Q) A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?
b) Account lockout
c) Password recovery
d) Password complexity
Q) A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed?
a) Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls.
b) Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities.
c) Exploit security controls to determine vulnerabilities and mis-configurations.
d) Bypass security controls and identify applicability of vulnerabilities by passively testing security controls.
Q) A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?
a) Spoof the MAC address of an observed wireless network client
b) Ping the access point to discover the SSID of the network
c) Perform a dictionary attack on the access point to enumerate the WEP key
d) Capture client to access point disassociation packets to replay on the local PC’s loopback
Q) After an assessment, auditors recommended that an application hosting company should contract with additional data providers for redundant high speed Internet connections. Which of the following is MOST likely the reason for this recommendation? (Select TWO).
a) To allow load balancing for cloud support
b) To allow for business continuity if one provider goes out of business
c) To eliminate a single point of failure
d) To allow for a hot site in case of disaster
e) To improve intranet communication speeds