- (Exam Topic 1)
Your company was hired by a small healthcare provider to perform a technical assessment on the network.
What is the best approach for discovering vulnerabilities on a Windows-based computer?

1. A. Use the built-in Windows Update tool
2. B. Use a scan tool like Nessus
3. C. Check MITRE.org for the latest list of CVE findings
4. D. Create a disk image of a clean Windows installation

Correct Answer: B

- (Exam Topic 2)
Bob, your senior colleague, has sent you a mail regarding a deal with one of the clients. You are requested to accept the offer and you oblige. After 2 days. Bob denies that he had ever sent a mail. What do you want to ""know"" to prove yourself that it was Bob who had send a mail?

1. A. Authentication
2. B. Confidentiality
3. C. Integrity
4. D. Non-Repudiation

Correct Answer: D
Non-repudiation is the assurance that someone cannot deny the validity of something. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data. In other words, non-repudiation makes it very difficult to successfully deny who/where a message came from as well as the authenticity and integrity of that message.

- (Exam Topic 1)
Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

1. A. Exploration
2. B. Investigation
3. C. Reconnaissance
4. D. Enumeration

Correct Answer: C