Anonymizer sites access the Internet on your behalf, protecting your personal information from disclosure. An anonymizer protects all of your computer's identifying information while it surfs for you, enabling you to remain at least one step removed from the sites you visit.

You can visit Web sites without allowing anyone to gather information on sites visited by you. Services that provide anonymity disable pop-up windows and cookies, and conceal visitor's IP address.

These services typically use a proxy server to process each HTTP request. When the user requests a Web page by clicking a hyperlink or typing a URL into their browser, the service retrieves and displays the information using its own server. The remote server (where the requested Web page resides) receives information on the anonymous Web surfing service in place of your information.

In which situations would you want to use anonymizer? (Select 3 answers)

A. Increase your Web browsing bandwidth speed by using Anonymizer

B. To protect your privacy and Identity on the Internet

C. To bypass blocking applications that would prevent access to Web sites or parts of sites that you want to visit.

D. Post negative entries in blogs without revealing your IP identity

Steven the hacker realizes the network administrator of Acme Corporation is using syskey in Windows 2008 Server to protect his resources in the organization. Syskey independently encrypts the hashes so that physical access to the server, tapes, or ERDs is only first step to cracking the passwords. Steven must break through the encryption used by syskey before he can attempt to use brute force dictionary attacks on the hashes. Steven runs a program called "SysCracker" targeting the Windows 2008 Server machine in attempting to crack the hash used by Syskey. He needs to configure the encryption level before he can launch the attack. How many bits does Syskey use for encryption?

A. 40-bit encryption

B. 128-bit encryption

C. 256-bit encryption

D. 64-bit encryption

You are footprinting an organization and gathering competitive intelligence. You visit the company's website for contact information and telephone numbers but do not find them listed there. You know they had the entire staff directory listed on their website 12 months ago but now it is not there. Is there any way you can retrieve information from a website that is outdated?

A. Visit Google's search engine and view the cached copy

B. Crawl the entire website and store them into your computer

C. Visit Archive.org web site to retrieve the Internet archive of the company's website

D. Visit the company's partners and customers website for this information

You are trying to break into a highly classified top-secret mainframe computer with highest security system in place at Merclyn Barley Bank located in Los Angeles. You know that conventional hacking doesn't work in this case, because organizations such as banks are generally tight and secure when it comes to protecting their systems. In other words you are trying to penetrate an otherwise impenetrable system. How would you proceed?

A. Look for "zero-day" exploits at various underground hacker websites in Russia and China and buy the necessary exploits from these hackers and target the bank's network

B. Try to hang around the local pubs or restaurants near the bank, get talking to a poorly-paid or disgruntled employee, and offer them money if they'll abuse their access privileges by providing you with sensitive information

C. Launch DDOS attacks against Merclyn Barley Bank's routers and firewall systems using 100,000 or more "zombies" and "bots"

D. Try to conduct Man-in-the-Middle (MiTM) attack and divert the network traffic going to the Merclyn Barley Bank's Webserver to that of your machine using DNS Cache Poisoning techniques

On a Linux device, which of the following commands will start the Nessus client in the background so that the Nessus server can be configured?

A. nessus +

B. nessus *s

C. nessus and

D. nessus -d

Which of the following identifies the three modes in which Snort can be configured to run?

A. Sniffer, Packet Logger, and Network Intrusion Detection System

B. Sniffer, Network Intrusion Detection System, and Host Intrusion Detection System

C. Sniffer, Host Intrusion Prevention System, and Network Intrusion Prevention System

D. Sniffer, Packet Logger, and Host Intrusion Prevention System

Which type of access control is used on a router or firewall to limit network activity?

A. Mandatory

B. Discretionary

C. Rule-based

D. Role-based

To send a PGP encrypted message, which piece of information from the recipient must the sender have before encrypting the message?

A. Recipient's private key

B. Recipient's public key

C. Master encryption key

D. Sender's public key

If the final set of security controls does not eliminate all risk in a system, what could be done next?

A. Continue to apply controls until there is zero risk.

B. Ignore any remaining risk.

C. If the residual risk is low enough, it can be accepted.

D. Remove current controls since they are not completely effective.

Which of the following algorithms provides better protection against brute force attacks by using a 160-bit message digest?

A. MD5

B. SHA-1

C. RC4

D. MD4