Copiar y Editar

Quix9 - D6 - 50Q

Descripción

100 RedBlue Test Test sobre Quix9 - D6 - 50Q, creado por Requiemdust Sheena el 13/05/2020.
Requiemdust Sheena
Test por Requiemdust Sheena, actualizado hace más de 1 año
Requiemdust Sheena
Creado por Requiemdust Sheena hace más de 4 años
388
0
1

Resumen del Recurso

Pregunta 1

Pregunta
During a penetration test, Lauren is asked to test the organization’s Bluetooth security. Which of the following is not a concern she should explain to her employers?
Respuesta
  • A. Bluetooth scanning can be time-consuming.
  • B. Many devices that may be scanned are likely to be personal devices.
  • C. Bluetooth passive scans may require multiple visits at different times to identify all targets.
  • D. Bluetooth active scans can’t evaluate the security mode of Bluetooth devices.

Pregunta 2

Pregunta
What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes?
Respuesta
  • A. Nonregression testing
  • B. Evolution testing
  • C. Smoke testing
  • D. Regression testing

Pregunta 3

Pregunta
Which of the tools cannot identify a target’s operating system for a penetration tester?
Respuesta
  • A. Nmap
  • B. Nessus
  • C. Nikto
  • D. sqlmap

Pregunta 4

Pregunta
Susan needs to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this?
Respuesta
  • A. Perform yearly risk assessments.
  • B. Hire a penetration testing company to regularly test organizational security.
  • C. Identify and track key risk indicators.
  • D. Monitor logs and events using a SIEM device.

Pregunta 5

Pregunta
What major difference separates synthetic and passive monitoring?
Respuesta
  • A. Synthetic monitoring only works after problems have occurred.
  • B. Passive monitoring cannot detect functionality issues.
  • C. Passive monitoring only works after problems have occurred.
  • D. Synthetic monitoring cannot detect functionality issues.

Pregunta 6

Pregunta
Chris uses the standard penetration testing methodology shown here. Use this methodology and your knowledge of penetration testing to answer questions about tool usage during a penetration test. What task is the most important during Phase 1, Planning?
Image:
36 (binary/octet-stream)
Respuesta
  • A. Building a test lab
  • B. Getting authorization
  • C. Gathering appropriate tools
  • D. Determining if the test is white, black, or gray box

Pregunta 7

Pregunta
Chris uses the standard penetration testing methodology shown here. Use this methodology and your knowledge of penetration testing to answer questions about tool usage during a penetration test. Which of the following tools is most likely to be used during discovery?
Image:
36 (binary/octet-stream)
Respuesta
  • A. Nessus
  • B. john
  • C. Nmap
  • D. Nikto

Pregunta 8

Pregunta
Chris uses the standard penetration testing methodology shown here. Use this methodology and your knowledge of penetration testing to answer questions about tool usage during a penetration test. Which of these concerns is the most important to address during planning to ensure that the reporting phase does not cause problems?
Image:
36 (binary/octet-stream)
Respuesta
  • A. Which CVE format to use
  • B. How the vulnerability data will be stored and sent
  • C. Which targets are off-limits
  • D. How long the report should be

Pregunta 9

Pregunta
What four types of coverage criteria are commonly used when validating the work of a code testing suite?
Respuesta
  • A. Input, statement, branch, and condition coverage
  • B. Function, statement, branch, and condition coverage
  • C. API, branch, bounds, and condition coverage
  • D. Bounds, branch, loop, and condition coverage

Pregunta 10

Pregunta
As part of his role as a security manager, Jacob provides the following chart to his organization’s management team. What type of measurement is he providing for them?
Image:
37 (binary/octet-stream)
Respuesta
  • A. A coverage rate measure
  • B. A key performance indicator
  • C. A time to live metric
  • D. A business criticality indicator

Pregunta 11

Pregunta
What does using unique user IDs for all users provide when reviewing logs?
Respuesta
  • A. Confidentiality
  • B. Integrity
  • C. Availability
  • D. Accountability

Pregunta 12

Pregunta
Which of the following is not an interface that is typically tested during the software testing process?
Respuesta
  • A. APIs
  • B. Network interfaces
  • C. UIs
  • D. Physical interfaces

Pregunta 13

Pregunta
Alan’s organization uses the Security Content Automation Protocol (SCAP) to standardize its vulnerability management program. Which component of SCAP can Alan use to reconcile the identity of vulnerabilities generated by different security assessment tools?
Respuesta
  • A. OVAL
  • B. XCCDF
  • C. CVE
  • D. SCE

Pregunta 14

Pregunta
Misconfiguration, logical and functional flaws, and poor programming practices are all causes of what common security issue?
Respuesta
  • A. Fuzzing
  • B. Security vulnerabilities
  • C. Buffer overflows
  • D. Race conditions

Pregunta 15

Pregunta
Which of the following strategies is not a reasonable approach for remediating a vulnerability identified by a vulnerability scanner?
Respuesta
  • A. Install a patch.
  • B. Use a workaround fix.
  • C. Update the banner or version number.
  • D. Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.

Pregunta 16

Pregunta
During a penetration test Saria calls her target’s help desk claiming to be the senior assistant to an officer of the company. She requests that the help desk reset the officer’s password because of an issue with his laptop while traveling and persuades them to do so. What type of attack has she successfully completed?
Respuesta
  • A. Zero knowledge
  • B. Help desk spoofing
  • C. Social engineering
  • D. Black box

Pregunta 17

Pregunta
In this image, what issue may occur due to the log handling settings?
Image:
38 (binary/octet-stream)
Respuesta
  • A. Log data may be lost when the log is archived.
  • B. Log data may be overwritten.
  • C. Log data may not include needed information.
  • D. Log data may fill the system disk.

Pregunta 18

Pregunta
Which of the following is not a hazard associated with penetration testing?
Respuesta
  • A. Application crashes
  • B. Denial of service
  • C. Exploitation of vulnerabilities
  • D. Data corruption

Pregunta 19

Pregunta
Which NIST special publication covers the assessment of security and privacy controls?
Respuesta
  • A. 800-12
  • B. 800-53A
  • C. 800-34
  • D. 800-86

Pregunta 20

Pregunta
If Kara’s primary concern is preventing eavesdropping attacks, which port should she block?
Respuesta
  • A. 22
  • B. 80
  • C. 443
  • D. 1433

Pregunta 21

Pregunta
If Kara’s primary concern is preventing administrative connections to the server, which port should she block?
Respuesta
  • A. 22
  • B. 80
  • C. 443
  • D. 1433

Pregunta 22

Pregunta
During a third-party audit, Jim’s company receives a finding that states, “The administrator should review backup success and failure logs on a daily basis, and take action in a timely manner to resolve reported exceptions.” What is the biggest issue that is likely to result if Jim’s IT staff need to restore from a backup?
Respuesta
  • A. They will not know if the backups succeeded or failed.
  • B. The backups may not be properly logged.
  • C. The backups may not be usable.
  • D. The backup logs may not be properly reviewed.

Pregunta 23

Pregunta
Jim is helping his organization decide on audit standards for use throughout their international organization. Which of the following is not an IT standard that Jim’s organization is likely to use as part of its audits?
Respuesta
  • A. COBIT
  • B. SSAE-18
  • C. ITIL
  • D. ISO 27002

Pregunta 24

Pregunta
Which of the following best describes a typical process for building and implementing an Information Security Continuous Monitoring program as described by NIST Special Publication 800-137?
Respuesta
  • A. Define, establish, implement, analyze and report, respond, review, and update
  • B. Design, build, operate, analyze, respond, review, revise
  • C. Prepare, detect and analyze, contain, respond, recover, report
  • D. Define, design, build, monitor, analyze, react, revise

Pregunta 25

Pregunta
Lauren’s team conducts regression testing on each patch that they release. What key performance measure should they maintain to measure the effectiveness of their testing?
Respuesta
  • A. Time to remediate vulnerabilities
  • B. A measure of the rate of defect recurrence
  • C. A weighted risk trend
  • D. A measure of the specific coverage of their testing

Pregunta 26

Pregunta
Which of the following types of code review is not typically performed by a human?
Respuesta
  • A. Software inspections
  • B. Code review
  • C. Static program analysis
  • D. Software walkthroughs

Pregunta 27

Pregunta
Susan is the lead of a Quality Assurance team at her company. The team has been tasked with the testing for a major release of their company’s core software product. Susan’s team of software testers are required to test every code path, including those that will only be used when an error condition occurs. What type of testing environment does her team need to ensure complete code coverage?
Respuesta
  • A. White box
  • B. Gray box
  • C. Black box
  • D. Dynamic

Pregunta 28

Pregunta
Susan is the lead of a Quality Assurance team at her company. The team has been tasked with the testing for a major release of their company’s core software product. As part of the continued testing of their new application, Susan’s quality assurance team has designed a set of test cases for a series of black box tests. These functional tests are then run, and a report is prepared explaining what has occurred. What type of report is typically generated during this testing to indicate test metrics?
Respuesta
  • A. A test coverage report
  • B. A penetration test report
  • C. A code coverage report
  • D. A line coverage report

Pregunta 29

Pregunta
Susan is the lead of a Quality Assurance team at her company. The team has been tasked with the testing for a major release of their company’s core software product. As part of their code coverage testing, Susan’s team runs the analysis in a non-production environment using logging and tracing tools. Which of the following types of code issues is most likely to be missed during testing due to this change in the operating environment?
Respuesta
  • A. Improper bounds checking
  • B. Input validation
  • C. A race condition
  • D. Pointer manipulation

Pregunta 30

Pregunta
Robin recently conducted a vulnerability scan and found a critical vulnerability on a server that handles sensitive information. What should Robin do next?
Respuesta
  • A. Patching
  • B. Reporting
  • C. Remediation
  • D. Validation

Pregunta 31

Pregunta
Kathleen is reviewing the code for an application. She first plans the review, conducts an overview session with the reviewers and assigns roles, and then works with the reviewers to review materials and prepare for their roles. Next, she intends to review the code, rework it, and ensure that all defects found have been corrected. What type of review is Kathleen conducting?
Respuesta
  • A. A dynamic test
  • B. Fagan inspection
  • C. Fuzzing
  • D. A Roth-Parker review

Pregunta 32

Pregunta
Danielle wants to compare vulnerabilities she has discovered in her data center based on how exploitable they are, if exploit code exists, and how hard they are to remediate. What scoring system should she use to compare vulnerability metrics like these?
Respuesta
  • A. CSV
  • B. NVD
  • C. VSS
  • D. CVSS

Pregunta 33

Pregunta
During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering?
Respuesta
  • A. Web servers
  • B. File servers
  • C. Wireless access points
  • D. Printers

Pregunta 34

Pregunta
Nikto, Burp Suite, and Wapiti are all examples of what type of tool?
Respuesta
  • A. Web application vulnerability scanners
  • B. Code review tools
  • C. Vulnerability scanners
  • D. Port scanners

Pregunta 35

Pregunta
Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used?
Respuesta
  • A. Systems will be scanned for vulnerabilities.
  • B. Systems will have known vulnerabilities exploited.
  • C. Services will be probed for buffer overflow and other unknown flaws.
  • D. Systems will be tested for zero-day exploits.

Pregunta 36

Pregunta
Susan needs to ensure that the interactions between the components of her e-commerce application are all handled properly. She intends to verify communications, error handling, and session management capabilities throughout her infrastructure. What type of testing is she planning to conduct?
Respuesta
  • A. Misuse case testing
  • B. Fuzzing
  • C. Regression testing
  • D. Interface testing

Pregunta 37

Pregunta
Jim is designing his organization’s log management systems and knows that he needs to carefully plan to handle the organization’s log data. Which of the following is not a factor that Jim should be concerned with?
Respuesta
  • A. The volume of log data
  • B. A lack of sufficient log sources
  • C. Data storage security requirements
  • D. Network bandwidth

Pregunta 38

Pregunta
Ken is having difficulty correlating information from different security teams in his organization. Specifically, he would like to find a way to describe operating systems in a consistent fashion. What SCAP component can assist him?
Respuesta
  • A. CVE
  • B. CPE
  • C. CWE
  • D. OVAL

Pregunta 39

Pregunta
When a Windows system is rebooted, what type of log is generated?
Respuesta
  • A. Error
  • B. Warning
  • C. Information
  • D. Failure audit

Pregunta 40

Pregunta
During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a.m. daily but that she was recorded as logging into her department’s main web application shortly after 3 a.m. daily. What common logging issue has Alex likely encountered?
Respuesta
  • A. Inconsistent log formatting
  • B. Modified logs
  • C. Inconsistent timestamps
  • D. Multiple log sources

Pregunta 41

Pregunta
What type of vulnerability scan accesses configuration information from the systems it is run against as well as information that can be accessed via services available via the network?
Respuesta
  • A. Authenticated scans
  • B. Web application scans
  • C. Unauthenticated scans
  • D. Port scans

Pregunta 42

Pregunta
Ben’s organization has begun to use STRIDE to assess its software and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified. Ben’s development team needs to address an authorization issue, resulting in an elevation of privilege threat. Which of the following controls is most appropriate to this type of issue?
Respuesta
  • A. Auditing and logging is enabled.
  • B. Role-based access control is used for specific operations.
  • C. Data type and format checks are enabled.
  • D. User input is tested against a whitelist.

Pregunta 43

Pregunta
Ben’s organization has begun to use STRIDE to assess its software and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified. Ben’s team is attempting to categorize a transaction identification issue that is caused by use of a symmetric key shared by multiple servers. What STRIDE category should this fall into?
Respuesta
  • A. Information disclosure
  • B. Denial of service
  • C. Tampering
  • D. Repudiation

Pregunta 44

Pregunta
Ben’s organization has begun to use STRIDE to assess its software and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified. Ben wants to prevent or detect tampering with data. Which of the following is not an appropriate solution?
Respuesta
  • A. Hashes
  • B. Digital signatures
  • C. Filtering
  • D. Authorization controls

Pregunta 45

Pregunta
Chris is troubleshooting an issue with his organization’s SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue?
Respuesta
  • A. SSH
  • B. FTP
  • C. TLS
  • D. NTP

Pregunta 46

Pregunta
Ryan is considering the use of fuzz testing in his web application testing program. Which one of the following statements about fuzz testing should Ryan consider when making his decision?
Respuesta
  • A. Fuzzers only find complex faults.
  • B. Testers must manually generate input.
  • C. Fuzzers may not fully cover the code.
  • D. Fuzzers can’t reproduce errors.

Pregunta 47

Pregunta
Ken is designing a testing process for software developed by his team. He is designing a test that verifies that every line of code was executed during the test. What type of analysis is Ken performing?
Respuesta
  • A. Branch coverage
  • B. Condition coverage
  • C. Function coverage
  • D. Statement coverage

Pregunta 48

Pregunta
During a port scan, Ben uses nmap’s default settings and sees the following results. If Ben is conducting a penetration test, what should his next step be after receiving these results?
Image:
39 (binary/octet-stream)
Respuesta
  • A. Connect to the web server using a web browser.
  • B. Connect via Telnet to test for vulnerable accounts.
  • C. Identify interesting ports for further scanning.
  • D. Use sqlmap against the open databases.

Pregunta 49

Pregunta
During a port scan, Ben uses nmap’s default settings and sees the following results. Based on the scan results, what operating system (OS) was the system that was scanned most likely running?
Image:
39 (binary/octet-stream)
Respuesta
  • A. Windows Desktop
  • B. Linux
  • C. Network device
  • D. Windows Server

Pregunta 50

Pregunta
During a port scan, Ben uses nmap’s default settings and sees the following results. Ben’s manager expresses concern about the coverage of his scan. Why might his manager have this concern?
Image:
39 (binary/octet-stream)
Respuesta
  • A. Ben did not test UDP services.
  • B. Ben did not discover ports outside the “well-known ports.”
  • C. Ben did not perform OS fingerprinting.
  • D. Ben tested only a limited number of ports.
Mostrar resumen completo Ocultar resumen completo

¿Quieres crear tus propios Tests gratis con GoConqr? Más información.

Similar

Resumen de Selectividad Inglés
maya velasquez
Capitales Europeas
Diego Santos
Trigonometría
Ana Priego
PAU - Lengua
Jesús Peñalver
La narrativa hispanoamericana
ignaciobll
¿A qué tiempo y modo corresponde?
Remei Gomez Gracia
Integrales Indefinidas
Rupert012
Arquitectura Gótica
maya velasquez
Romanticismo literario del S. XIX
maya velasquez
Partes de la célula animal y vegetal
Cami Puaque
TEJIDO EPITELIAL
Juan José Fierro
Explorar la Librería