Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise? |
vulnerability scanning
|
|
|
Which of the following tests a number of security controls in the least invasive manner?
|
vulnerability scan
|
|
|
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?
|
gray box testing
|
|
|
Which of the following would be used to identify the security posture of a network without actually exploiting any weaknesses?
|
vulnerability scan
|
|
|
A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?
|
penetration test
|
|
|
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?
|
white box
|
|
|
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?
|
The security company is provided with no information about the corporate network or physical locations.
|
|
|
The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?
|
black box
|
|
|
Which of the following should an administrator implement to research current attack methodologies?
|
honeypot
|
|
|
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: |
black box testing
|
|
|
Sara, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task?
|
port scan and fingerprinting
|
|
|
After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?
|
advanced persisten threat
|
|
|
Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?
|
disabling unnecessary services
|
|
|
Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network? |
protocol analyzer
|
|
|
Which of the following BEST represents the goal of a vulnerability assessment?
|
to determine the systems security posture |
