Which of the following is NOT a valid reason to use external penetration service firms rather than corporate
resources?

Which of the following is NOT a technique used to perform a penetration test?

Which of the following testing method examines the functionality of an application without peering into its
internal structure or knowing the details of its internals?

During an IS audit, auditor has observed that authentication and authorization steps are split into two functions
and there is a possibility to force the authorization step to be completed before the authentication step. Which
of the following technique an attacker could user to force authorization step before authentication?

During an IS audit, one of your auditors has observed that some of the critical servers in your organization can
be accessed ONLY by using a shared/common user name and password. What should be the auditor’s
PRIMARY concern be with this approach?

Which of the following is NOT a security goal for remote access?

Which authentication technique BEST protects against hijacking?

Which of the following can BEST eliminate dial-up access through a Remote Access Server as a hacking
vector?

What is Kerberos?

Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access
Control System TACACS for communication between clients and servers?