- (Topic 4)
Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e- mails from company B. How do you prevent DNS spoofing? (Select the Best Answer.)

1. A. Install DNS logger and track vulnerable packets
2. B. Disable DNS timeouts
3. C. Install DNS Anti-spoofing
4. D. Disable DNS Zone Transfer

Correct Answer: C
Explantion: Implement DNS Anit-Spoofing measures to prevent DNS Cache Pollution to occur.

- (Topic 23)
Which of the following is NOT a valid NetWare access level?

1. A. Not Logged in
2. B. Logged in
3. C. Console Access
4. D. Administrator

Correct Answer: D
Administrator is an account not a access level.

- (Topic 3)
Name two software tools used for OS guessing.(Choose two.

1. A. Nmap
2. B. Snadboy
3. C. Queso
4. D. UserInfo
5. E. NetBus

Correct Answer: AC
Nmap and Queso are the two best-known OS guessing programs. OS guessing software has the ability to look at peculiarities in the way that each vendor implements the RFC's. These differences are compared with its database of known OS fingerprints. Then a best guess of the OS is provided to the user.

- (Topic 1)
What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

1. A. The ethical hacker does not use the same techniques or skills as a cracker.
2. B. The ethical hacker does it strictly for financial motives unlike a cracker.
3. C. The ethical hacker has authorization from the owner of the target.
4. D. The ethical hacker is just a cracker who is getting paid.

Correct Answer: C
The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target.

- (Topic 23)
Charlie is an IT security consultant that owns his own business in Denver. Charlie has recently been hired by Fleishman Robotics, a mechanical engineering company also in Denver. After signing service level agreements and other contract papers, Charlie asks to look over the current company security policies. Based on these policies, Charlie compares the policies against what is actually in place to secure the company's network. From this information, Charlie is able to produce a report to give to company executives showing which areas the company is lacking in. This report then becomes the basis for all of Charlie's remaining tests.
What type of initial analysis has Charlie performed to show the company which areas it needs improvements in?

1. A. Charlie has performed a BREACH analysis; showing the company where its weak points are
2. B. This analysis would be considered a vulnerability analysis
3. C. This type of analysis is called GAP analysis
4. D. This initial analysis performed by Charlie is called an Executive Summary

Correct Answer: C
In business and economics, gap analysis is a tool that helps a company to compare its actual performance with its potential performance.
At its core are two questions: "Where are we?" and "Where do we want to be?". http://en.wikipedia.org/wiki/Gap_analysis