Chapter 15 Security Assessment and Testing Flashcards

1
Q

What are techniques to identify open ports on

remote systems.

A

TCP SYN Scanning, TCP Connect Scanning, TCP ACK Scanning, Xmas Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What scanning technique is also known as “half-open” scanning.

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP SYN Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What scanning technique sends a packet with the ACK flag set, indicating that it is part of an open connection ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP ACK Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What scanning technique Sends a packet with the FIN, PSH, and URG flags set ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

Xmas Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What scanning technique opens a full connection to the remote system on the specified port ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP Connect Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What scanning technique is used when the user running the scan does not have the necessary
permissions to run a half-open scan ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

A

TCP Connect Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the most common tool used for network discovery scanning ?

Nessus
Metasploit
nmap

A

nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which state of a network port occurs when the port is open on the remote system and there is an application that is actively accepting connections on that port ?.

Open
Closed
Filtered

A

Open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which state of a network port occurs when the port is accessible on the remote system, meaning that the firewall is allowing access, but there is no application accepting connections on that port ?

Open
Closed
Filtered

A

Closed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which state of a network port occurs when Nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt ?

Open
Closed
Filtered

A

Filtered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is it called when the scanner has read-only access to the servers being scanned and can use this access to read configuration information from the target system and use that information when
analyzing vulnerability testing results ?

A

authenticated scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What protocol runs on port 21 ?

A

FTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What protocol runs on port 22

A

SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What protocol runs on port 23

A

Telnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What protocol runs on port 25

A

SMTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What protocol runs on port 53

A

DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What protocol runs on port 80

A

HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What protocol runs on port 110

A

POP3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What protocol runs on port 123

20
Q

What protocol runs on port 1433

A

Microsoft SQL Server

21
Q

What protocol runs on port 1521

22
Q

What protocol runs on port 1720

23
Q

What protocol runs on port 1723

24
Q

What protocol runs on port 3389

25
What are special-purpose tools that scour web applications for known vulnerabilities called ?
Web vulnerability scanners
26
What is the difference between penetration test and Vulnerability scans ?
Penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Vulnerability scans merely probe for the presence of a vulnerability and do not normally take offensive action against the targeted system.
27
What type of test Provides the attackers with detailed information about the systems they target ?
White Box Penetration Test
28
What type of test does not provide attackers with any information prior to the attack ?
Black Box Penetration Test
29
What are the steps of the Fagan inspections ?
1. Planning 2. Overview 3. Preparation 4. Inspection 5. Rework 6. Follow-up
30
What technique evaluates the security of software without running it by analyzing either the source code or the compiled application ? .
Static testing
31
What technique usually involves the use of | automated tools designed to detect common software flaws, such as buffer overflows ?
Static testing
32
What technique is used when testers do not have access to the underlying source code.
Dynamic testing
33
What technique evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.
Dynamic testing
34
Scripted transactions with known expected results are called what ?
synthetic transactions
35
A specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws is called what ?
Fuzz testing
36
Taking previous input values from actual operation of the software and manipulating (or mutates) it to create fuzzed input is called what ? Mutation Fuzzing Generational (Intelligent) Fuzzing
Mutation Fuzzing
37
What type of fuzz testing develops data models and creates new fuzzed input based on an understanding of the types of data used by the program ? Mutation Fuzzing Generational (Intelligent) Fuzzing
Generational (Intelligent) Fuzzing
38
What tool automates the process of mutation fuzzing by manipulating input according to user specifications ?
The "zzuf" tool
39
What type of interface offers a standardized way for code modules to interact and may be exposed to the outside world through web services.
Application Programming Interfaces (APIs)
40
What type of interface manipulate machinery, logic | controllers, or other objects in the physical world ?
Physical Interfaces
41
What scan contain databases of thousands of known vulnerabilities, along with tests they can perform to identify whether a system is susceptible to each vulnerability in the system’s database.
Network vulnerability scans
42
When ____ scans a system, it identifies the current state of each network port on the system nmap Metasploit Nessus
nmap
43
The ______ goes beyond vulnerability testing techniques because it actually attempts to exploit systems
penetration test
44
Penetration testers commonly use a tool called _____ to automatically execute exploits against targeted systems.. nmap Metasploit Nessus
Metasploit
45
Sends a single packet to each scanned port with the SYN flag set. TCP Connect Scanning Xmas Scanning TCP ACK Scanning TCP SYN Scanning
TCP SYN Scanning
46
Three types of interfaces should be tested during the software testing process:
Application Programming Interfaces, User Interfaces, Physical Interfaces