Tyler Hampton
Test por , creado hace más de 1 año

Explain the proper use of penetration testing versus vulnerability scanning.

22
0
0
Tyler Hampton
Creado por Tyler Hampton hace más de 6 años
Cerrar

S+ Objective 3.8 Quiz

Pregunta 1 de 9

1

You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you've verified the servers have these patches installed. Which of the following BEST describes this?

Selecciona una de las siguientes respuestas posibles:

  • False negative

  • Misconfiguration of servers

  • False positive

  • Servers not hardened

Explicación

Pregunta 2 de 9

1

You suspect that a database server used by a web application does not have current patches. Which of the following is the BEST action to take to verify the server has up-to-date patches?

Selecciona una de las siguientes respuestas posibles:

  • Vulnerability Scan

  • Port Scan

  • Protocol Analyzer

  • Host Enumeration

Explicación

Pregunta 3 de 9

1

An organization has a legacy server within the DMZ. It is running older software that is not compatible with current patches, so it remains unpatched. Management accepts the risk on this system, but wants to know if attackers can access the internal network if they successfully compromise this server. Which of the following is the MOST appropriate test?

Selecciona una de las siguientes respuestas posibles:

  • Vulnerability Scan

  • Port Scan

  • Code Review

  • Pentest

Explicación

Pregunta 4 de 9

1

Testers do not have access to product documentation or any experience with an application. What type of test will they MOST likely perform?

Selecciona una de las siguientes respuestas posibles:

  • Gray box

  • White box

  • Black box

  • Black hat

Explicación

Pregunta 5 de 9

1

Your organization has hired a group of external testers to perform a black box penetration test. One of the testers asks you to provide information about your internal network. What should you provide?

Selecciona una de las siguientes respuestas posibles:

  • A list of IP ranges and the types of security devices operational on the network

  • Network diagrams but without internal IP addresses

  • Access points to the network

  • Nothing

  • Some network diagrams and some IP addresses, but not all

Explicación

Pregunta 6 de 9

1

Which of the following tools is the MOST invasive type of testing?

Selecciona una de las siguientes respuestas posibles:

  • Pentest

  • Protocol Analyzer

  • Vulnerability Scan

  • HIDS

Explicación

Pregunta 7 de 9

1

Testers are analyzing a web application your organization is planning to deploy. They have full access to product documentation, including the code and data structures used by the application. What type of test will they MOST likely perform?

Selecciona una de las siguientes respuestas posibles:

  • Gray box

  • White box

  • Black box

  • Gray Hat

Explicación

Pregunta 8 de 9

1

Lisa recently an application to test the security posture of a database server running in a a test bed. What type of report will she retrieve to identify vulnerabilities that the application actually exploited?

Selecciona una de las siguientes respuestas posibles:

  • Penetration test report

  • Vulnerability report

  • Risk assessment report

  • Code review report

Explicación

Pregunta 9 de 9

1

Your organization outsourced development of a software module to modify the functionality of an existing proprietary application. The developer completed the module and is now testing it with the entire application. What type of testing is the developer performing?

Selecciona una de las siguientes respuestas posibles:

  • White box

  • Black box

  • Gray box

  • Code Review

Explicación