Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Intro to Computer Security test 3 > Q15 > Flashcards

Q15 Flashcards

1
Q 
Which one of the following tools is used primarily to perform network discovery scans?
A.   Nmap
B.    Nessus
C.   Metasploit  
D.   lsof
A

A. Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
Which one of the following is not normally included in a security assessment?
A.   Vulnerability scan
B.    Risk assessment
C.   Mitigation of vulnerabilities
D.   Threat assessment
A

C. Mitigation of vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Who is the intended audience for a security assessment report?
A.   Management
B.    Security auditor
C.   Security professional
D.   Customers
A

A. Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
Which one of the following tests provides the most accurate and detailed information about the security state of a server?
A.   Unauthenticated scan
B.    Port scan
C.   Half-open scan
D.   Authenticated scan
A

D. Authenticated scan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no unsatisfactory findings. How often must Badin rescan the application?
A.   Only if the application changes
B.    At least monthly
C.   At least annually
D.   There is no rescanning requirement.
A

C. At least annually

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Grace is performing a penetration test against a client’s network and would like to use a tool to assist in automatically executing common exploits. Which one of the following security tools will best meet her needs?
A.   nmap
B.    Metasploit  
C.   Nessus
D.   Snort
A

B. Metasploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul intend to perform?
A.   Code review
B.    Application vulnerability review
C.   Mutation fuzzing
D.   Generational fuzzing
A

C. Mutation fuzzing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Users of a banking application may try to withdraw funds that don’t exist from their account. Developers are aware of this threat and implemented code to protect against it. What type of software testing would most likely catch this type of vulnerability if the developers have not already remediated it?
A.   Misuse case testing
B.    SQL injection testing
C.   Fuzzing
D.   Code review
A

A. Misuse case testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What type of interface testing would identify flaws in a program’s command-line interface?
A. Application programming interface testing
B. User interface testing
C. Physical interface testing
D. Security interface testing

A

B. User interface testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
10.  During what type of penetration test does the tester always have access to system configuration information?
A.   Black box penetration test
B.    White box penetration test
C.   Gray box penetration test
D.   Red box penetration test
A

B. White box penetration test

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Intro to Computer Security test 3 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions