CISSP PRACTICE TESTS Chapter 6 ▪ Security Assessment and Testing ( Domain 6)
23. During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely runningon those ports? A. SSH and FTP B. FTP and Telnet C. SMTP and Telnet D. POP3 and SMTP
B. FTP and Telnet
21. What technology should an organization use for each of the devices shown in the diagram to ensure that logs can be time sequenced across the entire infrastructure? A. Syslog B. NTP C. Logsync D. SNAP
B. NTP
49. Misconfiguration, logical and functional flaws, and poor programming practices are all causes of what type of issue? A. Fuzzing B. Security vulnerabilities C. Buffer overflows D. Race conditions
B. Security vulnerabilities
27. What type of monitoring uses simulated traffic to a website to monitor performance? A. Log analysis B. Synthetic monitoring C. Passive monitoring D. Simulated transaction analysis
B. Synthetic monitoring
5. Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use? A. A black box B. A brute-force tool C. A fuzzer D. A static analysis tool
C. A fuzzer
65. As part of their code coverage testing, Susan's team runs the analysis in a nonproduction environment using logging and tracing tools. Which of the following types of code issues is most likely to be missed during testing due to this change in the operating environment? A. Improper bounds checking B. Input validation C. A race condition D. Piointer maniplation
C. A race condition
40. What major difference separates synthetic and passive monitoring? A. Synthetic monitoring only works after problems have occurred. B. Passive monitoring cannot detect functionality issues. C. Passive monitoring only works after problems have occurred. D. Synthetic monitoring cannot detect functionally issues.
C. Passive monitoring only works after problems have occurred.
34. STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege, is useful in what part of application threat modeling? A. Vulnerability assessment B. Misuse case testing C. Threat categorization D. Penetration test planning
C. Threat categorization
46. What does using unique user IDs for all users provide when reviewing logs? A. Confidentiality B. Integrity C. Availability D. Accountability
D. Accountability
87. Ben's manger expresses concern about the coverage of his scan. Why might his mananger have this concern? A. Ben did not test UDP services. B. Ben did not discover ports outside the "wel-know ports." C. Ben did not perform OS fingerprinting. D. Ben tested only a limited number of ports.
D. Ben tested only a limited number of ports.
92. What international framework was SSAE-16 based on? A. ISO27001 B. SAS70 C. SOX D. ISAE 3402
D. ISAE 3402
37. What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes? A. Nonregression testing B. Evolution testing C. Smoke testing D. Regression testing
D. Regression testing
4. What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices? A. Syslog B. Netlog C. Eventlog D. Remote Log Protocol (RLP)
A. Syslog
1. During a port scan, Susan discovers a system running services on TCP and UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine? A. A Linux email server B. A Windows SQL server C. A Linux file server D. A Windows workstation
B. A Windows SQL server
6. Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools will meet her requirements and allow vulnerability scanning? A. Namp B. OpenVAS C. MBSA D. Nessus
B. OpenVAS
31. What passive monitoring technique records all user interaction with an application or website to ensure quality and performance? A. Client/serve testing B. Real user monitoring C. Synthetic user monitoring D. Passive user recording
B. Real user monitoring
72. Which of the. following is not a method of synthetic transaction monitoring? A. Database monitoring B. Traffic capture and analysis C. User session monitoring D. Website performance monitoring
C. User session monitoring
22. During a penetration test, Danielle needs to identify systems, but she hasn't gained sufficient access on the system she is using to generate raw packets. What type of scan should she run to verify the most open services? A. A TCP connect scan B. A TCP SYN scan C. A UPD scan D. An ICMP scan
A. A TCP connect scan
45. As part of his role as a security manage, Jacob provides the following chart to his organization's management team. What type of measurement is he providing for them? Refer to page 125 in the book. A. A coverage rate measure B. A key performance indicator C. A time to live metric D. A business. criticality indicator
B. A key performance indicator
8. Jim has been contracted to perform a penetration test of a bank's primary branch. In order to make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform? A. A crystal box penetration test B. A gray box penetration test C. A black box penetration test D. A white box penetration test
C .A black box penetration test
75. Jim has contracted with a software testing organization that uses automated testing tools to validate software. He is concerned that may not completely test all statements in his software. What measurement should he ask for in their report to provide information about this? A. A use case count B. A test coverage report C. A code coverage report D. A code review report
C. A code coverage report
84. Which term describes an evaluation of effectiveness of security controls performed by a third party? A. A security assessment B. A penetration test C. A security audit D. A security test
C. A security audit
29. Jim uses a tool that scans a system for available services, then connects to them to collect banner information to determine what verision of service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information,and similar details it gathers combined with CVE information. What type of tool is Jim using? A. A port scanner B. A service validator C. A vulnerability scanner D. A patch mansagement tool
C. A vulnerability scanner
12. Which type of SOC report is best suited to provide assurance to users about an organization's security, availability, and the integrity of their service operation? A. An SOC 1 Type 2 report B. An SOC 2 report C. An SOC 3 report D. An SOC 1 Type 1 report
C. An SOC 3 report
62. Which of the following types of code review is not typically performed by a human? A. Software inspections B. Code review C. Static program analysis D. Software walkthroughs
C. Stactic program analysis
95. What type of vulnerabilities will not be found by a vulnerability scanner? A. Local vulnerabilities B. Service vulnerabilities C. Zero-day vulnerabilities D. Vulnerabilities that require authentication
C. Zero-day vulnerabilities
24. saria's team is working to persuade their management that their network has extensive vulnerabilities that attackers could expoit. If she wants to conduct a realistic attack as partof a penetration test, what type of penetration test should she conduct? A. Crystal box B. Gray box C. White box D. Black box
D. Black box
36. During a penetration test, Lauren is asked to test the organization's Bluetooth security. Which of the following is not a concern she should explain to her employers? A. Bluetooth scanning can be time consuming. B. Many devices that may be scanned are likely to be personal devices. C. Bluetooth passive scans may require multiple visits at different times to identify all targets. D. Bluetooth active scans can't evaluate the security mode of Bluetooth devices.
D. Bluetooth active scans can't evaluate the security mode of Bluetooth devices.
68. Danielle wants to compare vulnerabilities she has discovered in her data center based on how exploitable they are, if exploit code exists, as well as how hard they are to re mediate. What scoring system should she use to compare vulnerability metrics like these? A. CSV B.NVD C. VSS D. CVSS
D. CVSS
52. In this image, what issue may occur due to the log handling settings? Refer to page 127 in the book. A. Log data may be lost when the log is archived. B. Log data may be overwritten. C. Log data may not include needed information. D. Log data may fill the system disk.
D. Log data may fill the system disk.
25. What method is commonly used to assess how well software testing covered the potential uses of a an sapplication? A. A test coverage analysis B. A source cofe review C. A fuzz analysis D. A code review report
A. A test coverage analysis
Susan is the lead of a Quality Assurance team at her company. They have been tasked with the testing for a major release of their company's core sofeware product. Use knowledge of code review and testing to answer the following three questions. 63. Susan's team of software testers are required to test every code path, including those that will only be used when an error condition occurs. What type of testing environment does her team need to ensure complete code coverage? A. White box B. Gray box C. Black box D. Dynamic
A. White box
54. Which NIST special publication covers the assessment of security and privacy control? A. 800-12 B. 800-53A C. 800-34 D. 800-86
B. 800-53A
61. Lauren's team conducts regression testing on each patch that they release. What key performance measure should they maintain to measur the effectiveness of their ttesting? A. Time to remediate vulnerabilities B. A measure of the rate of defect recurrence C. A weighted risk trend D. A measure of the specific coverage of their testing
B. A measure of the rate of defect recurrence
67. Kathleen is reviewing the code for application. She first plans the review, conducts an overview session with the reviews and assigns roles, and then works wwith the reviewers too review materials and prepare for their roles. Next, she intends to review the code, rework it, and ensure that all defects found haave been corrected. What type of review is Kathleen conducting? A. A dynamic test B. Fagan inspection C. Fuzzing D. A Roth-Parker review
B. Fagan inspection
44. What four types of coverage criteria are commonly used when validating the work of a code testing suite? A. Input , statement, branch, and condition coverage B. Function, statement, branch, and condition coverage C. API, branch, bounds, and condition coverage D. Bounds, branch, loop, and condition coverage
B. Function, statement, branch, and condition coverage
57. Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used? A. Syystem will be scanned for vulnerabilities. B. Systems will have known vulnerabilities eexploited. C. Services will be probed for buffer overflow and other unknown flaws. D. Systems will be tested for zero-day exploits.
B. Systems will have know vulnerabilities exploited.
59. Jim's is helping his organization decide on audit standsrds for uss throughout their international organization. Which of the following is not an IT standard that jim's organizationis likely to use as part of its audits? A. COBIT B. SSAE-16 C. ITIL D. ISO27002
C. ITIL
28. Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner? A. Path disclosure B. Local file inclusion C. Race condition D. Buffer overflow
C. Race condition
48. What protocol is used to handle vulnerability management data? A. VML B. SVML C. SCAP D. VSCAP
C. SCAP
56. Lauren is performing a review of a third- party service organization and wants to determine if the organization's policies and procedures are effectively enforced over a period of time. What type of industry standard assessment report should she request? A. SSAE 16 SOC 1 Type I B. SAS 70 Type I C. SSAE 16 SOC 1 Type II D. SAS 70 Type II
C. SSAE 16 SOC 1 Type II
2. Which of the following is a method used to design new software tests and to ensure the quality of tests? A. Code auditing B. Static code analysis C. Regression testing D. Mutation testing
D. Mutation testing
66. What step should occur after a vulnerability scan finds a critical vulnerability on a system? A. Patching B. Reporting C. Remediation D. Validation
D. Validation
94. Nmap is an example of what type of tool? A. Vulnerability scanner B. a web application fuzzer C. Network design and layout D. Port scanner
D.Port scanner
64. As part of the continued testing of their new application, Susan's quality assurance team has designed a set of test cases for a series of black box tests. These functional tests are then runs, and a report is prepared explaining what has occurred. What type of report is typically generated during this testing to indicate metrics? A. A test coverage report B. A penetration test report C. A code coverage report D. A line coverage report
A. A test coverage report
9. As part of a penetration test, Alex needs to determine if there are web servers that could suffer from the 2014 Heartbleed bug. What type of tool could he use, and what should he check to verify that the tool can identify the probllem? A. A vulnerability scanner, to see whether the scanner has a signature or test for the Heartbleed CVE number B. A port scanner, to see whether the vulnerability scanner properly identifies SSL connections C. A vulnerability scanner, to see whether the vulnerability scanner detects problems with the Apache web server D. A port scanner, to see whether the port scanner supports TLS connections
A. A vulnerability scanner, to see whether the scanner has a signature or test for the Heartbleed CVE number
78. What type of vulnerability scan accesses configuration from the systems is it run against as well as information that can be accessed via services available via the network? A. Authenticated scans B. Web application scans C. Unauthenticated scans D. Port scans
A. Authenticated scans
74. Jim is designing his oranization's log management systems and know that he needs to carefully plan to handle the organization's log data. Which of the following is not a factor that Jim should be concerned with? A. The volume of log data B. A lack of sufficient log sources C. Data storage security requirements D. Network bandwidth
B. A lack of sufficient log sources
7. NIST Special Publication 800-53A describes four major types of assessment objects that can be used to identify items being assessed. If the assessment covers IPS devices, which of the types of assessment objects is being assessed? A. A specification B. A mechanism C. An activity D. An individual
B. A mechanism
100. Which of the following is not a typical part of a penetration test report? A. A list of identified vulnerabilities B. All sensitive data that was gathered during the test C. Risk ratings for each issue discovered D. Mitigation guidance for issues identified
B. All sensitive data that was gathered during the test
32. Earlier this year, the information security team at Jim's employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to flag the system as vulnerable even though Jim is sure the patch is installed. Which of the following options is Jim's best choice to deal with the issue? A. Uninstall and reinstall the patch. B. Ask the information security team to flag the system as patched and not vulnerable. C. Update the version information in the web server's configuration. D. Review the vulnerability report and use alternate remediation instructions if they are provided.
B. Ask the information security team to flag the system as patched and not vulnerable.
14. Which of the following is not a potential problem with active wireless scanning? A. Accidently scanning apparent rogue devices that actually belong to guests B. Causing alarms on the organization's wierless IPS C. Scanning devices that belongs to nearby organizations D. Misidentifying rogue devices
B. Causing alarms on the organization's wireless IPS
16. Saria wants to log and review traffic information between parts of her network. What type of network logging should she enable on her routers to allow her to perform this analysis? A. Audit logging B. Flow logging C. Trace logging D. Route logging
B. Flow logging
83. Which of the following is not an issue when using fuzzing to find program faults? A. They often find only simple faults. B. Fuzz testing bugs are often servere. C. Fuzzers may not fully cover the code. D. Fuzzers can't repoduce errors.
B. Fuzz testing bugs are often severe.
99. NIST specifies four attack phase steps: gaining acess, escalating privileges, system browsing, and installing additional tools. Once attackers install additional tools, what phase will a penetration tester typically return to? A. Discovery B. Gaining access C. Escalating privileges D. System browsing
B. Gaining access
41. Chris uses the standard penetration testing methodology shown here. Use this methodology and your knowledge of penetration testing to answer the following questions about tool usage during a penetration test. Refer to page in 124 in book. What task is the most important during Phase 1, Planning? A. Building a testlab B. Getting authorization C. Gathering appropriate tools D. Determining if the test is white, black, or gray box
B. Getting authorization
69. During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering? A. Web servers B. File servers C. Wireless access points D. Printers
D. Printers
60. Which of the following best describes a typical process for building and implementing an Information Seecurity Continuous Mnitoring program as described by NIST Special Publicatiion 800-137? A. Define, establish, implement, analyze and report, respond, review,, and update B. Desgin, build, operate, anaalyze, respond, review, revise C. PRepare, deeteect and analyze, contain, respond, recover,, report D. Define, design, build, monitor,, analyze, react, revise
A. Define, establish, implement, analyze and report, respond, review, and update
35.What should passive scanning be conducted in addition to implementing wireless security technologies like wireless intrusion detection system? A. It can help identify rogue devices. B. It can test the securityof the wireless network via scripted attacks. C. Their short dwell time on each wireless channel can allow them to capture more packets. D. They can help test wireless IDS or IPS systems.
A. It can help identify rogue devices.
82. Which NIST document covers the creation of an Information Security Continuous Monitoring (ISCM)? A. NIST SP 800-137 B. NIST SP 800-53a C. NIST SP 800-145 D. NIST SP 800-50
A. NIST SP 800-137
70. Nikto, Burp Suite, and Wapiti are all examples of what type of tool? A. Web application vulnerability scanners B. Code review tools C. Vulnerability scanners D. Port scanners
A. Web application vulnerability scanners
43. Which of these concerns is the most import ant to address during planning to ensure the reporting phase does not cause problems? A. Which CVE format to use B. How the vulnerability data will be stored and sent C. Which targets are off limits D. How long the reportshould be
B. How the vulnerability data will be stored and sent
18. Karen's oranganization has been performing system backups for years but has not used the backups frequently. During a recent system outage, when administrators tried to restore from backups they found that the backups had errors and could not be restored. Which of the following options should Karen avoid when selecting ways to ensure that her organization's backups will work next time? A. Log review B. MTD verification C. Hashing D. Periodic testing
B. MTD verification
30. Emily builds a script that sends data to a web application that she is testing. Each time the script runs, it sends a series of transactions with data that fits the expected requirements of the web application to verify that it responds to typical customer behavior. What type of transactions is she using, and what type of test is this? A. Synthetic, passive monitoring B. Synthetics, use case testing C. Actual, dynamic monitoring D. Actual, fuzzing
B. Synthetic, use case testing
47. Which of the following is not an interface that is typically tested during the software testing process? A. APIs B. Network interfaces C. UIs D. Physical interfaces
B. Network interfaces
3. During a port scan, Lauren found TCP port 443 open on a system. Which tool is best suited to scanning the service that is most likely running on that oort? A. zzuf B. Nikto C. Metasoloit D. sqlmap
B. Nikto
71. During an nmap scan, what three porential statuses are provided for a port? A. Open, unknown, closed B. Open, closed, and filtered C. Available, denied, unknown D. Available, unavailable, filtered
B. Open, closed, and filtered
Ben's organization has began to use STRIDE to assess their software, and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified. Use the STRIDE model to answer the following three questions. 79. Ben's development team needs to address an authorization issue, resulting in an elevation of privledge threat. Which of the following controls is most appropriate to this type of issue? A. Auditing and lodding is enabled. B. RBAC is used for specific operations. C. Data type and format check are enabled. D. Ussr input is tested against a whitelist.
B. RBAC is used for specific operations.
11. During a wireless network penetration tests, Susan runs aircrack-ng against the network using a password file. What might couse her to fail in her paasword-cracking efforts? A. Use of WPA2 encryption B. Running WPA2 in Enterprise mode C. Use of WEP encryption D. Running WPA2 in PSK mode
B. Running WPA2 in Enterprise mode
Questions 19, 20, and 21 refer to the following scenario. The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. Use this diagram and your knowledge of logging systems to answer the following questions. Refer to page 119 in the book. 19. Jennifer needs to ensure that all Windows systems provide identical logging information to the SIEM. How can she best ensure that all Windows desktops have the same log settings? A. Perform periodic configuration audits. B. Use Group Policy. C. Use Local Policy. D. Deploy a Windows syslog client.
B. Use Group Policy.
20. During normal operations, Jennifer's team uses the SEM appliance to monitor for exceptions recieved via syslog. What system shown des not natively have support for syslog events? A. Enterprise wireless access points B. Windows desktop systems C. Linux web servers D. Enterprise firewall devices
B. Window desktop systems
33. Angela wants to test a web browser's handling of unexpected data using an automated tool. What should she choose? A. Nmap B. zzuf C. Nessus D. Nikto
B. zzuf
86. Based on the scan results, what OS was the system that was scanned most likely running? A. Windows Desktop B. Linux C. Network device D. Windows Server
B.Linux
10. In a response to a Request for Proposal, Susan recieves a SAS-70 Type 1 report. If she wants a report that includes operating effectiveness detail, what should Susan ask for as followup and why? A. An SAS-70 Type II, because Type 1 only covers a single point in time. B. An SOC Type 1, because Type II does not cover operating effectiveness C. An SOC Type 2, because Type 1 does not cover operating effectiveness D. An SAC-70 Type 3, because Type 1 and 2 are outdated and no longer accepted
C. An SOC Type 2, because Type 1 does not cover operating effectiveness
93. During a penetrtion test of her organization, Kathleen's IPS detects a port scan that has the URG, FIN, and PSH flags set and produces an alarm. What type of scan is the penetration tester attempting? A. A SYN scan B. A TCP flag scan C. An Xmas scan D. An ACK SCAN
C. An Xmas scan
53. Which of the following is not a hazard associated with penetration testing? A. Application crashes B. Denial of service C. Exploitation of vulnerabilities D. Data corruption
C. Exploitation of vulnerabilities
81. Ben wants to prevents or detect tampering with data. Which of the following is not an appropriate solution? A. Hashes B.Digital signatures C.Filtering D. Authorization controls
C. Filtering
15. Ben uses a fuzzing tool that develops data models and creates fuzzed data based on information about how the application uses data to test the application. What type of fuzzing is Ben doing? A. Mutation B. Parametric C. Generational D. Derivative
C. Generational
91.What is the first step that should occur before a penetration test performed? A. Data gathering B. Port scanning C. Getting permission D. Planning
C. Getting permission
39. Susanneeds to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this? A. Perform yearly risk assessments B. Hire a penetration testing company to regularly test organizational security. C. Identify and track key risk indicators. D. Monitor logs and events using a SIEM device.
C. Identify and track key risk indicators.
During a port scan, Ben uses nmap's default settings and sees the following results. Use this information to answer the folliwing three questions. Nmap scan report for 192.168.184.130 Host is up ( 1.0s latency). Not shown: 977 closed ports POST STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open ingreslock 2049/tcp open nfts 2121/tcp open ccproxy- ftpp 3306/tcp open mysql 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 8009/tcp open ajp13 8180/tcp open unknown Nmap done: 1 IP address ( 1 host up) scanned in 54.69 seconds 85. If Ben is conducting a penetration test, what should his next step be after receiving these results? A. Connect to web server using a web browser. B. Connect via Telnet to test for vulnerable accounts. C. Identify interesting ports for further scanning. D. Use sqlmap against the open databases.
C. Identify interesting ports for further scanning.
77. During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a. m. daily, but that she was recorded as logging into her department's main web applicationvshortly after 3 a. m. daily. What common loggings issue has Alex likely encountered? A. Inconsistent log formatting B. Modified logs C. Inconsistent timestamps D. Multiple log sources
C. Inconsistent timestamps
76. When a Windows system is rebooted, what type of log is generated? A. Error B. Warning C. Information D. Failure audit
C. Information
13. What type of testing is used to ensure that separately developed software modules properly exchange data? A. Fuzzing B. Dynamic testing C. Interface testing D. API checksums
C. Interface testing
89. Saria needs to write a requests for proposal for code review and wants to ensure that the reviewers take the business logic behind her organization's applications into account. What type of code review should she specify in the. RFP? A. Static B. Fuzzing C. Manual D. Dynamic
C. Manual
90. What type of diagram used in application threat modeling includes malicious users as well as descriptions like mitigates and threatens? A. Threat trees B. STRIDE chats C. Misuse case diagrams D. DREAD diagrams
C. Misuse case diagram
26. Testing that is focused on functions that a system should not allow are an example of what type of testing? A. Use case testing B. Manual testing C. Misuse case testing D. Dynamic testing
C. Misuse case testing
42. Which of the following tools is most likely to be used during discovery? A Nessus B. john C. Nmap D. Nikto
C. Nmap
51.During a penetration test Saria calls her target's help desk claiming to be the senior assistant to an officer of the company. She requests that the help desk reset the officer's password because of an issue with his laptop while traveling and persuades them to do so. What type of attack has she successfully completed? A. Zero knowledge B. Help desk spoofing C. Social engineering D. Black box
C. Social engineering
88. What technique relies on reviewing code without running it? A. Fuzzing B. Black box analysis C. Static analysis D. Gary box analysis
C. Static analysis
55. What type of port scanning is known as "half open" scanning? A. TCP Connect B. TCP ACK C. TCP SYN D. Xmas
C. TCP SYN
58. During a third-party audit, zjim's company recieves a finding that staates, "The administrator should review backup success and failure logs on a daily basis, and take action in a timeely manner to resolve reported exceptions. " What is the biggest issue that is likely to result if Jim's IT staff need to restore from a backup? A. They will not know if the backups succeeded or failed. B. The backups may not be properly logged. C. Tthe backups may not be usable. D. The backup logs may not be properly reviewed.
C. The backups may not be usable.
50. Which of the folloeing strategies should not be used to handle a vulnerability identified by a vulnerability scanner? A. Install a patch. B. Use a workaround fix. C. Update the banner or version number. D. Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.
C. Update the banner or version number.
96. MITRE's CVE database provides what type of information? A. Current verions of software B. Patching information for applications C. Vulnerability information D. A list of costs verus effort required for common processes
C. Vulnerability information
97. A zero-day vulnerability is announced for the popular Apache web serve in the middle of a workday. In Jacob's role as an information security analysts, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob's best route to quickly identify vulnerable systems? A. Immediately run Nessus against all of the servers to identify which systms are vulnerable. B. Review the CVE database to find the vulnerability information and patch information. C. Create a custom IDS or IPS signature. D. Identify affected versions and check systems for that verison number using an automated scanner.
D. Identify affected versions and check systems for that version number using an automated scanner.
73. Susan needs to ensure that the interactions between the components of her e-coommerce application are all handled properly. She intends to verify communications, error handling, and session management capabilities throughout her infrastructure. What type of testing is she planning to conduct? A. Misuse case testing B. Fuzzing C. Regression testing D. Interface testing
D. Interface testing
NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, provides NIST's process for penetration testing. Using this image as well as your knowledge of penetration testing, answer the following questions. Planning Reporting....... Information Gathering and Discovery Exploitation....Vulnerability Scanning 98. Which of the following is not a part of the discovery phase? A. Hostname and IP address information gathering B. Service information capture C. Dumpster diving D. Privilege escalation
D. Privilege escalation
80. Ben's team is attempting to categorize a transaction identification issue that iscaused by use of a symmetric key shared by multiple servers. What STRIDE category should this fall into? A. Information disclosure B. Denial of service C. Tampering D. Repudiation
D. Repudiation
17. Jim has been contractedto conduct a gray box penetration test, and his clients have provided him with the following information about their networks so that he can scan them. Data center: 10.10.10.0/24 Sales: 10.10.11.0/24 Billing; 10.10.12.0/24 Wireless: 192.168.0.0/16 What problem will Jim encounter if he is contracted to conduct a scan from offsite? A. The IP ranges are too large to scan efficiently. B. The IP addresses provided cannot be scanned. C.The IP ranges overlap and will cause scanning issues. D. The IP addresses provided are RFC 1918 addresses
D. The IP addressses provided are RFC 1918 addresses.
38. Which of the tools cannot identify a target's operating system for a penetration tester? A. Nmap B. Nessus C. Nikto D. sqlmap
D. sqlmap