Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > Chapter 6 Vulnerability Assessment and Pentrest Tools Mark B > Flashcards

Chapter 6 Vulnerability Assessment and Pentrest Tools Mark B Flashcards

1
Q

When performing a SCAP scan on a system, which of the following types of scans will be most useful?

A. Credentialed
B. Non-credentialed
C. Agent based
D. Intrusive

A

A. Credentialed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What would be the most important when monitoring on ICS networks, where latency must be minimized?

A. Group Policy
B. Active Scanning
C. Passive Scanning
D. Continuous Integration

A

C. Passive Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the protocol that allows for the automation of security compliance scans?

A. SCAP
B. CVSS
C. CVE
D. ARF

A

A. SCAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What standard would support the creation of XML-format configuration templates?

A. XCCDF
B. CVE
C. CPE
D. NMAP

A

A. XCCDF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What standard allows a vulnerability scanner to detect the host operating system and installed applications?

A. XCCDF
B. CVE
C. CPE
D. SCAP

A

C. CPE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What standard supports a common reporting standard for vulnerability scanning?

A. XCCDF
B. CVE
C. OVAL
D. STIG

A

C. OVAL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What information type can be found at MITRE and NIST VD that describes a known vulnerability and gives information regarding remediation?

A. CVE
B. CPE
C. CVSS
D. OVAL

A

A. CVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is used to calculate the criticality of a known vulnerability?

A. CVE
B. CPE
C. CVSS
D. OVAL

A

C. CVSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If my organization is preparing to host publicly available SaaS services in the data center, what kind of assessment would be best?

A. Self-assessment
B. Third party assessment
C. PCI compliance
D. Internal assessment

A

B. Third party assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When we download patches from Microsoft, where should they be tested first?

A. Staging network
B. Production network
C. DMZ network
D. IT administration network

A

A. Staging network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Where can security professionals go to remain aware of vendor published security updates and guidance? (Choose all that apply)

A. Advisories
B. Bulletins
C. Vendor websites
D. MITRE

A

A. Advisories
B. Bulletins
C. Vendor websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What allows European critical infrastructure providers to share security related information?

A. ISACs
B. NIST
C. SCAP
D. CISA

A

A. ISACs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What kind of testing would be performed against uncompiled code?

A. Static analysis
B . Dynamic analysis
C. Fuzzing
D. Reverse engineering

A

A. Static analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of analysis would allow researchers to measure power usage to predict the encryption keys generated by a crypto processor?

A. Side channel analysis
B. Frequency analysis
C. Network analysis
D. Hacking

A

A. Side channel analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of analysis would most likely be used when researched need to study third party compiled code?

A. Static analysis
B. Side channel analysis
C. Input validation
D. Reverse engineering

A

D. Reverse engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What automated tool would developers use to report on any outdated software libraries and licensing requirements?

A. Software composition analysis
B. Side channel analysis
C. Input validation
D. Reverse engineering

A

A. Software composition analysis

17
Q

What is it called we send pseudo-random inputs into an application, in an attempt to find flaws in the code?

A. Fuzz testing
B. Input validation
C. Reverse engineering
D. Pivoting

A

A. Fuzz testing

18
Q

What is the term for lateral movement from a compromised host system?

A. Pivoting
B. Reverse engineering
C. Persistence
D. Requirements

A

A. Pivoting

19
Q

When would a pentester use a privilege escalation exploit?

A. Post exploitation
B. OSINT
C. Reconnaissance
D. Foot printing

A

A. Post exploitation

20
Q

What is the correct term for a penetration tester manipulating the registry in order to launch a binary file during the boot sequence?

A. Pivoting
B. Reverse Engineering
C. Persistence
D. Requirements

A

C. Persistence

21
Q

What tool would allow network analysts to report on network utilization levels?

A. Network traffic analyzer
B. Vulnerability Scanner
C. Protocol analyzer
D. Port scanner

A

A. Network traffic analyzer

22
Q

What would be the best tool to test the security configuration settings for a web application server?

A. Network traffic analyzer
B. Vulnerability scanner
C. Protocol analyzer
D. Port scanner

A

B. Vulnerability scanner

23
Q

With what tool would pentesters discover live hosts and application services on a network segment?

A. Network traffic analyzer
B. Vulnerability scanner
C. Protocol analyzer
D. Port scanner

A

C. Protocol analyzer

24
Q

What type of tool would perform uncredentialed scans?

A. Network traffic analyzer
B. Vulnerability scanner
C. Protocol analyzer
D. Port scanner

A

D. Port scanner

25
Q

What could be used to reverse engineer a web server API when conducting a zero knowledge test?

A. Exploitation framework
B. Port scanner
C. HTTP interceptor
D. Password cracker

A

C. HTTP interceptor

26
Q

What tool could be used by hackers to discover unpatched systems using automated scripts?

A. Exploitation framework
B. Port scanner
C. HTTP Interceptor
D. Password cracker

A

A. Exploitation framework

27
Q

What would allow system administrators to discover weak passwords stored on the server?

A. Exploitation framework
B. Port scanner
C. HTTP Interceptor
D. Password cracker

A

D. Password cracker

28
Q

What documentation would mitigate the risk of pentesters testing the security posture of all regional data centers when the requirement was only for the ecommerce operation center?

A. Requirements
B. Scope of work
C. Rules of engagement
D. Asset inventory

A

B. Scope of work

29
Q

What documentation would mitigate the risk of pentesters unintentionally causing an outage on the network during business hours?

A. Requirements
B. Scope of work
C. Rules of engagement
D. Asset inventory

A

C. Rules of engagement

30
Q

What type of security assessment is taking place if the tester needs to perform badge skimming first?

A. Network security assessment
B. Corporate policy considerations
C. Facility considerations
D. Physical security assessment

A

D. Physical security assessment

CASP+ (36 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions