Chapter 6 ■ Security Assessment and Testing (Domain 6) 139
- Which of the following is not an interface that is typically tested during the software
testing process?
A. APIs
B. Network interfaces
C. UIs
D. Physical interfaces - Alan’s organization uses the Security Content Automation Protocol (SCAP) to standardize
its vulnerability management program. Which component of SCAP can Alan use to recon-
cile the identity of vulnerabilities generated by different security assessment tools?
A. OVA L
B. XCCDF
C. CVE
D. SCE - Misconfiguration, logical and functional flaws, and poor programming practices are all
causes of what common security issue?
A. Fuzzing
B. Security vulnerabilities
C. Buffer overflows
D. Race conditions - Which of the following strategies is not a reasonable approach for remediating a vulner-
ability identified by a vulnerability scanner?
A. Install a patch.
B. Use a workaround fix.
C. Update the banner or version number.
D. Use an application layer firewall or IPS to prevent attacks against the identified
vulnerability. - During a penetration test Saria calls her target’s help desk claiming to be the senior
assistant to an officer of the company. She requests that the help desk reset the officer’s
password because of an issue with his laptop while traveling and persuades them to do so.
What type of attack has she successfully completed?
A. Zero knowledge
B. Help desk spoofing
C. Social engineering
D. Black box