Chapter 4

Question 1

Ryan is conducting a penetration test and is targeting a database server. Which one of the following tools would best assist him in detecting vulnerabilities on that server?
A. Nessus
B. Nikto
C. SQLmap
D. OpenVAS

Answer 1

C. SQLmap

Question 2

Gary is conducting a black-box penetration test against an organization and is being
provided with the results of vulnerability scans that the organization already ran for use
in his tests. Which one of the following scans is most likely to provide him with helpful
information within the bounds of his test?
A. Stealth internal scan
B. Full internal scan
C. Stealth external scan
D. Full external scan

Answer 2

D. Full external scan

Question 3

What tool can white-box penetration testers use to help identify the systems present on a network prior to conducting vulnerability scans?
A. Asset inventory
B. Web application assessment
C. Router
D. DLP

Answer 3

A. Asset inventory

Question 3

Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?
A. Daily
B. Weekly
C. Monthly
D. Quarterly

Answer 3

D. Quarterly

Question 4

Which one of the following is not an example of a vulnerability scanning tool?
A. Qualys
B. Snort
C. Nessus
D. OpenVAS

Answer 4

B. Snort

Question 5

Which one of the following technologies, when used within an organization, is the least likely
to interfere with vulnerability scanning results achieved by external penetration testers?
A. Encryption
B. Firewall
C. Containerization
D. Intrusion prevention system

Answer 5

A. Encryption

Question 6

Renee is configuring her vulnerability management solution to perform credentialed scans of
servers on her network. What type of account should she provide to the scanner?
A. Domain administrator
B. Local administrator
C. Root
D. Read-only

Answer 6

D. Read-only

Question 7

Jason is writing a report about a potential security vulnerability in a software product and
wishes to use standardized product names to ensure that other security analysts understand
the report. Which SCAP component can Jason turn to for assistance?
A. CVSS
B. CVE
C. CPE
D. OVAL

Answer 7

C. CPE

Question 8

Ken is planning to conduct a vulnerability scan of an organization as part of a penetration
test. He is conducting a black-box test. When would it be appropriate to conduct an internal
scan of the network?
A. During the planning stage of the test
B. As soon as the contract is signed
C. After receiving permission from an administrator
D. After compromising an internal host

Answer 8

D. After compromising an internal host

Question 9

Which type of organization is the most likely to be impacted by a law requiring them to conduct vulnerability scans?
A. Bank
B. Hospital
C. Government agency
D. Doctor’s office

Answer 9

C. Government agency

Question 10

Which one of the following categories of systems is most likely to be disrupted during a vulnerability scan?
A. External web server
B. Internal web server
C. IoT device
D. Firewall

Answer 10

C. IoT device

Question 10

What term describes an organization’s willingness to tolerate risk in their computing
environment?
A. Risk landscape
B. Risk appetite
C. Risk level
D. Risk adaptation

Answer 10

B. Risk appetite

Question 11

Which one of the following factors is least likely to impact vulnerability scanning schedules?
A. Regulatory requirements
B. Technical constraints
C. Business constraints
D. Staff availability

Answer 11

D. Staff availability

Question 12

Adam is conducting a penetration test of an organization and is reviewing the source code of
an application for vulnerabilities. What type of code testing is Adam conducting?
A. Mutation testing
B. Static code analysis
C. Dynamic code analysis
D. Fuzzing

Answer 12

B. Static code analysis

Question 13

Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous
plug-ins. What would be the best approach for the initial scan?
A. Run the scan against production systems to achieve the most realistic results possible.
B. Run the scan during business hours.
C. Run the scan in a test environment.
D. Do not run the scan to avoid disrupting the business

Answer 13

C. Run the scan in a test environment.

Question 14

Which one of the following activities is not part of the vulnerability management life cycle?
A. Detection
B. Remediation
C. Reporting
D. Testing

Answer 14

C. Reporting

Question 15

What approach to vulnerability scanning incorporates information from agents running on
the target servers?
A. Continuous monitoring
B. Ongoing scanning
C. On-demand scanning
D. Alerting

Answer 15

A. Continuous monitoring

Question 16

Brian is seeking to determine the appropriate impact categorization for a federal information
system as he plans the vulnerability scanning controls for that system. After consulting
management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be
categorized?
A. Low impact
B. Moderate impact
C. High impact
D. Severe impact

Answer 16

B. Moderate impact

Question 17

Jessica is reading reports from vulnerability scans run by different parts of her organization
using different products. She is responsible for assigning remediation resources and is having
difficulty prioritizing issues from different sources. What SCAP component can help Jessica
with this task?
A. CVSS
B. CVE
C. CPE
D. XCCDF

Answer 17

A. CVSS

Question 17

Sarah is conducting a penetration test and discovers a critical vulnerability in an application.
What should she do next?
A. Report the vulnerability to the client’s IT manager.
B. Consult the SOW.
C. Report the vulnerability to the developer.
D. Exploit the vulnerability

Answer 17

B. Consult the SOW.