FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 9: Network Vulnerability Assessment

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

True/False

Review LaterAdd Note

Review Later

Passive scanners are advantageous in that they do not require vulnerability analysts to get prior approval for testing.

A) True
B) False

Correct Answer

verified

Show Answer

Question 2

Multiple Choice

Review LaterAdd Note

Review Later

A(n) ____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.

A) audit
B) penetration test
C) ruleset review
D) hash

E) B) and C)
F) None of the above

Correct Answer

verified

Show Answer

Question 3

Essay

Review LaterAdd Note

What are "race conditions"?

____ is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.

Which vulnerability can occur if a programmer does not properly validate user input and allows an attacker to include unintended SQL input that can be passed to a database?

A(n) ____________________ vulnerability scanner initiates traffic on the network in order to identify security holes.

The process of exploring the Internet presence of a target is sometimes called ____________________.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -Uses ICMP to determine the remote OS.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -When run with the -sI switch, it allows you to bounce your scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -An enhanced Web scanner that, among other things, scans an entire Web site for valuable pieces of information, such as server names and e-mail addresses.

The ____ stage of the attack methodology is a systematic survey of the target organization's Internet addresses, conducted to identify the network services offered by the hosts in that range.

One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as ____.

Probably the most popular port scanner is ____, which runs on both UNIX and Windows systems.

Because it accepts firewall and intrusion logs from many sources, ____ is often one of the first organizations to spot network anomalies, and it often traces them to specific malware or vulnerability exploits.

If Web software can access parts of the underlying operating system's file system through normal URL mappings, a(n) ____ may occur.

Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code.

A(n) ____________________ is a network channel or connection point in a data communications system.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -Designed to crack WEP and WPA-PSK keys to allow packet sniffing and wireless network auditing.

Why should you secure open ports?

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -A UNIX or Linux systems support tool that allows a remote individual to "mirror" entire Web sites.