Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Exam 9: Network Vulnerability Assessment

arrow
Exam 1: Introduction to Information Security50 Questionsadd course
Exam 2: Introduction to Networking50 Questionsadd course
Exam 3: Cryptography50 Questionsadd course
Exam 4: Firewall Technologies and Administration50 Questionsadd course
Exam 5: Network Authentication and Remote Access Using Vpn50 Questionsadd course
Exam 6: Network Monitoring and Intrusion Detection and Prevention Systems50 Questionsadd course
Exam 7: Wireless Network Security49 Questionsadd course
Exam 8: Security of Web Applications50 Questionsadd course
Exam 9: Network Vulnerability Assessment49 Questionsadd course
Exam 10: Auditing, Monitoring, and Logging50 Questionsadd course
Exam 11: Contingency Planning and Networking Incident Response50 Questionsadd course
Exam 12: Digital Forensics50 Questionsadd course
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags
search iconSearch Question
flashcardsStudy Flashcards
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags

What are "race conditions"?

Free
(Essay)
4.8/5
(26)
Question 1
Correct Answer:
Verified

"Race conditions" refers to situations in which two threads, processes, or applications are able to modify a resource (and therefore interfere with each other) and the programmer has not taken precautions to ensure that the desired sequence of events is completed in the proper order. From a security standpoint, an attacker is looking to exploit the condition whereby a legitimate thread or process is consumed passing a code check and the malicious code slips by unnoticed.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -Designed to crack WEP and WPA-PSK keys to allow packet sniffing and wireless network auditing.

Free
(Short Answer)
4.9/5
(36)
Question 2
Correct Answer:
Verified

H

Probably the most popular port scanner is ____, which runs on both UNIX and Windows systems.

Free
(Multiple Choice)
4.8/5
(39)
Question 3
Correct Answer:
Verified

A

Because it accepts firewall and intrusion logs from many sources, ____ is often one of the first organizations to spot network anomalies, and it often traces them to specific malware or vulnerability exploits.

(Multiple Choice)
4.9/5
(28)
Question 4

Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code.

(True/False)
4.8/5
(45)
Question 5

A(n) ____________________ vulnerability scanner initiates traffic on the network in order to identify security holes.

(Short Answer)
4.9/5
(24)
Question 6

A(n) ____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.

(Multiple Choice)
4.9/5
(37)
Question 7

Which vulnerability can occur if a programmer does not properly validate user input and allows an attacker to include unintended SQL input that can be passed to a database?

(Multiple Choice)
4.9/5
(32)
Question 8

____ is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.

(Multiple Choice)
4.9/5
(29)
Question 9

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -When run with the -sI switch, it allows you to bounce your scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.

(Short Answer)
4.7/5
(33)
Question 10

If Web software can access parts of the underlying operating system's file system through normal URL mappings, a(n) ____ may occur.

(Multiple Choice)
4.9/5
(36)
Question 11

The process of exploring the Internet presence of a target is sometimes called ____________________.

(Short Answer)
4.9/5
(31)
Question 12

One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as ____.

(Multiple Choice)
4.7/5
(33)
Question 13

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -An enhanced Web scanner that, among other things, scans an entire Web site for valuable pieces of information, such as server names and e-mail addresses.

(Short Answer)
4.8/5
(34)
Question 14

Passive scanners are advantageous in that they do not require vulnerability analysts to get prior approval for testing.

(True/False)
4.8/5
(28)
Question 15

Why should you secure open ports?

(Essay)
4.9/5
(34)
Question 16

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -A UNIX or Linux systems support tool that allows a remote individual to "mirror" entire Web sites.

(Short Answer)
4.8/5
(37)
Question 17

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -Uses ICMP to determine the remote OS.

(Short Answer)
4.8/5
(24)
Question 18

The ____ stage of the attack methodology is a systematic survey of the target organization's Internet addresses, conducted to identify the network services offered by the hosts in that range.

(Multiple Choice)
4.9/5
(34)
Question 19

A(n) ____________________ is a network channel or connection point in a data communications system.

(Short Answer)
4.8/5
(31)
Question 20
Showing 1 - 20 of 49
close modal

Filters

  • Essay(0)
  • Multiple Choice(0)
  • Short Answer(0)
  • True False(0)
  • Matching(0)