Chapter 6
Security Assessment and Testing (Domain 6)

  1. During a port scan, Susan discovers a system running services on TCP and UDP 137–139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine?
    1. A Linux email server
    2. A Windows SQL server
    3. A Linux file server
    4. A Windows workstation
  2. Which of the following is a method used to automatically design new software tests and to ensure the quality of tests?
    1. Code auditing
    2. Static code analysis
    3. Regression testing
    4. Mutation testing
  3. During a port scan, Naomi found TCP port 443 open on a system. Which tool is best suited to scanning the service that is most likely running on that port?
    1. zzuf
    2. Nikto
    3. Metasploit
    4. sqlmap
  4. What message logging standard is commonly used by network devices, Linux and Unix systems, and many other enterprise devices?
    1. Syslog
    2. Netlog
    3. Eventlog
    4. Remote Log Protocol (RLP)
  5. Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use?
    1. A black box
    2. A brute-force tool
    3. A fuzzer
    4. A static analysis tool
  6. Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools will meet her requirements and allow vulnerability scanning?
    1. Nmap
    2. OpenVAS
    3. MBSA
    4. Nessus
  7. Morgan is implementing a vulnerability management system that uses standards-based components to score and evaluate the vulnerabilities it finds. Which of the following is most commonly used to provide a severity score for vulnerabilities?
    1. CCE
    2. CVSS
    3. CPE
    4. OVAL
  8. Jim has been contracted to perform a penetration test of a bank's primary branch. To make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform?
    1. A crystal-box penetration test
    2. A gray-box penetration test
    3. A black-box penetration test
    4. A white-box penetration test
  9. In a response to a request for proposal, Susan receives an SSAE 18 SOC report. If she wants a report that includes operating effectiveness detail, what should Susan ask for as follow-up and why?
    1. A SOC 2 Type II report, because Type I does not cover operating effectiveness
    2. A SOC 1 Type I report, because SOC 2 does not cover operating effectiveness
    3. A SOC 2 Type I report, because SOC 2 Type II does not cover operating effectiveness
    4. A SOC 3 report, because SOC 1 and SOC 2 reports are outdated
  10. During a wireless network penetration test, Susan runs aircrack-ng against the network using a password file. What might cause her to fail in her password-cracking efforts?
    1. Using WPA2 encryption
    2. Running WPA2 in Enterprise mode
    3. Using WEP encryption
    4. Running WPA2 in PSK mode
  11. A zero-day vulnerability is announced for the popular Apache web server in the middle of a workday. In Jacob's role as an information security analyst, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob's best route to quickly identify vulnerable systems?
    1. Immediately run Nessus against all of the servers to identify which systems are vulnerable.
    2. Review the CVE database to find the vulnerability information and patch information.
    3. Create a custom IDS or IPS signature.
    4. Identify affected versions and check systems for that version number using an automated scanner.
  12. What type of testing is used to ensure that separately developed software modules properly exchange data?
    1. Fuzzing
    2. Dynamic testing
    3. Interface testing
    4. API checksums
  13. Selah wants to provide security assessment information to customers who want to use her organization's cloud services. Which of the following options should she select to ensure that the greatest number of customers are satisfied with the assessment information?
    1. Use an internal audit team to self-assess against internal metrics.
    2. Use a third-party auditor.
    3. Use internal technical staff who know the systems.
    4. Use an internal audit team to self-assess against a common standard like COBIT.
  14. Yasmine has been asked to consider a breach and attack simulation system. What type of system should she look for?
    1. A ticket and change management system designed to help manage incidents
    2. A system that runs incident response simulations for blue teams to test their skills
    3. A system that combines red and blue team techniques with automation
    4. A security operations and response (SOAR) system
  15. Monica wants to gather information about security awareness in her organization. What technique is most frequently used to assess security awareness?
    1. Phishing simulators
    2. Gamified applications
    3. Assessment tests
    4. Surveys
  16. Jim has been contracted to conduct a gray-box penetration test, and his clients have provided him with the following information about their networks so that he can scan them:

    Data center:




    What problem will Jim encounter if he is contracted to conduct a scan from off-site?

    1. The IP ranges are too large to scan efficiently.
    2. The IP addresses provided cannot be scanned.
    3. The IP ranges overlap and will cause scanning issues.
    4. The IP addresses provided are RFC 1918 addresses.
  17. Mark's company has been notified that there is a flaw in their web application. The anonymous individual has notified them that they have two weeks to fix it before the details of the flaw are published along with example exploit code. What industry norm is the individual who contacted Mark's company violating?
    1. Zero-day reporting
    2. Ethical disclosure
    3. Ethical hacking
    4. The (ISC)2 vulnerability disclosure ethics statement

    For questions 18–20, please refer to the following scenario:

    The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. Use this diagram and your knowledge of logging systems to answer the following questions.

    Schematic illustration of a central logging infrastructure.
  18. Jennifer needs to ensure that all Windows systems provide identical logging information to the SIEM. How can she best ensure that all Windows desktops have the same log settings?
    1. Perform periodic configuration audits.
    2. Use Group Policy.
    3. Use Local Policy.
    4. Deploy a Windows syslog client.
  19. During normal operations, Jennifer's team uses the SIEM appliance to monitor for exceptions received via syslog. What system shown does not natively have support for syslog events?
    1. Enterprise wireless access points
    2. Windows desktop systems
    3. Linux web servers
    4. Enterprise firewall devices
  20. What technology should an organization use for each of the devices shown in the diagram to ensure that logs can be time sequenced across the entire infrastructure?
    1. Syslog
    2. NTP
    3. Logsync
    4. SNAP
  21. During a penetration test, Michelle needs to identify systems, but she hasn't gained sufficient access on the system she is using to generate raw packets. What type of scan should she run to verify the most open services?
    1. A TCP connect scan
    2. A TCP SYN scan
    3. A UDP scan
    4. An ICMP scan
  22. During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry:



    What services are likely running on those ports?

    1. SSH and FTP
    2. FTP and Telnet
    3. SMTP and Telnet
    4. POP3 and SMTP
  23. Aaron wants to validate his compliance with PCI-DSS. His company is a large commercial organization with millions of dollars in transactions a year. What is the most common method of conducting this type of testing for large organizations?
    1. Self-assessment
    2. To conduct a thirty-party assessment using COBIT
    3. To partner with another company and trade assessments between the organizations
    4. To conduct a third-party assessment using a qualified security assessor
  24. What method is commonly used to assess how well software testing covered the potential uses of an application?
    1. A test coverage analysis
    2. A source code review
    3. A fuzz analysis
    4. A code review report
  25. Testing that is focused on functions that a system should not allow is an example of what type of testing?
    1. Use case testing
    2. Manual testing
    3. Misuse case testing
    4. Dynamic testing
  26. What type of monitoring uses simulated traffic to a website to monitor performance?
    1. Log analysis
    2. Synthetic monitoring
    3. Passive monitoring
    4. Simulated transaction analysis
  27. Derek wants to ensure that his organization tracks all changes to accounts through their lifecycle. What type of tool should he invest in for his organization?
    1. A directory service like LDAP
    2. An IAM system
    3. An SIEM
    4. An EDR system
  28. Jim uses a tool that scans a system for available services and then connects to them to collect banner information to determine what version of the service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information, and similar details it gathers combined with CVE information. What type of tool is Jim using?
    1. A port scanner
    2. A service validator
    3. A vulnerability scanner
    4. A patch management tool
  29. Emily builds a script that sends data to a web application that she is testing. Each time the script runs, it sends a series of transactions with data that fits the expected requirements of the web application to verify that it responds to typical customer behavior. What type of transactions is she using, and what type of test is this?
    1. Synthetic, passive monitoring
    2. Synthetic, use case testing
    3. Actual, dynamic monitoring
    4. Actual, fuzzing
  30. What passive monitoring technique records all user interaction with an application or website to ensure quality and performance?
    1. Client/server testing
    2. Real user monitoring
    3. Synthetic user monitoring
    4. Passive user recording
  31. Earlier this year, the information security team at Jim's employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to incorrectly flag the system as vulnerable. To deal with the issue so that it does not continue to be flagged incorrectly?
    1. Uninstall and reinstall the patch.
    2. Ask the information security team to flag the system as patched and not vulnerable to that particular flaw.
    3. Update the version information in the web server's configuration.
    4. Review the vulnerability report and use alternate remediation options.
  32. Angela wants to test a web browser's handling of unexpected data using an automated tool. What tool should she choose?
    1. Nmap
    2. zzuf
    3. Nessus
    4. Nikto
  33. STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege, is useful in what part of application threat modeling?
    1. Vulnerability assessment
    2. Misuse case testing
    3. Threat categorization
    4. Penetration test planning
  34. Why should passive scanning be conducted in addition to implementing wireless security technologies like wireless intrusion detection systems?
    1. It can help identify rogue devices.
    2. It can test the security of the wireless network via scripted attacks.
    3. Their short dwell time on each wireless channel can allow them to capture more packets.
    4. They can help test wireless IDS or IPS systems.
  35. Paul is reviewing the approval process for a penetration test and wants to ensure that it has appropriate management review. Who should he ensure has approved the request for a penetration test for a business system?
    1. The change advisory board
    2. Senior management
    3. The systems administrator for the system
    4. The service owner
  36. What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes?
    1. Nonregression testing
    2. Evolution testing
    3. Smoke testing
    4. Regression testing
  37. Which of the following tools cannot identify a target's operating system for a penetration tester?
    1. Nmap
    2. Nessus
    3. Nikto
    4. sqlmap
  38. Susan needs to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this?
    1. Perform yearly risk assessments.
    2. Hire a penetration testing company to regularly test organizational security.
    3. Identify and track key risk indicators.
    4. Monitor logs and events using a SIEM device.
  39. What major difference separates synthetic and passive monitoring?
    1. Synthetic monitoring works only after problems have occurred.
    2. Passive monitoring cannot detect functionality issues.
    3. Passive monitoring works only after problems have occurred.
    4. Synthetic monitoring cannot detect functionality issues.

    For questions 40–42, please refer to the following scenario. Chris uses the standard penetration testing methodology shown here. Use this methodology and your knowledge of penetration testing to answer questions about tool usage during a penetration test.

    Schematic illustration of the standard penetration testing methodology.
  40. What task is the most important during Phase 1, Planning?
    1. Building a test lab
    2. Getting authorization
    3. Gathering appropriate tools
    4. Determining if the test is white, black, or gray box
  41. Which of the following tools is most likely to be used during discovery?
    1. Nessus
    2. john
    3. Nmap
    4. Nikto
  42. Which of these concerns is the most important to address during planning to ensure that the reporting phase does not cause problems?
    1. Which CVE format to use
    2. How the vulnerability data will be stored and sent
    3. Which targets are off-limits
    4. How long the report should be
  43. What four types of coverage criteria are commonly used when validating the work of a code testing suite?
    1. Input, statement, branch, and condition coverage
    2. Function, statement, branch, and condition coverage
    3. API, branch, bounds, and condition coverage
    4. Bounds, branch, loop, and condition coverage
  44. As part of his role as a security manager, Jacob provides the following chart to his organization's management team. What type of measurement is he providing for them?
    Graph depicts Time to Remediate in Days vs. Number of Vulnerabilities.
    1. A coverage rate measure
    2. A key performance indicator
    3. A time to live metric
    4. A business criticality indicator
  45. What does using unique user IDs for all users provide when reviewing logs?
    1. Confidentiality
    2. Integrity
    3. Availability
    4. Accountability
  46. Which of the following is not an interface that is typically tested during the software testing process?
    1. APIs
    2. Network interfaces
    3. UIs
    4. Physical interfaces
  47. Alan's organization uses the Security Content Automation Protocol (SCAP) to standardize its vulnerability management program. Which component of SCAP can Alan use to reconcile the identity of vulnerabilities generated by different security assessment tools?
    1. OVAL
    2. XCCDF
    3. CVE
    4. SCE
  48. Susan is reviewing software testing coverage data and sees the information shown in the following figure. What can she determine about this testing process? (Select all answers that apply.)
    Bar chart depicts the software testing coverage data.
    1. The testing does not have full coverage.
    2. Test 4 completed with no failures.
    3. Test 2 failed to run successfully.
    4. The testing needs to be run a fifth time.
  49. Which of the following strategies is not a reasonable approach for remediating a vulnerability identified by a vulnerability scanner?
    1. Install a patch.
    2. Use a workaround fix.
    3. Update the banner or version number.
    4. Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.
  50. During a penetration test, Selah calls her target's help desk claiming to be the senior assistant to an officer of the company. She requests that the help desk reset the officer's password because of an issue with his laptop while traveling and persuades them to do so. What type of attack has she successfully completed?
    1. Zero knowledge
    2. Help desk spoofing
    3. Social engineering
    4. Black box
  51. In this image, what issue may occur due to the log handling settings?
    Snapshot of Log Properties- Application dialog box.
    1. Log data may be lost when the log is archived.
    2. Log data may be overwritten.
    3. Log data may not include needed information.
    4. Log data may fill the system disk.
  52. Which of the following is not a hazard associated with penetration testing?
    1. Application crashes
    2. Denial of service
    3. Blackouts
    4. Data corruption
  53. Which NIST special publication covers the assessment of security and privacy controls?
    1. 800-12
    2. 800-53A
    3. 800-34
    4. 800-86
  54. Michelle is conducting a quantitative business impact assessment and wants to collect data to determine the dollar cost of downtime. What information would she need from outages during the previous year to calculate the cost of those outages to the business? (Select all that apply.)
    1. The total amount of time the business was down
    2. The number of personnel hours worked to recover from the outage
    3. The business lost during the outage per hour in dollars
    4. The average employee wage per hour
  55. If Kara's primary concern is preventing eavesdropping attacks, which port should she block?
    1. 22
    2. 80
    3. 443
    4. 1433
  56. If Kara's primary concern is preventing administrative connections to the server, which port should she block?
    1. 22
    2. 80
    3. 443
    4. 1433
  57. During a third-party audit, Jim's company receives a finding that states, “The administrator should review backup success and failure logs on a daily basis and take action in a timely manner to resolve reported exceptions.” What potential problem does this finding indicate?
    1. Administrators will not know if the backups succeeded or failed.
    2. The backups may not be properly logged.
    3. The backups may not be usable.
    4. The backup logs may not be properly reviewed.
  58. Jim is helping his organization decide on audit standards for use throughout their international organization. Which of the following is not an IT standard that Jim's organization is likely to use as part of its audits?
    1. COBIT
    2. SSAE-18
    3. ITIL
    4. ISO 27001
  59. Nicole wants to conduct a standards-based audit of her organization. Which of the following is commonly used to describe common requirements for information systems?
    1. IEC
    2. COBIT
    3. FISA
    4. DMCA
  60. Kelly's team conducts regression testing on each patch that they release. What key performance measure should they maintain to measure the effectiveness of their testing?
    1. Time to remediate vulnerabilities
    2. A measure of the rate of defect recurrence
    3. A weighted risk trend
    4. A measure of the specific coverage of their testing
  61. Which of the following types of code review is not typically performed by a human?
    1. Software inspections
    2. Pair programming
    3. Static program analysis
    4. Software walk-throughs

    For questions 62–64, please refer to the following scenario:

    Susan is the lead of a quality assurance team at her company. The team has been tasked with the testing for a major release of their company's core software product.

  62. Susan's team of software testers are required to test every code path, including those that will only be used when an error condition occurs. What type of testing environment does her team need to ensure complete code coverage?
    1. White box
    2. Gray box
    3. Black box
    4. Dynamic
  63. As part of the continued testing of their new application, Susan's quality assurance team has designed a set of test cases for a series of black-box tests. These functional tests are then run, and a report is prepared explaining what has occurred. What type of report is typically generated during this testing to indicate test metrics?
    1. A test coverage report
    2. A penetration test report
    3. A code coverage report
    4. A line coverage report
  64. As part of their code coverage testing, Susan's team runs the analysis in a nonproduction environment using logging and tracing tools. Which of the following types of code issues is most likely to be missed during testing due to this change in the operating environment?
    1. Improper bounds checking
    2. Input validation
    3. A race condition
    4. Pointer manipulation
  65. Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?
    1. Patching
    2. Reporting
    3. Remediation
    4. Validation
  66. The automated code testing and integration that Andrea ran as part of her organization's CI/CD pipeline errored out. What should Andrea do with the code if the company needs the code to go live immediately?
    1. Manually bypass the test.
    2. Review error logs to identify the problem.
    3. Rerun the test to see if it works.
    4. Send the code back to the developer for a fix.
  67. Michelle wants to compare vulnerabilities she has discovered in her data center based on how exploitable they are, if exploit code exists, and how hard they are to remediate. What scoring system should she use to compare vulnerability metrics like these?
    1. CSV
    2. NVD
    3. VSS
    4. CVSS
  68. During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?
    1. Web servers
    2. File servers
    3. Wireless access points
    4. Printers
  69. Nikto, Burp Suite, and Wapiti are all examples of what type of tool?
    1. Web application vulnerability scanners
    2. Code review tools
    3. Vulnerability scanners
    4. Port scanners
  70. Frank's team is testing a new API that his company's developers have built for their application infrastructure. Which of the following is not a common API issue that you would expect Frank's team to find?
    1. Improper encryption
    2. Object-level authorization issues
    3. User authentication issues
    4. Lack of rate limiting
  71. Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?
    1. Systems will be scanned for vulnerabilities.
    2. Systems will have known vulnerabilities exploited.
    3. Services will be probed for buffer overflow and other unknown flaws.
    4. Systems will be tested for zero-day exploits.
  72. Susan needs to ensure that the interactions between the components of her e-commerce application are all handled properly. She intends to verify communications, error handling, and session management capabilities throughout her infrastructure. What type of testing is she planning to conduct?
    1. Misuse case testing
    2. Fuzzing
    3. Regression testing
    4. Interface testing
  73. Jim is designing his organization's log management systems and knows that he needs to carefully plan to handle the organization's log data. Which of the following is not a factor that Jim should be concerned with?
    1. The volume of log data
    2. A lack of sufficient log sources
    3. Data storage security requirements
    4. Network bandwidth
  74. Ryan's organization wants to ensure that proper account management is occurring but does not have a central identity and access management tool in place. Ryan has a limited amount of time to do his verification process. What is his best option to test the account management process as part of an internal audit?
    1. Validate all accounts changed in the past 90 days.
    2. Select high-value administrative accounts for validation.
    3. Validate all account changes in the past 180 days.
    4. Validate a random sample of accounts.
  75. When a Windows system is rebooted, what type of log is generated?
    1. Error
    2. Warning
    3. Information
    4. Failure audit
  76. During a review of access logs, Alex notices that Michelle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department's main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?
    1. Inconsistent log formatting
    2. Modified logs
    3. Inconsistent timestamps
    4. Multiple log sources
  77. What type of vulnerability scan accesses configuration information from the systems it is run against as well as information that can be accessed via services available via the network?
    1. Authenticated scans
    2. Web application scans
    3. Unauthenticated scans
    4. Port scans

    For questions 78–80, please refer to the following scenario:

    Ben's organization has begun to use STRIDE to assess its software and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified.

  78. Ben's development team needs to address an authorization issue, resulting in an elevation of privilege threat. Which of the following controls is most appropriate to this type of issue?
    1. Auditing and logging are enabled.
    2. Role-based access control is used for specific operations.
    3. Data type and format checks are enabled.
    4. User input is tested against a whitelist.
  79. Ben's team is attempting to categorize a transaction identification issue that is caused by use of a symmetric key shared by multiple servers. What STRIDE category should this fall into?
    1. Information disclosure
    2. Denial of service
    3. Tampering
    4. Repudiation
  80. Ben wants to use a third-party service to help assess denial-of-service attack vulnerabilities due the amount of traffic during denial-of-service attacks. What type of engagement should he suggest to his organization?
    1. A social engineering engagement
    2. A penetration test
    3. Load or stress testing
    4. Testing using a fuzzer
  81. Chris is troubleshooting an issue with his organization's SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue?
    1. SSH
    2. FTP
    3. TLS
    4. NTP
  82. Ryan is considering the use of fuzz testing in his web application testing program. Which one of the following statements about fuzz testing should Ryan consider when making his decision?
    1. Fuzzers only find complex faults.
    2. Testers must manually generate input.
    3. Fuzzers may not fully cover the code.
    4. Fuzzers can't reproduce errors.
  83. Ken is designing a testing process for software developed by his team. He is designing a test that verifies that every line of code was executed during the test. What type of analysis is Ken performing?
    1. Branch coverage
    2. Condition coverage
    3. Function coverage
    4. Statement coverage

    For questions 84–86, please refer to the following scenario. During a port scan, Ben uses nmap's default settings and sees the following results.

    Snapshot of verifying every line of code which was executed during the test.
  84. If Ben is conducting a penetration test, what should his next step be after receiving these results?
    1. Connect to the web server using a web browser.
    2. Connect via Telnet to test for vulnerable accounts.
    3. Identify interesting ports for further scanning.
    4. Use sqlmap against the open databases.
  85. Based on the scan results, what operating system (OS) was the system that was scanned most likely running?
    1. Windows Desktop
    2. Linux
    3. Network device
    4. Windows Server
  86. Ben's manager expresses concern about the coverage of his scan. Why might his manager have this concern?
    1. Ben did not test UDP services.
    2. Ben did not discover ports outside the “well-known ports.”
    3. Ben did not perform OS fingerprinting.
    4. Ben tested only a limited number of ports.
  87. Lucca is reviewing his organization's disaster recovery process data and notes that the MTD for the business's main website is two hours. What does he know about the RTO for the site when he does testing and validation?
    1. It needs to be less than two hours.
    2. It needs to be at least two hours.
    3. The MTD is too short and needs to be longer.
    4. The RTO is too short and needs to be longer.
  88. Diana has engaged third-party auditors and wants to release an audit attestation to third parties without including details of the audit. What type of SSAE 18 SOC report should she request?
    1. SOC 1
    2. SOC 2
    3. SOC 3
    4. SOC 4
  89. While reviewing the software testing output for her organization's new application, Madhuri notices that the application has produced errors that included directory and file information shown to the web application tester. What issue should she include in her report about the application?
    1. It does not perform proper exception handling.
    2. The software does not handle misuse case testing properly.
    3. Debugging statements need to be removed.
    4. The code was not fully tested due to errors.
  90. What is the first step that should occur before a penetration test is performed?
    1. Data gathering
    2. Port scanning
    3. Getting permission
    4. Planning
  91. The president of Josh's company is concerned about a significant increase in cryptographic malware that is impacting other companies in their industry. She has asked John to ensure that the company's data will be recoverable if malware strikes and encrypts their production systems. What process does Josh need to undertake to be able to tell her that the company is covered?
    1. Encrypt all sensitive data.
    2. Hash all of the organization's data to detect cryptographic malware.
    3. Perform backup verification.
    4. Use anti-encryption technology to prevent the malware from encrypting drives.
  92. Joanna is her organization's CISO, and in her security operations oversight role she wants to ensure that management oversight is happening for security-related changes. What system should she focus on to track this type of data in most organizations?
    1. The SIEM system
    2. The IPS system
    3. The CMS tool
    4. The ITSM tool
  93. Henry wants to validate that his backups are working. Which of the following options is the best way for him to ensure that the backups will be useful in a true disaster recovery scenario?
    1. Periodically restore a random file to ensure that the backups are working.
    2. Review configurations and settings on a regular schedule to validate backup settings.
    3. Review the backup logs to ensure no errors are occurring.
    4. Regularly perform full restores from backups to validate their success.
  94. What type of vulnerabilities will not be found by a vulnerability scanner?
    1. Local vulnerabilities
    2. Service vulnerabilities
    3. Zero-day vulnerabilities
    4. Vulnerabilities that require authentication
  95. Jacinda wants to measure the effectiveness of her security training as one of her security metrics. Which of the following measures are the most useful for assessing the effectiveness of security awareness training? (Select all that apply.)
    1. How many people took the training
    2. The level of security awareness before and after the training
    3. The length of the training in hours
    4. The number of training events each individual attended this year
  96. Elaine has discovered a previously unknown critical vulnerability in a product that her organization uses. Her organization has a strong commitment to ethical disclosure, and Elaine wants to follow common ethical disclosure practices. What should she do first?
    1. Build an in-house remediation or control and then publicly disclosure the vulnerability to prompt the vendor to patch it quickly.
    2. Build an in-house remediation or control and then notify the vendor of the issue.
    3. Notify the vendor and give them a reasonable amount of time to fix the issue.
    4. Publicly disclose the vulnerability so that the vendor will patch it in an appropriate amount of time.

    For questions 97–99, please refer to the following scenario. NIST Special Publication 800-115, the Technical Guide to Information Security Testing and Assessment, provides NIST's process for penetration testing. Use this image as well as your knowledge of penetration testing to answer the questions.

    Schematic illustration of the NIST’s process for penetration testing.

    Source: NIST SP 800-115.

  97. Which of the following is not a part of the discovery phase?
    1. Hostname and IP address information gathering
    2. Service information capture
    3. Dumpster diving
    4. Privilege escalation
  98. NIST specifies four attack phase steps: gaining access, escalating privileges, system browsing, and installing additional tools. Once attackers install additional tools, what phase will a penetration tester typically return to?
    1. Discovery
    2. Gaining access
    3. Escalating privileges
    4. System browsing
  99. Which of the following is not a typical part of a penetration test report?
    1. A list of identified vulnerabilities
    2. All sensitive data that was gathered during the test
    3. Risk ratings for each issue discovered
    4. Mitigation guidance for issues identified
  100. Alex is using nmap to perform port scanning of a system, and he receives three different port status messages in the results. Match each of the numbered status messages with the appropriate lettered description. You should use each item exactly once.

    Status message

    1. Open
    2. Closed
    3. Filtered


    1. The port is accessible on the remote system, but no application is accepting connections on that port.
    2. The port is not accessible on the remote system.
    3. The port is accessible on the remote system, and an application is accepting connections on that port.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.