Question 1

List and describe the three categories that TCP/IP divides port numbers into.

Accepted Answer

Well-known port numbers (0-1023). Reserv

Question 2

List two types of hardening techniques.

Accepted Answer

Protecting accounts with passw

Question 3

A ____ is a network set up with intentional vulnerabilities.

Accepted Answer

A)  honeynet 
B)  honeypot 
C)  honeycomb 
D)  honey hole 
A)  honeynet 
B)  honeypot 
C)  honeycomb 
D)  honey hole

Question 4

While the code for a program is being written, it is being analyzed by a ____.

Accepted Answer

A)  black box 
B)  code review 
C)  white box 
D)  scanner 
A)  black box 
B)  code review 
C)  white box 
D)  scanner

Question 5

A(n) ____ means that the application or service assigned to that port is listening for any instructions.

Accepted Answer

A)  open port 
B)  empty port 
C)  closed port 
D)  interruptible system 
A)  open port 
B)  empty port 
C)  closed port 
D)  interruptible system

Question 6

Describe the purpose of a honeypot.

Accepted Answer

A honeypot can also direct an attacker's

Question 7

A(n) ____ is hardware or software that captures packets to decode and analyze its contents.

Accepted Answer

A)  application analyzer 
B)  protocol analyzer 
C)  threat profiler 
D)  system analyzer 
A)  application analyzer 
B)  protocol analyzer 
C)  threat profiler 
D)  system analyzer

Question 8

____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.

Accepted Answer

Vulnerabil

Question 9

A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.

Accepted Answer

A)  white box 
B)  black box 
C)  replay 
D)  system 
A)  white box 
B)  black box 
C)  replay 
D)  system

Question 10

Describe a penetration testing report.

Accepted Answer

The report is generally "short and sweet

Question 11

____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.

Accepted Answer

A)  Insourcing 
B)  Outsourcing 
C)  Outcasting 
D)  Inhousing 
A)  Insourcing 
B)  Outsourcing 
C)  Outcasting 
D)  Inhousing

Question 12

The end product of a penetration test is the penetration ____.

Accepted Answer

A)  test profile 
B)  test report 
C)  test system 
D)  test view 
A)  test profile 
B)  test report 
C)  test system 
D)  test view

Question 13

Match between columns
                        Premises: An automated software search through a system for any known security weaknesses
Identify what damages could result from the threats
Designed to actually exploit any weaknesses in systems that are vulnerable
Identify what needs to be protected
Eliminating as many security risks as possible and make the system more secure
Identify what to do about threats
A systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is potentially harmful
Identifying what the pressures are against a company
Identifying how susceptible the current protection is

Accepted Answer

The Answer of Asset identification and Vulnerability scan and Vulnerability is...

Question 14

A(n) ____________________ scan uses various techniques to avoid detection.

Accepted Answer

The answer of A(n) ____________________ scan uses various techniques to...

Question 15

A(n) ____ examines the current security in a passive method.

Accepted Answer

A)  application scan 
B)  system scan 
C)  threat scan 
D)  vulnerability scan 
A)  application scan 
B)  system scan 
C)  threat scan 
D)  vulnerability scan

Question 16

A(n) ____ indicates that no process is listening at this port.

Accepted Answer

A)  open port 
B)  open address 
C)  closed address 
D)  closed port 
A)  open port 
B)  open address 
C)  closed address 
D)  closed port

Question 17

The ____ for software is the code that can be executed by unauthorized users.

Accepted Answer

A)  vulnerability surface 
B)  risk profile 
C)  input surface 
D)  attack surface 
A)  vulnerability surface 
B)  risk profile 
C)  input surface 
D)  attack surface

Question 18

The first step in a vulnerability assessment is to determine the assets that need to be protected.

Accepted Answer

A) True 
 B)False

Question 19

A(n) ____________________ box test is one in which some limited information has been provided to the tester.

Accepted Answer

The answer of A(n) ____________________ box test is one in...

Question 20

Discuss the purpose of OVAL.

Accepted Answer

OVAL is designed to promote open and pub

List and describe the three categories that TCP/IP divides port numbers into.

List two types of hardening techniques.

A ____ is a network set up with intentional vulnerabilities.

While the code for a program is being written, it is being analyzed by a ____.

A(n) ____ means that the application or service assigned to that port is listening for any instructions.

Describe the purpose of a honeypot.

A(n) ____ is hardware or software that captures packets to decode and analyze its contents.

____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.

A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.

Describe a penetration testing report.

____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.

The end product of a penetration test is the penetration ____.

A(n) ____________________ scan uses various techniques to avoid detection.

A(n) ____ examines the current security in a passive method.

A(n) ____ indicates that no process is listening at this port.

The ____ for software is the code that can be executed by unauthorized users.

The first step in a vulnerability assessment is to determine the assets that need to be protected.

A(n) ____________________ box test is one in which some limited information has been provided to the tester.

Discuss the purpose of OVAL.

Introduction to Security

Malware and Social Engineering Attacks

Application and Network Attacks

Host, Application, and Data Security

Network Security

Administering a Secure Network

Wireless Network Security

Access Control Fundamentals

Authentication and Account Management

Basic Cryptography

Advanced Cryptography

Business Continuity

Risk Mitigation

Filters

Exam 4: Vulnerability Assessment and Mitigating Attacks

List and describe the three categories that TCP/IP divides port numbers into.

List two types of hardening techniques.

A ____ is a network set up with intentional vulnerabilities.

While the code for a program is being written, it is being analyzed by a ____.

A(n) ____ means that the application or service assigned to that port is listening for any instructions.

Describe the purpose of a honeypot.

A(n) ____ is hardware or software that captures packets to decode and analyze its contents.

____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.

A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.

Describe a penetration testing report.

____ is a means by which an organization can transfer the risk to a third party who can demonstrate a higher capability at managing or reducing risks.

The end product of a penetration test is the penetration ____.

A(n) ____________________ scan uses various techniques to avoid detection.

A(n) ____ examines the current security in a passive method.

A(n) ____ indicates that no process is listening at this port.

The ____ for software is the code that can be executed by unauthorized users.

The first step in a vulnerability assessment is to determine the assets that need to be protected.

A(n) ____________________ box test is one in which some limited information has been provided to the tester.

Discuss the purpose of OVAL.

Introduction to Security

Malware and Social Engineering Attacks

Application and Network Attacks

Host, Application, and Data Security

Network Security

Administering a Secure Network

Wireless Network Security

Access Control Fundamentals

Authentication and Account Management

Basic Cryptography

Advanced Cryptography

Business Continuity

Risk Mitigation

Filters