
best practice to initiate the renewal process from the lowest level with the least managerial effort?

A chkrootkit is a toolkit that checks whether a rootkit is installed in the Linux operating system or
not. Which of the following tools are contained in chkrootkit?

Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which
Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is
eavesdropping the conversation and keeps the password. After the interchange is over, Eve
connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice’s password
read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?