1-50 Flashcards
Why would a security administrator use a vulnerability scanner? (Select the best answer.)
To find open ports on a server
You work for a company that requires a user’s credentials to include providing something they know and something they are. Which of the following types of authentication is being described?
Multi factor
Carolyn is the network administrator for a small financial services company and is responsible for controlling access to the resources on her network. Which technology is responsible for blocking access to a resource based on the requesting IP address?
ACL
Which of the following would be the BEST choice for the technicians?
Vulnerability scanner
Which of the following tools uses ICMP as its main underlying protocol?
Ping scanner
Which of the following is the final step a user needs to take before that user can access domain resources?
Authentication
Of the following, which is the best way for a person to find out what security holes exist on the network?
Perform a vulnerability assessment
Which of the following penetration testing concepts is being used when an attacker uses public Internet databases to enumerate and learn more about a target?
Reconnaissance
After using Nmap to do a port scan of your server, you find that several ports are open. Which of the following should you do next?
Examine the services and/or processes that use those ports.
Your company has hired an outside security firm to perform various tests on your network, specifically vulnerability scans. During this vulnerability scan, you provided the company with a set of usernames and passwords for various systems (database server, application server, web server) to assist in their scan. What best describes what is happening?
Credentialed scan
An advanced form of phishing in which the connection between the IP address and its target server is redirected
Pharming
Which of the following has cross-platform support and is used for remote access into a network?
RADIUS
Cheyenne is doing a penetration test for a client’s network and is currently gathering information from sources such as archive.org, netcraft.com, social media, and other information websites. What stage has just been described?
Passive reconnaissance
Of the following principles, which one can be used for a means of two(multi)-factor authentication?
IRIS SCAN AND PASSWORD
Shannon works for a security company that performs pen tests for clients. She’s currently conducting a test of an e-commerce company and discovers that after compromising the web server, she can use the web server to launch a second attack into the company’s internal network. What type of attack is this considered?
Pivot
A collection of information that defines or describes the user and his or her interests.
Profile
A network administrator wants to ensure that users do not connect any unauthorized devices to the company network. Each desk needs to connect a VoIP phone and computer. Which of the following is the BEST way to accomplish this?
Enforce authentication for network devices
The web server administrator at your e-commerce company is concerned about someone using netcat to connect to the company web server to retrieve detailed information. What best describes this concern?
Banner grabbing
Which authentication mechanism performs better in a secured environment?
TACACS+ because it encrypts client-server negotiation dialogues.
Derrick is a security administrator for a medium-sized mortgage company. He needs to verify that the network is using the most secure login/authentication scheme possible. Which of the following options is the best choice for that?
Multifactor authentication