Chapter 6 ■ Security Assessment and Testing (Domain 6) 131
- Ben uses a fuzzing tool that tests an application by developing data models and creating
fuzzed data based on information about how the application uses data. What type of fuzz-
ing is Ben doing?
A. Mutation
B. Parametric
C. Generational
D. Derivative - Saria wants to log and review traffic information between parts of her network. What
type of network logging should she enable on her routers to allow her to perform this
analysis?
A. Audit logging
B. Flow logging
C. Trace logging
D. Route logging - Jim has been contracted to conduct a gray box penetration test, and his clients have pro-
vided him with the following information about their networks so that he can scan them:
Data center: 10.10.10.0/24
Sales: 10.10.11.0/24
Billing: 10.10.12.0/24
Wireless: 192.168.0.0/16
What problem will Jim encounter if he is contracted to conduct a scan from offsite?
A. The IP ranges are too large to scan efficiently.
B. The IP addresses provided cannot be scanned.
C. The IP ranges overlap and will cause scanning issues.
D. The IP addresses provided are RFC 1918 addresses.- Karen’s organization has been performing system backups for years but has not used the
backups frequently. During a recent system outage, when administrators tried to restore
from backups, they found that the backups had errors and could not be restored. Which of
the following options should Karen avoid when selecting ways to ensure that her organiza-
tion’s backups will work next time?
A. Log review
B. MTD verification
C. Hashing
D. Periodic testing