In many states sending spam is illegal. Thus, the spammers have techniques to try and ensure that no one knows they sent the spam out to thousands of users at a time. Which of the following best describes what spammers use to hide the origin of these types of e-mails?
A blacklist of companies that have their mail server relays configured to allow traffic only to their specific domain name
Mail relaying, which is a technique of bouncing e-mail from internal to external mails servers continuously.A blacklist of companies that have their mail server relays configured to be wide open.
Tools that will reconfigure a mail server’s relay component to send the e-mail back to the spammers occasionally.
SHOW ANSWERWhat is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?
Back up everything on the laptop and store the backup in a safe place
Use a strong logon password to the operating system
Encrypt the data on the hard driveSet a BIOS password
SHOW ANSWERAn IT employee got a call from one of our best customers. The caller wanted to know about the company’s network infrastructure, systems, and team. New opportunities of integration are in sight for both company and customer. What should this employee do?
Since the company’s policy is all about Customer Service, he/she will provide information.
Disregarding the call, the employee should hang up.
The employee should not provide any information without previous management authorization.The employees cannot provide any information; but, anyway, he/she will provide the name of the person in charge.
SHOW ANSWERA well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
Ignore it.
Try to sell the information to a well-paying party on the dark web.
Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.
Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability. SHOW ANSWERYour company performs penetration tests and security assessments for small and medium-sized business in the local area. During a routine security assessment, you discover information that suggests your client is involved in human trafficking.
What should you do?
Confront the client in a respectful manner and ask her about the data
Copy the data to removable media and keep it in case you need it
Ignore the data and continue the assessment until completed as agreed
SHOW ANSWERSophia travels a lot and worries that her laptop containing confidential documents might be stolen. What is the best protection that will work for her?
BIOS password
Password protected files
Hidden folders
Full disk encryption
A bank stores and processes sensitive privacy information related to home loans. However, auditing has never been enabled on the system. What is the first step that the bank should take before enabling the audit feature?
Perform a cost/benefit analysis of the audit feature
Determine the impact of enabling the audit featurePerform a vulnerability scan of the system
Allocate funds for staffing of audit log review
SHOW ANSWERWhat network security concept requires multiple layers of security controls to be placed throughout an IT infrastructure, which improves the security posture of an organization to defend against malicious attacks or potential vulnerabilities?
Security through obscurity
Host-Based Intrusion Detection System
Defense in depthNetwork-Based Intrusion Detection System
SHOW ANSWERWhich type of security feature stops vehicles from crashing through the doors of a building?
Turnstile
BollardsMantrap
Receptionist
SHOW ANSWERAn enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
Use fences in the entrance doors.
Install a CCTV with cameras pointing to the entrance doors and the street.
Use an IDS in the entrance doors and install some of them near the corners.
Use lights in all the entrance doors and along the company’s perimeter.
SHOW ANSWERIf executives are found liable for not properly protecting their company’s assets and information systems, what type of law would apply in this situation?
Common
Civil
International
Criminal
SHOW ANSWERDue to a slowdown of normal network operations, IT department decided to monitor internet traffic for all of the employees. From a legal stand point, what would be troublesome to take this kind of measure?
All of the employees would stop normal work activities
IT department would be telling employees who the boss is
Not informing the employees that they are going to be monitored could be an invasion of privacy.The network could still experience traffic slow down.
SHOW ANSWERAs a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing.
What document describes the specifics of the testing, the associated violations, and essentially protects both the organization’s interest and your liabilities as a tester?
Project Scope
Rules of EngagementService Level Agreement
Non-Disclosure Agreement
SHOW ANSWERIn an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account’s confidential files and information. How can he achieve this?
Port Scanning
Hacking Active Directory
Privilege EscalationShoulder-Surfing
SHOW ANSWER