1. An organization recently upgraded its wireless infrastructure to support 802.1x and requires all clients to use this method. After the upgrade some critical wireless clients connect, because they are only pre-shared key compliant. For the foreseeable future, none of the affected customers have an upgrade path for them in accordance with the 802.1x requirement. Which of the following provides the most secure method for integrating non-compliant clients on the network?

A) Create a separate SSID and require the use of dynamic encryption keys.
B) Create a separate SSID with a pre-shared key to support legacy customers and turn the key at random intervals.
C) Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.
D) Create a separate SSID and WPA2 pre-shared key on a new network segment and are only required communication paths.
E) None


2. Company policy requires that all non-supported operating systems are removed from the network. The security administrator uses a combination of network-based tools to identify such systems with a view to linking them loose network. Which of the following tools, or outputs of the tool is in use, can be used to help create the security administrator to determine approximately the operating system in use on the local corporate network? (Choose three.)(Select 3answers)

A) password cracker
B) Passive banner grabbing
C) 09: 18: 16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proton-TCP (6), length 40) 192.168.1.3.1051> 10.46.3.7.80: Flags [none ] cksum 0x1800 (correct), 512 wins, 0 length
D) nmap
E) dig host.company.com


3. Ann is testing the robustness of a marketing website via a proxy intercept. It has the following HTTP request intercepted: /login.aspx POST HTTP / 1.1 Host: comptia.org Content-type: text / html txtUsername = ann ann & txtPassword = & alreadyLoggedIn = false & submit = true Which of the following would Ann to be carried out to test whether the site vulnerable to a simple authentication bypass?

A) Remove the txtUsername txtPassword and after the data and toggle submission of true to false
B) Remove all of the post data and change request for /login.aspx from POST to GET
C) None
D) Attempt to brute force all usernames and passwords with a password cracker
E) Remove the txtPassword after the data and change from false to true alreadyLoggedIn


4. The following is discovered in an internally developed application: Error - Memory allocated but not freed: char * myBuffer = malloc (BUFFER_SIZE); if (myBuffer! = null) {* myBuffer = STRING_WELCOME_MESSAGE; printf (Welcome to:% s n, myBuffer); } Exit (0); Which of the following security assessment methods are likely to reveal this security weakness? (Choose two).(Select 2answers)

A) Static code analysis
B) Manual code review
C) Memory dumping
D) Application sandboxing
E) penetration testing


5. A pent star should try passwords from a Windows domain that strongly enforces complex passwords cracking. Which of the following would be the MOST passwords in the shortest time to crack?

A) brutal attack
B) None
C) dictionary attack
D) Online password test
E) Rainbow tables attack