Ch.15

Question 1

in software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development

Answer 1

architectural design

Question 2

the code that can be executed by unauthorized users in a software program

Answer 2

attack surface

Question 3

gathering information from messages that a service transmits when another program connects to it

Answer 3

banner grabbing

Question 4

a comparison of the present state of a system to its baseline

Answer 4

baseline reporting

Question 5

a penetration test in which the tester has no prior knowledge of the network infrastructure that is being tested

Answer 5

Black box

Question 6

in software development, presenting the code to multiple reviewers in order to reach agreement about its security

Answer 6

code review

Question 7

an analysis of the design of a software program by key personnel from different levels of the project

Answer 7

design review

Question 8

a penetration test where some limited information has been provided to the tester

Answer 8

gray box

Question 9

the process of eliminating as many security risks as possible to make the system more secure

Answer 9

hardening

Question 10

a network set up with intentional vulnerabilities to invite attacks and reveal attackers’ methods

Answer 10

honeynet

Question 11

a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques

Answer 11

honeypot

Question 12

an agreement between parties intended to minimize security risks for data transmitted across a network

Answer 12

Interconnection Security Agreement (ISA)

Question 13

an agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities

Answer 13

interoperability agreement

Question 14

a scan that attempts to penetrate the system in order to perform simulated attack

Answer 14

intrusive vulnerability scan

Question 15

an agreement between two or more parties to enable them to work together that is not legally enforceable but is more formal than an unwritten agreement

Answer 15

Memorandum of Understanding (MOU)

Question 16

a scan that does not use credentials (username and password) to conduct an internal vulnerability assessment

Answer 16

non-credentialed vulnerability scan

Question 17

a scan that uses only available information to hypothesize the status of the vulnerability

Answer 17

non-intrusive vulnerability scan

Question 18

the termination of an agreement between parties

Answer 18

off-boarding business partners

Question 19

the start-up relationship agreement between parties

Answer 19

on-boarding business partners

Question 20

a test by an outsider that attempts to actually exploit any weaknesses

Answer 20

penetration testing

Question 21

software to search a system for port vulnerabilities

Answer 21

port scanner

Question 22

disabling unused application/service ports to reduce the number of threat vectors

Answer 22

port security

Question 23

a contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service

Answer 23

Service Level Agreement (SLA)

Question 24

combining an organization’s systems and data with outside entities

Answer 24

third-party integration

Question 25

a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm.

Answer 25

vulnerability assessment

Question 26

an automated software search through a system for any known security weaknesses that creates a report of those potential exposures

Answer 26

vulnerability scan

Question 27

generic term for a range of products that look for vulnerabilities in networks or systems

Answer 27

vulnerability scanner

Question 28

a penetration test where the tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications

Answer 28

white box

Question 29

sending a packet with every option set to on for whatever protocol is in use to observe how a host responds

Answer 29

Xmas Tree port scan

Question 30

At what point in vulnerability assessment would an attack tree be utilized?

a. vulnerability appraisal
b. risk assessment
c. risk mitigation
d. threat evaluation

Answer 30

D

Threat evaluation

Question 31

In the software development process, when should a design review be conducted?

a. at the completion of the project
b. at the same time as the code review
c. as the functional and design specifications are being developed based on the requirements
d. during verification

Answer 31

C

As the functional and design specifications are being developed based on the requirements

Question 32

A (n)_____ attempts to penetrate a system in order to perform a simulated attack.

a. intrusive vulnerability scan
b. vulnerability risk scan
c. PACK scan
d. master level scan

Answer 32

A

Intrusive vulnerability scan

Question 33

A (n)_____ is an agreement between two parties that is not legally enforceable.

a. Service Purchase Agreement (SLA)
b. Blanket Purchase Agreement (BPA)
c. Memorandum of Understanding (MOU)
d. Interconnection Security Agreement (ISA)

Answer 33

C

Memorandum of Understanding (MOU)

Question 34

A _____ is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm.

a. penetration test
b. vulnerability scan
c. vulnerability assessment
d. risk appraisal (RAP)

Answer 34

C

Vulnerability assessment

Question 35

Each of these can be classified as an asset EXCEPT _____.

a. business partners
b. buildings
c. employee databases
d. accounts payable

Answer 35

D

Accounts payable

Question 36

Each of these is a step in risk management EXCEPT _____.

a. attack assessment
b. vulnerability appraisal
c. threat evaluation
d. risk mitigation

Answer 36

A

Attack assessment

Question 37

Which statement regarding vulnerability appraisal is NOT true?

a. Vulnerability appraisal is always the easiest and quickest step.
b. Every asset must be viewed in light of each threat.
c. Each threat could reveal multiple vulnerabilities.
d. Each vulnerability should be cataloged

Answer 37

A

Vulnerability appraisal is always the easiest and quickest step.

Question 38

_____ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur.

a. Vulnerability prototyping
b. Risk assessment
c. Attack assessment
d. Threat modeling

Answer 38

D

Threat modeling

Question 39

What is a current snapshot of the security of an organization?

a. vulnerability appraisal
b. risk evaluation
c. threat mitigation
d. liability reporting

Answer 39

A

Vulnerability appraisal

Question 40

_____ is a comparison of the present security state of a system to a standard established by the organization.

a. Risk mitigation
b. Baseline reporting
c. Comparative Resource Appraisal (CRA)
d. Horizontal comparables

Answer 40

B

Baseline reporting

Question 41

Which of these is NOT a state of a port that can be returned by a port scanner?

a. open
b. busy
c. blocked
d. closed

Answer 41

B

Busy

Question 42

Which statement regarding TCP SYN port scanning is NOT true?

a. It uses FIN messages that can pass through firewalls and avoid detection
b. Instead of using the operating system’s network functions, the port scanner generated IP packets itself and monitors for responses
c. The scanner host closes the connection before he handshake is completed.
d. This scan type is also known as “half-open scanning” because it never actually opens a full TCP connection

Answer 42

A

It uses FIN messages that can pass through firewalls and avoid detection.

Question 43

The protocol File Transfer Protocol (FTP) uses which two ports?

a. 19 and 20
b. 20 and 21
c. 21 and 22
d. 22 and 23

Answer 43

B

20 and 21

Question 44

Each of these is a function of a vulnerability scanner EXCEPT _____.

a. detects which ports are served and which ports are browsed for each individual system
b. alerts users when a new patch cannot be found
c. maintains a log of all interactive network sessions
d. detects when a application is compromised

Answer 44

B

Alerts users when a new patch cannot be found

Question 45

Which statement about the Open Vulnerability and Assessment Language (OVAL) is true?

a. It only functions on Linux-based computers
b. It attempts to standardize vulnerability assessments
c. It has been replaced by XML
d. It is a European standard and is not used in the Americas

Answer 45

B

It attempts to standardize vulnerability assessments

Question 46

Which statement regarding a honeypot is NOT true?

a. It is typically located in an area with limited security
b. It is intentionally configured with security vulnerabilities
c. It cannot be part of a honeynet
d. It can direct an attacker’s attention away from legitimate servers

Answer 46

C

It cannot be part of a honeynet

Question 47

Which statement about vulnerability scanning is true?

a. It uses automated software to scan for vulnerabilities
b. The testers are always outside of the security perimeter
c. It may disrupt the operation of the network or systems
d. It produces a short report of the attack methods and value of he exploited data

Answer 47

A

It uses automated software to scan for vulnerabilities

Question 48

If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique?

a. black box
b. white box
c. gray box
d. blue box

Answer 48

B

White box

Question 49

If a software application aborts and leaves the program open, which control structure is it using?

a. fail-safe
b. fail-secure
c. fail-open
d. fail-right

Answer 49

C

Fail-open

Question 50

A prearranged purchase or sale agreement between a government agency and a business

Answer 50

Business. Purchase Agreement (BPA)

Question 51

a scan that provides credentials (username and password) to the scanner so that tests for additional internal vulnerabilities can be performed

Answer 51

credentialed vulnerability scan