136 Chapter 6 ■ Security Assessment and Testing (Domain 6)
- During a penetration test, Lauren is asked to test the organization’s Bluetooth security.
Which of the following is not a concern she should explain to her employers?
A. Bluetooth scanning can be time-consuming.
B. Many devices that may be scanned are likely to be personal devices.
C. Bluetooth passive scans may require multiple visits at different times to identify all
targets.
D. Bluetooth active scans can’t evaluate the security mode of Bluetooth devices. - What term describes software testing that is intended to uncover new bugs introduced by
patches or configuration changes?
A. Nonregression testing
B. Evolution testing
C. Smoke testing
D. Regression testing - Which of the tools cannot identify a target’s operating system for a penetration tester?
A. Nmap
B. Nessus
C. Nikto
D. sqlmap - Susan needs to predict high-risk areas for her organization and wants to use metrics to
assess risk trends as they occur. What should she do to handle this?
A. Perform yearly risk assessments.
B. Hire a penetration testing company to regularly test organizational security.
C. Identify and track key risk indicators.
D. Monitor logs and events using a SIEM device. - What major difference separates synthetic and passive monitoring?
A. Synthetic monitoring only works after problems have occurred.
B. Passive monitoring cannot detect functionality issues.
C. Passive monitoring only works after problems have occurred.
D. Synthetic monitoring cannot detect functionality issues.
For questions 41–43, please refer to the following scenario. Chris uses the standard pen-
etration testing methodology shown here. Use this methodology and your knowledge of
penetration testing to answer questions about tool usage during a penetration test.