Chapter 15 Security Assessment and Testing Flashcards
What are techniques to identify open ports on
remote systems.
TCP SYN Scanning, TCP Connect Scanning, TCP ACK Scanning, Xmas Scanning
What scanning technique is also known as “half-open” scanning.
TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning
TCP SYN Scanning
What scanning technique sends a packet with the ACK flag set, indicating that it is part of an open connection ?
TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning
TCP ACK Scanning
What scanning technique Sends a packet with the FIN, PSH, and URG flags set ?
TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning
Xmas Scanning
What scanning technique opens a full connection to the remote system on the specified port ?
TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning
TCP Connect Scanning
What scanning technique is used when the user running the scan does not have the necessary
permissions to run a half-open scan ?
TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning
TCP Connect Scanning
What is the most common tool used for network discovery scanning ?
Nessus
Metasploit
nmap
nmap
Which state of a network port occurs when the port is open on the remote system and there is an application that is actively accepting connections on that port ?.
Open
Closed
Filtered
Open
Which state of a network port occurs when the port is accessible on the remote system, meaning that the firewall is allowing access, but there is no application accepting connections on that port ?
Open
Closed
Filtered
Closed
Which state of a network port occurs when Nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt ?
Open
Closed
Filtered
Filtered
What is it called when the scanner has read-only access to the servers being scanned and can use this access to read configuration information from the target system and use that information when
analyzing vulnerability testing results ?
authenticated scans
What protocol runs on port 21 ?
FTP
What protocol runs on port 22
SSH
What protocol runs on port 23
Telnet
What protocol runs on port 25
SMTP
What protocol runs on port 53
DNS
What protocol runs on port 80
HTTP
What protocol runs on port 110
POP3
What protocol runs on port 123
NTP
What protocol runs on port 1433
Microsoft SQL Server
What protocol runs on port 1521
Oracle
What protocol runs on port 1720
H.323
What protocol runs on port 1723
PPTP
What protocol runs on port 3389
RDP
What are special-purpose tools that scour web applications for known vulnerabilities called ?
Web vulnerability scanners
What is the difference between penetration test and Vulnerability scans ?
Penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Vulnerability scans merely probe for the presence of a vulnerability and do not normally take offensive action against the targeted system.
What type of test Provides the attackers with detailed information about the systems they target ?
White Box Penetration Test
What type of test does not provide attackers with any information prior to the attack ?
Black Box Penetration Test
What are the steps of the Fagan inspections ?
- Planning
- Overview
- Preparation
- Inspection
- Rework
- Follow-up
What technique evaluates the security of software without running it by analyzing either the
source code or the compiled application ? .
Static testing
What technique usually involves the use of
automated tools designed to detect common software flaws, such as buffer overflows ?
Static testing
What technique is used when testers do not have access to the underlying source code.
Dynamic testing
What technique evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.
Dynamic testing
Scripted transactions with known expected results are called what ?
synthetic transactions
A specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws is called what ?
Fuzz testing
Taking previous input values from actual operation of the software and manipulating (or mutates) it to create fuzzed input is called what ?
Mutation Fuzzing
Generational (Intelligent) Fuzzing
Mutation Fuzzing
What type of fuzz testing develops data models and creates new fuzzed input based on an understanding of the types of data used by the program ?
Mutation Fuzzing
Generational (Intelligent) Fuzzing
Generational (Intelligent) Fuzzing
What tool automates the process of mutation fuzzing by manipulating input according to user specifications ?
The “zzuf” tool
What type of interface offers a standardized way for code modules to interact and may be exposed to the outside world through web services.
Application Programming Interfaces (APIs)
What type of interface manipulate machinery, logic
controllers, or other objects in the physical world ?
Physical Interfaces
What scan contain databases of thousands of known
vulnerabilities, along with tests they can perform to identify whether a system is susceptible
to each vulnerability in the system’s database.
Network vulnerability scans
When ____ scans a system, it identifies the current state of each network port on the
system
nmap
Metasploit
Nessus
nmap
The ______ goes beyond vulnerability testing techniques because it actually attempts
to exploit systems
penetration test
Penetration testers commonly use a tool called _____ to automatically execute exploits against targeted systems..
nmap
Metasploit
Nessus
Metasploit
Sends a single packet to each scanned port with the SYN flag set.
TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning
TCP SYN Scanning
Three types of interfaces should be tested during the software testing process:
Application Programming Interfaces, User Interfaces, Physical Interfaces