- (Exam Topic 3)
A post-breach forensic investigation revealed that a known vulnerability in Apache Struts was to blame for the Equifax data breach that affected 143 million customers. A fix was available from the software vendor for several months prior 10 the Intrusion. This Is likely a failure in which of the following security processes?

1. A. vendor risk management
2. B. Security awareness training
3. C. Secure deployment lifecycle
4. D. Patch management

Correct Answer: D
Patch management is that the method that helps acquire, test and install multiple patches (code changes) on existing applications and software tools on a pc, enabling systems to remain updated on existing patches and determining that patches are the suitable ones. Managing patches so becomes simple and simple.
Patch Management is usually done by software system firms as a part of their internal efforts to mend problems with the various versions of software system programs and also to assist analyze existing software system programs and discover any potential lack of security features or different upgrades.
Software patches help fix those problems that exist and are detected solely once the software’s initial unharness. Patches mostly concern security while there are some patches that concern the particular practicality of programs as well.

- (Exam Topic 3)
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this cached record, he determines the sites recently visited by the organization's user. What is the enumeration technique used by Henry on the organization?

1. A. DNS zone walking
2. B. DNS cache snooping
3. C. DNS SEC zone walking
4. D. DNS cache poisoning

Correct Answer: B

- (Exam Topic 3)
Which of the following antennas is commonly used in communications for a frequency band of 10 MHz to VHF and UHF?

1. A. Yagi antenna
2. B. Dipole antenna
3. C. Parabolic grid antenna
4. D. Omnidirectional antenna

Correct Answer: A

- (Exam Topic 2)
What would be the fastest way to perform content enumeration on a given web server by using the Gobuster tool?

1. A. Performing content enumeration using the bruteforce mode and 10 threads
2. B. Shipping SSL certificate verification
3. C. Performing content enumeration using a wordlist
4. D. Performing content enumeration using the bruteforce mode and random file extensions

Correct Answer: A

- (Exam Topic 3)
An attacker can employ many methods to perform social engineering against unsuspecting employees, including scareware.
What is the best example of a scareware attack?

1. A. A pop-up appears to a user stating, "You have won a free cruise! Click here to claim your prize!"
2. B. A banner appears to a user stating, "Your account has been locke
3. C. Click here to reset your password and unlock your account."
4. D. A banner appears to a user stating, "Your Amazon order has been delaye
5. E. Click here to find out your new delivery date."
6. F. A pop-up appears to a user stating, "Your computer may have been infected with spywar
7. G. Click here to install an anti-spyware tool to resolve this issue."

Correct Answer: D