144 Chapter 6 ■ Security Assessment and Testing (Domain 6)
- During a port scan of his network, Alex finds that a number of hosts respond on TCP
ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices
is Alex likely discovering?
A. Web servers
B. File servers
C. Wireless access points
D. Printers - Nikto, Burp Suite, and Wapiti are all examples of what type of tool?
A. Web application vulnerability scanners
B. Code review tools
C. Vulnerability scanners
D. Port scanners - Place the following elements of a Fagan inspection code review in the correct order.
A. Follow-up
B. Inspection
C. Overview
D. Planning
E. Preparation
F. Rework - Jim is working with a penetration testing contractor who proposes using Metasploit as
part of her penetration testing effort. What should Jim expect to occur when Metasploit is
used?
A. Systems will be scanned for vulnerabilities.
B. Systems will have known vulnerabilities exploited.
C. Services will be probed for buffer overflow and other unknown flaws.
D. Systems will be tested for zero-day exploits. - Susan needs to ensure that the interactions between the components of her e-commerce
application are all handled properly. She intends to verify communications, error handling,
and session management capabilities throughout her infrastructure. What type of testing is
she planning to conduct?
A. Misuse case testing
B. Fuzzing
C. Regression testing
D. Interface testing