Chapter 15 Security Assessment and Testing

Question 1

What are techniques to identify open ports on

remote systems.

Answer 1

TCP SYN Scanning, TCP Connect Scanning, TCP ACK Scanning, Xmas Scanning

Question 2

What scanning technique is also known as “half-open” scanning.

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

Answer 2

TCP SYN Scanning

Question 3

What scanning technique sends a packet with the ACK flag set, indicating that it is part of an open connection ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

Answer 3

TCP ACK Scanning

Question 4

What scanning technique Sends a packet with the FIN, PSH, and URG flags set ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

Answer 4

Xmas Scanning

Question 5

What scanning technique opens a full connection to the remote system on the specified port ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

Answer 5

TCP Connect Scanning

Question 6

What scanning technique is used when the user running the scan does not have the necessary
permissions to run a half-open scan ?

TCP Connect Scanning
Xmas Scanning
TCP ACK Scanning
TCP SYN Scanning

Answer 6

TCP Connect Scanning

Question 7

What is the most common tool used for network discovery scanning ?

Nessus
Metasploit
nmap

Answer 7

nmap

Question 8

Which state of a network port occurs when the port is open on the remote system and there is an application that is actively accepting connections on that port ?.

Open
Closed
Filtered

Answer 8

Open

Question 9

Which state of a network port occurs when the port is accessible on the remote system, meaning that the firewall is allowing access, but there is no application accepting connections on that port ?

Open
Closed
Filtered

Answer 9

Closed

Question 10

Which state of a network port occurs when Nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt ?

Open
Closed
Filtered

Answer 10

Filtered

Question 11

What is it called when the scanner has read-only access to the servers being scanned and can use this access to read configuration information from the target system and use that information when
analyzing vulnerability testing results ?

Answer 11

authenticated scans

Question 12

What protocol runs on port 21 ?

Answer 12

FTP

Question 13

What protocol runs on port 22

Answer 13

SSH

Question 14

What protocol runs on port 23

Answer 14

Telnet

Question 15

What protocol runs on port 25

Answer 15

SMTP

Question 16

What protocol runs on port 53

Answer 16

DNS

Question 17

What protocol runs on port 80

Answer 17

HTTP

Question 18

What protocol runs on port 110

Answer 18

POP3

Question 19

What protocol runs on port 123

Answer 19

NTP

Question 20

What protocol runs on port 1433

Answer 20

Microsoft SQL Server

Question 21

What protocol runs on port 1521

Answer 21

Oracle

Question 22

What protocol runs on port 1720

Answer 22

H.323

Question 23

What protocol runs on port 1723

Answer 23

PPTP

Question 24

What protocol runs on port 3389

Answer 24

RDP

Question 25

What are special-purpose tools that scour web applications for known vulnerabilities called ?

Answer 25

Web vulnerability scanners

Question 26

What is the difference between penetration test and Vulnerability scans ?

Answer 26

Penetration test goes beyond vulnerability testing techniques because it actually attempts to exploit systems. Vulnerability scans merely probe for the presence of a vulnerability and do not normally take offensive action against the targeted system.

Question 27

What type of test Provides the attackers with detailed information about the systems they target ?

Answer 27

White Box Penetration Test

Question 28

What type of test does not provide attackers with any information prior to the attack ?

Answer 28

Black Box Penetration Test

Question 29

What are the steps of the Fagan inspections ?

Answer 29

1. Planning 2. Overview 3. Preparation 4. Inspection 5. Rework 6. Follow-up

Question 30

What technique evaluates the security of software without running it by analyzing either the source code or the compiled application ? .

Answer 30

Static testing

Question 31

What technique usually involves the use of | automated tools designed to detect common software flaws, such as buffer overflows ?

Answer 31

Static testing

Question 32

What technique is used when testers do not have access to the underlying source code.

Answer 32

Dynamic testing

Question 33

What technique evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.

Answer 33

Dynamic testing

Question 34

Scripted transactions with known expected results are called what ?

Answer 34

synthetic transactions

Question 35

A specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws is called what ?

Answer 35

Fuzz testing

Question 36

Taking previous input values from actual operation of the software and manipulating (or mutates) it to create fuzzed input is called what ? Mutation Fuzzing Generational (Intelligent) Fuzzing

Answer 36

Mutation Fuzzing

Question 37

What type of fuzz testing develops data models and creates new fuzzed input based on an understanding of the types of data used by the program ? Mutation Fuzzing Generational (Intelligent) Fuzzing

Answer 37

Generational (Intelligent) Fuzzing

Question 38

What tool automates the process of mutation fuzzing by manipulating input according to user specifications ?

Answer 38

The "zzuf" tool

Question 39

What type of interface offers a standardized way for code modules to interact and may be exposed to the outside world through web services.

Answer 39

Application Programming Interfaces (APIs)

Question 40

What type of interface manipulate machinery, logic | controllers, or other objects in the physical world ?

Answer 40

Physical Interfaces

Question 41

What scan contain databases of thousands of known vulnerabilities, along with tests they can perform to identify whether a system is susceptible to each vulnerability in the system’s database.

Answer 41

Network vulnerability scans

Question 42

When ____ scans a system, it identifies the current state of each network port on the system nmap Metasploit Nessus

Answer 42

nmap

Question 43

The ______ goes beyond vulnerability testing techniques because it actually attempts to exploit systems

Answer 43

penetration test

Question 44

Penetration testers commonly use a tool called _____ to automatically execute exploits against targeted systems.. nmap Metasploit Nessus

Answer 44

Metasploit

Question 45

Sends a single packet to each scanned port with the SYN flag set. TCP Connect Scanning Xmas Scanning TCP ACK Scanning TCP SYN Scanning

Answer 45

TCP SYN Scanning

Question 46

Three types of interfaces should be tested during the software testing process:

Answer 46

Application Programming Interfaces, User Interfaces, Physical Interfaces