Chapter 15: Security Assessment & Testing Flashcards
Which one of the following tools is used primarily to perform network discovery scans?
A. Nmap
B. Nessus
C. Metasploit
D. lsof
A
Adam recently ran a network port scan of a web server running in his organization. He ran the scan from an external network to get an attacker’s perspective on the scan. Which one of the following results is the greatest cause for alarm?
A. 80/open
B. 22/filtered
C. 443/open
D. 1433/open
D
Which one of the following factors should not be taken into consideration when planning a security testing schedule for a particular system?
A. Sensitivity of the information stored on the system
B. Difficulty of performing the test
C. Desire to experiment with new testing tools
D. Desirability of the system to attackers
C
CWhich one of the following is not normally included in a security assessment?
A. Vulnerability scan
B. Risk assessment
C. Mitigation of vulnerabilities
D. Threat assessment
C
Who is the intended audience for a security assessment report?
A. Management
B. Security auditor
C. Security professional
D. Customers
A
Beth would like to run an nmap scan against all of the systems on her organization’s private network. These include systems in the 10.0.0.0 private address space. She would like to scan this entire private address space because she is not certain what subnets are used. What network address should Beth specify as the target of her scan?
A. 10.0.0.0/0
B. 10.0.0.0/8
C. 10.0.0.0/16
D. 10.0.0.0/24
B
Alan ran an nmap scan against a server and determined that port 80 is open on the server. What tool would likely provide him the best additional information about the server’s purpose and the identity of the server’s operator?
A. SSH
B. Web browser
C. telnet
D. ping
B
What port is typically used to accept administrative connections using the SSH utility?
A. 20
B. 22
C. 25
D. 80
B
Which one of the following tests provides the most accurate and detailed information about the security state of a server?
A. Unauthenticated scan
B. Port scan
C. Half-open scan
D. Authenticated scan
D
What type of network discovery scan only follows the first two steps of the TCP handshake?
A. TCP connect scan
B. Xmas scan
C. TCP SYN scan
D. TCP ACK scan
C
Matthew would like to test systems on his network for SQL injection vulnerabilities. Which one of the following tools would be best suited to this task?
A. Port scanner
B. Network vulnerability scanner
C. Network discovery scanner
D. Web vulnerability scanner
D
Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application?
A. Only if the application changes
B. At least monthly
C. At least annually
D. There is no rescanning requirement.
C
Grace is performing a penetration test against a client’s network and would like to use a tool to assist in automatically executing common exploits. Which one of the following security tools will best meet her needs?
A. nmap
B. Metasploit
C. Nessus
D. Snort
B
Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul intend to perform?
A. Code review
B. Application vulnerability review
C. Mutation fuzzing
D. Generational fuzzing
C
Users of a banking application may try to withdraw funds that don’t exist from their account. Developers are aware of this threat and implemented code to protect against it. What type of software testing would most likely catch this type of vulnerability if the developers have not already remediated it?
A. Misuse case testing
B. SQL injection testing
C. Fuzzing
D.Code review
A