Chapter 6 ■ Security Assessment and Testing (Domain 6) 135
- What passive monitoring technique records all user interaction with an application or web-
site to ensure quality and performance?
A. Client/server testing
B. Real user monitoring
C. Synthetic user monitoring
D. Passive user recording - Earlier this year, the information security team at Jim’s employer identified a vulnerability
in the web server that Jim is responsible for maintaining. He immediately applied the patch
and is sure that it installed properly, but the vulnerability scanner has continued to incor-
rectly flag the system as vulnerable due to the version number it is finding even though Jim
is sure the patch is installed. Which of the following options is Jim’s best choice to deal
with the issue?
A. Uninstall and reinstall the patch.
B. Ask the information security team to flag the system as patched and not vulnerable.
C. Update the version information in the web server’s configuration.
D. Review the vulnerability report and use alternate remediation options. - Angela wants to test a web browser’s handling of unexpected data using an automated
tool. What tool should she choose?
A. Nmap
B. zzuf
C. Nessus
D. Nikto - STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure,
Denial of Service, Elevation of Privilege, is useful in what part of application threat
modeling?
A. Vulnerability assessment
B. Misuse case testing
C. Threat categorization
D. Penetration test planning - Why should passive scanning be conducted in addition to implementing wireless security
technologies like wireless intrusion detection systems?
A. It can help identify rogue devices.
B. It can test the security of the wireless network via scripted attacks.
C. Their short dwell time on each wireless channel can allow them to capture more
packets.
D. They can help test wireless IDS or IPS systems.