Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CyberSecurity > Chapter 15 Security Assessment and Testing > Flashcards

Chapter 15 Security Assessment and Testing Flashcards

1
Q

What are techniques to identify open ports on

remote systems.

A

TCP SYN Scanning, TCP Connect Scanning, TCP ACK Scanning, Xmas Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What scanning technique is also known as “half-open” scanning.

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP SYN Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What scanning technique sends a packet with the ACK flag set, indicating that it is part of an open connection ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP ACK Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What scanning technique Sends a packet with the FIN, PSH, and URG flags set ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

Xmas Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What scanning technique opens a full connection to the remote system on the specified port ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP Connect Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What scanning technique is used when the user running the scan does not have the necessary
permissions to run a half-open scan ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP Connect Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the most common tool used for network discovery scanning ?

Nessus
Metasploit
nmap

A

nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which state of a network port occurs when the port is open on the remote system and there is an application that is actively accepting connections on that port ?.

Open
Closed
Filtered

A

Open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which state of a network port occurs when the port is accessible on the remote system, meaning that the firewall is allowing access, but there is no application accepting connections on that port ?

Open
Closed
Filtered

A

Closed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which state of a network port occurs when Nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt ?

Open
Closed
Filtered

A

Filtered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is it called when the scanner has read-only access to the servers being scanned and can use this access to read configuration information from the target system and use that information when
analyzing vulnerability testing results ?

A

authenticated scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What protocol runs on port 21 ?

A

FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What protocol runs on port 22

A

SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What protocol runs on port 23

A

Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What protocol runs on port 25

A

SMTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What protocol runs on port 53

A

DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What protocol runs on port 80

A

HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What protocol runs on port 110

A

POP3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What protocol runs on port 123

A

NTP

20
Q

What protocol runs on port 1433

A

Microsoft SQL Server

21
Q

What protocol runs on port 1521

A

Oracle

22
Q

What protocol runs on port 1720

A

H.323

23
Q

What protocol runs on port 1723

A

PPTP

24
Q

What protocol runs on port 3389

A

RDP

25
Q

What are special-purpose tools that scour web applications for known vulnerabilities called ?

A

Web vulnerability scanners

26
Q

What is the difference between penetration test and Vulnerability scans ?

A

Penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Vulnerability scans merely probe for the presence of a vulnerability and do not normally take offensive action against the targeted system.

27
Q

What type of test Provides the attackers with detailed information about the systems they target ?

A

White Box Penetration Test

28
Q

What type of test does not provide attackers with any information prior to the attack ?

A

Black Box Penetration Test

29
Q

What are the steps of the Fagan inspections ?

A
  1. Planning
  2. Overview
  3. Preparation
  4. Inspection
  5. Rework
  6. Follow-up
30
Q

What technique evaluates the security of software without running it by analyzing either the
source code or the compiled application ? .

A

Static testing

31
Q

What technique usually involves the use of

automated tools designed to detect common software flaws, such as buffer overflows ?

A

Static testing

32
Q

What technique is used when testers do not have access to the underlying source code.

A

Dynamic testing

33
Q

What technique evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.

A

Dynamic testing

34
Q

Scripted transactions with known expected results are called what ?

A

synthetic transactions

35
Q

A specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws is called what ?

A

Fuzz testing

36
Q

Taking previous input values from actual operation of the software and manipulating (or mutates) it to create fuzzed input is called what ?

Mutation Fuzzing
Generational (Intelligent) Fuzzing

A

Mutation Fuzzing

37
Q

What type of fuzz testing develops data models and creates new fuzzed input based on an understanding of the types of data used by the program ?

Mutation Fuzzing
Generational (Intelligent) Fuzzing

A

Generational (Intelligent) Fuzzing

38
Q

What tool automates the process of mutation fuzzing by manipulating input according to user specifications ?

A

The “zzuf” tool

39
Q

What type of interface offers a standardized way for code modules to interact and may be exposed to the outside world through web services.

A

Application Programming Interfaces (APIs)

40
Q

What type of interface manipulate machinery, logic

controllers, or other objects in the physical world ?

A

Physical Interfaces

41
Q

What scan contain databases of thousands of known
vulnerabilities, along with tests they can perform to identify whether a system is susceptible
to each vulnerability in the system’s database.

A

Network vulnerability scans

42
Q

When ____ scans a system, it identifies the current state of each network port on the
system

nmap
Metasploit
Nessus

A

nmap

43
Q

The ______ goes beyond vulnerability testing techniques because it actually attempts
to exploit systems

A

penetration test

44
Q

Penetration testers commonly use a tool called _____ to automatically execute exploits against targeted systems..

nmap
Metasploit
Nessus

A

Metasploit

45
Q

Sends a single packet to each scanned port with the SYN flag set.

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP SYN Scanning

46
Q

Three types of interfaces should be tested during the software testing process:

A

Application Programming Interfaces, User Interfaces, Physical Interfaces

CyberSecurity (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions