2 cissp ® Official Study Guide Eighth Edition

694
Chapter 15 
■
Security Assessment and Testing
7.
Alan ran an nmap scan against a server and determined that port 80 is open on the server. 
What tool would likely provide him the best additional information about the server’s pur-
pose and the identity of the server’s operator?
A.
SSH
B.
Web browser
C.
telnet
D.
ping
8.
What port is typically used to accept administrative connections using the SSH utility?
A.
20
B.
22
C.
25
D.
80
9.
Which one of the following tests provides the most accurate and detailed information about 
the security state of a server?
A.
Unauthenticated scan
B.
Port scan
C.
Half-open scan
D.
Authenticated scan
10.
What type of network discovery scan only follows the first two steps of the TCP hand-
shake?
A.
TCP connect scan
B.
Xmas scan
C.
TCP SYN scan
D.
TCP ACK scan
11.
Matthew would like to test systems on his network for SQL injection vulnerabilities. Which 
one of the following tools would be best suited to this task?
A.
Port scanner
B.
Network vulnerability scanner
C.
Network discovery scanner
D.
Web vulnerability scanner
12.
Badin Industries runs a web application that processes e-commerce orders and handles 
credit card transactions. As such, it is subject to the Payment Card Industry Data Security 
Standard (PCI DSS). The company recently performed a web vulnerability scan of the appli-
cation and it had no unsatisfactory findings. How often must Badin rescan the application?

Download 19,3 Mb.

Do'stlaringiz bilan baham: