Chapter 15

Question 1

What provides an important mechanism for validating the ongoing effectiveness of security controls?

Answer 1

Security Assessment and Testing Program

Question 2

What uses automated tools to search for known vulnerabilities in systems, applications, and networks.

Answer 2

Vulnerability Assessments

Question 3

What takes the results of test inputs from penetration testing and vulnerability assessments and implements a risk management process.

Answer 3

Vulnerability Management

Question 4

What uses a peer review process to formally or informally validate code before deploying it in production?

Answer 4

Code Review

Question 5

What evaluates the security of software without running it by analyzing either the source code or compiled application.

Answer 5

Static Software Testing

Question 6

What évaluâtes the security of if software in a runtime environment and is often the only option for orgs deploying applications written by someone else.

Answer 6

Dynamic Software Testing

Question 7

What uses modified inputs to test software performance under unexpected circumstances.

Answer 7

Fuzzing

Question 8

What modifies known inputs to generate synthetic inputs that may trigger unexpected behavior.

Answer 8

Mutation Fuzzing

Question 9

What develops inputs based on models of expected inputs to perform the same task.

Answer 9

Generational Fuzzing

Question 10

What occurs when a third party performs an assessment of the security controls protecting an organization’s information assets.

Answer 10

Security Audits

Question 11

What are performed by an organization’s internal staff and are intended for management use.

Answer 11

Internal Audits

Question 12

What SOC engagement Assess the organization’s controls that might impact the accuracy of financial reporting.

Answer 12

SOC 1 Engagement

Question 13

What SOC engagement Assess the organization’s controls that affect the security (confidentiality, integrity, and availability) and privacy of information stored in a system.

Answer 13

SOC 2 Engagements

Question 14

What SOC engagement Assess the organization’s controls that affect the security (confidentiality, integrity, and availability) and privacy of information stored in a system. However, audit results are intended for public disclosure.

Answer 14

SOC 3 Engagement

Question 15

What report type focuses on the auditor’s opinion based on the description provided by management and the suitability of the design of the controls, and cover only a specific point in time.

Answer 15

Type I

Question 16

What report type focuses on auditor’s opinion on the operating effectiveness of the controls, and also an extended period of time such as 6 months.

Answer 16

Type II

Question 17

What describes a standard approach for setting up an information security management system, and goes into more detail on the specifics of information security controls.

Answer 17

ISO 27002

Question 18

What is common framework for conducting audits and assessments.

Answer 18

COBIT

Question 19

What are the components of SCAP most directly related to vulnerability assessment

Answer 19

CVE
CVSS
CCE
CPE
XCCDF
OVAL

Question 20

What provides a naming system for describing security vulnerabilities.

Answer 20

CVE

Question 21

What provides a standardized scoring system for describing the severity of security vulnerabilities.

Answer 21

CVSS

Question 22

What provides a naming system for system configuration issues.

Answer 22

CCE

Question 23

What provides a naming system for operating systems, applications, and devices.

Answer 23

CPE

Question 24

What provides a language for specifying security checklists.

Answer 24

XCCDF

Question 25

What provides a language for describing security testing procedures.

Answer 25

OVAL

Question 26

What provide a common language for describing and evaluating vulnerabilities and facilitates the automation of interactions between different security systems.

Answer 26

SCAP

Question 27

What automatically probe systems, applications, and networks, looking for weaknesses that may be exploited by an attacker.

Answer 27

Vulnerability Scans

Question 28

What are the four main categories of vulnerability scans?

Answer 28

Network discovery scans
Network vulnerability scans
Web application vulnerability scans
Database vulnerability scans

Question 29

What uses a variety of techniques to scan a range of IP addresses, searching for systems with open network ports.

Answer 29

Network discovery scans

Question 30

What scanners do not actually probe systems for vulnerabilities but provide a report showing the systems detected on a network and the list of ports that are exposed through the network and server firewalls.

Answer 30

Network discovery scans

Question 31

What are some common network discovery scan techniques?

Answer 31

TCP SYN Scanning
TCP Connect Scanning
TCP ACK Scanning
UDP Scanning
Xmas Scanning

Question 32

What scanning technique sends a packet with the FIN, PSH, and URG flags set.

Answer 32

Xmas

Question 33

What scanning technique performs a scan of the remote system using the UDP protocol, checking for active UDP services.

Answer 33

UDP Scan

Question 34

What scanning technique sends a packet with the ACK flag set, indicating that it is part of an open connection.

Answer 34

TCP ACK

Question 35

What scanning technique may be done in an attempt to determine the rules enforced by a firewall and the firewall methodology.

Answer 35

TCP ACK

Question 36

What scanning technique is used when the user running the scan does not have the necessary permissions to run a half-open scan.

Answer 36

TCP Connect

Question 37

What scanning technique sends a single packet to each scanned port with the SYN flag set.

Answer 37

TCP SYN

Question 38

What scans a system, it identifies the current state of each network port on the system. For ports where nmap detects a result, it provides the current status of that port.

Answer 38

Nmap

Question 39

What command lists all active network connections on a system as well as those ports that are open and awaiting new connections.

Answer 39

Netstat

Question 40

What approach is being done when a vulnerability scanner has read-only access to the servers being scanned and can use this access to read configuration information from the target system and use that information when analyzing vulnerability testing results.

Answer 40

Authenticated scans

Question 41

What is a commonly used open source database vulnerability scanner that allows security administrators to probe web applications for database vulnerabilities.

Answer 41

Sqlmap

Question 42

What are the four phases of penetration testing described by NIST?

Answer 42

Planning
Information Gathering and Discovery
Attack
Reporting

Question 43

What uses a scripting language to allow the automatic execution of common attacks, saving testers (and hackers!) quite a bit of time by eliminating many of the tedious, routine steps involved in executing an attack.

Answer 43

Metasploit Framework

Question 44

What are the six steps of the Fagan inspection ?

Answer 44

Planning
Overview
Preparation
Inspection
Rework
Follow up

Question 45

What evaluates the security of software without running it by analyzing either the source code or the compiled application ?

Answer 45

SAST

Question 46

What represents the use of web application scanning tools to detect the presence of cross-site scripting, SQL injection, or other flaws in web applications.

Answer 46

DAST

Question 47

What tool automates the process of mutation fuzzing by manipulating input according to user specifications.

Answer 47

Zzuf

Question 48

What is used to estimate the degree of testing conducted against the new software.

Answer 48

Test coverage analysis

Question 49

What logs provide records of the connections between systems and the amount of data transferred.

Answer 49

Netflow

Question 50

What are key performance and risk indicators that managers show check for in the org?

Answer 50

Number of open vulnerabilities

Time to resolve vulnerabilities

Vulnerability/defect recurrence

Number of compromised accounts

Number of software flaws detected in preproduction scanning

Repeat audit findings

User attempts to visit known malicious sites