CHAPTER 15 Questions Flashcards
Which one of the following tools is used primarily to perform network discovery scans?
A. Nmap
B. OpenVAS
C. Metasploit Framework
D. lsof1
A. Nmap
Nmap is a network discovery scanning tool that reports the open ports on a remote system and the firewall status of those ports. OpenVAS is a network vulnerability scanning tool. Metasploit Framework is an exploitation framework used in penetration testing. lsof is a Linux command used to list open files on a system.
Adam recently ran a network port scan of a web server running in his organization. He ran the scan from an external network to get an attacker’s perspective on the scan. Which one of the following results is the greatest cause for alarm?
A. 80/open
B. 22/filtered
C. 443/open
D. 1433/open
D. 1433/open
Only open ports represent potentially significant security risks. Ports 80 and 443 are expected to be open on a web server. Port 1433 is a database port and should never be exposed to an external network. Port 22 is used for the Secure Shell protocol (SSH), and the filtered status indicates that nmap can’t determine whether it is open or closed. This situation does require further investigation, but it is not as alarming as a definitely exposed database server port.
Which one of the following factors should not be taken into consideration when planning a security testing schedule for a particular system?
A. Sensitivity of the information stored on the system
B. Difficulty of performing the test
C. Desire to experiment with new testing tools
D. Desirability of the system to attackers
C. Desire to experiment with new testing tools
The sensitivity of information stored on the system, difficulty of performing the test, and likelihood of an attacker targeting the system are all valid considerations when planning a security testing schedule. The desire to experiment with new testing tools should not influence the production testing schedule
Which one of the following is not normally included in a security assessment?
A. Vulnerability scan
B. Risk assessment
C. Mitigation of vulnerabilities
D. Threat assessment
C. Mitigation of vulnerabilities
Security assessments include many types of tests designed to identify vulnerabilities, and the assessment report normally includes recommendations for mitigation. The assessment does not, however, include actual mitigation of those vulnerabilities.
Who is the intended audience for a security assessment report?
A. Management
B. Security auditor
C. Security professional
D. Customers
A. Management
Security assessment reports should be addressed to the organization’s management. For this reason, they should be written in plain English and avoid technical jargon.
Wendy is considering the use of a vulnerability scanner in her organization. What is the proper role of a vulnerability scanner?
A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secured state.
C. They locate known security holes
Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports and make recommendations.
Alan ran a nmap scan against a server and determined that port 80 is open on the server. What tool would likely provide him the best additional information about the server’s purpose and the identity of the server’s operator?
A. SSH
B. Web browser
C. Telnet
D. Ping
B. Web browser
The server is likely running a website on port 80. Using a web browser to access the site may provide important information about the site’s purpose.
What port is typically used to accept administrative connections using the SSH utility?
A. 20
B. 22
C. 25
D. 80
B. 22
The SSH protocol uses port 22 to accept administrative connections to a server.
Which one of the following tests provides the most accurate and detailed information about the security state of a server?
A. Unauthenticated scan
B. Port scan
C. Half-open scan
D. Authenticated scan
D. Authenticated scan
Authenticated scans can read configuration information from the target system and reduce the instances of false positive and false negative reports.
What type of network discovery scan only uses the first two steps of the TCP handshake?
A. TCP connect scan
B. Xmas scan
C. TCP SYN scan
D. TCP ACK scan
C. TCP SYN scan
The TCP SYN scan sends a SYN packet and receives a SYN ACK packet in response, but it does not send the final ACK required to complete the three-way handshake.
Matthew would like to test systems on his network for SQL injection vulnerabilities. Which one of the following tools would be best suited to this task?
A. Port scanner
B. Network vulnerability scanner
C. Network discovery scanner
D. Web vulnerability scanner
D. Web vulnerability scanner
SQL injection attacks are web vulnerabilities, and Matthew would be best served by a web vulnerability scanner. A network vulnerability scanner might also pick up this vulnerability, but the web vulnerability scanner is specifically designed for the task and more likely to be successful.
Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application?
A. Only if the application changes
B. At least monthly
C. At least annually
D. There is no rescanning requirement.
C. At least annually
PCI DSS requires that Badin rescan the application at least annually and after any change in the application.
Grace is performing a penetration test against a client’s network and would like to use a tool to assist in automatically executing common exploits. Which one of the following security tools will best meet her needs?
A. nmap
B. Metasploit Framework
C. OpenVAS
D. Nikto
B. Metasploit Framework
Metasploit Framework is an automated exploit tool that allows attackers to easily execute common attack techniques. Nmap is a port scanning tool. OpenVAS is a network vulnerability scanner and Nikto is a web application scanner. While these other tools might identify potential vulnerabilities, they do not go as far as to exploit them.
Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul intend to perform?
A. Code review
B. Application vulnerability review
C. Mutation fuzzing
D. Generational fuzzing
C. Mutation fuzzing
Mutation fuzzing uses bit flipping and other techniques to slightly modify previous inputs to a program in an attempt to detect software flaws.
Users of a banking application may try to withdraw funds that don’t exist from their account. Developers are aware of this threat and implemented code to protect against it. What type of software testing would most likely catch this type of vulnerability if the developers have not already remediated it?
A. Misuse case testing
B. SQL injection testing
C. Fuzzing
D. Code review
A. Misuse case testing
Misuse case testing identifies known ways that an attacker might exploit a system and tests explicitly to see if those attacks are possible in the proposed code.
