7.1.4 Practice Questions Flashcards
Listen to exam instructions
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker’s assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?
answer
External assessment
Host-based assessment
Vulnerability assessment
Passive assessment
Vulnerability assessment
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items:
Inspecting physical security
Checking open ports on network devices and router configurations
Scanning for Trojans, spyware, viruses, and malware
Evaluating remote management processes
Determining flaws and patches on the internal network systems, devices, and servers
Which of the following assessment tests is being performed?
answer
Active assessment
Passive assessment
External assessment
Internal assessment
Internal assessment
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?
answer
Wireless network assessment
External assessment
Passive assessment
Host-based assessment
Host-based assessment
Listen to exam instructions
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?
answer
nmap -sC vulners -sV 10.10.10195
nmap –script nmap-vulners -sV 10.10.10.195
nmap -sC nmap-vulners -sV 10.10.10.195
nmap –script vulners -sV 10.10.10.195
nmap –script nmap-vulners -sV 10.10.10.195
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?
answer
Application flaws
Open services
Default settings
Buffer overflows
Application flaws
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?
answer
Vulnerability assessment
Vulnerability research
Vulnerability scanning
Vulnerability management
Vulnerability research
Listen to exam instructions
Which of the following best describes active scanning?
answer
A scanner allows the ethical hacker to scrutinize completed applications when the source code is unknown.
A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
A scanner tries to find vulnerabilities without directly interacting with the target network.
A scanner is limited to the moment in time that it is running and may not catch vulnerabilities that only occur at other times.
A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws.
Which of the following assessment types can monitor and alert on attacks but cannot stop them?
answer
External
Passive
Host-based
Vulnerability
Passive
