128 Chapter 6 ■ Security Assessment and Testing (Domain 6)
- During a port scan, Susan discovers a system running services on TCP and UDP 137-139
and TCP 445, as well as TCP 1433. What type of system is she likely to find if she
connects to the machine?
A. A Linux email server
B. A Windows SQL server
C. A Linux file server
D. A Windows workstation - Which of the following is a method used to design new software tests and to ensure the
quality of tests?
A. Code auditing
B. Static code analysis
C. Regression testing
D. Mutation testing - During a port scan, Lauren found TCP port 443 open on a system. Which tool is best
suited to scanning the service that is most likely running on that port?
A. zzuf
B. Nikto
C. Metasploit
D. sqlmap - What message logging standard is commonly used by network devices, Linux and Unix
systems, and many other enterprise devices?
A. Syslog
B. Netlog
C. Eventlog
D. Remote Log Protocol (RLP) - Alex wants to use an automated tool to fill web application forms to test for format string
vulnerabilities. What type of tool should he use?
A. A black box
B. A brute-force tool
C. A fuzzer
D. A static analysis tool