Chapter 6 ■ Security Assessment and Testing (Domain 6) 149
C. sqlthrash
D. Nessus- During a penetration test of her organization, Kathleen’s IPS detects a port scan that has
the URG, FIN, and PSH flags set and produces an alarm. What type of scan is the pen-
etration tester attempting?
A. A SYN scan
B. A TCP flag scan
C. An Xmas scan
D. An ACK scan - Nmap is an example of what type of tool?
A. Vulnerability scanner
B. Web application fuzzer
C. Network design and layout
D. Port scanner- What type of vulnerabilities will not be found by a vulnerability scanner?
A. Local vulnerabilities
B. Service vulnerabilities
C. Zero-day vulnerabilities
D. Vulnerabilities that require authentication- MITRE’s CVE database provides what type of information?
A. Current versions of software
B. Patching information for applications
C. Vulnerability information
D. A list of costs versus effort required for common processes- When designing an assessment following NIST SP 800-53A, which assessment component
includes policies and procedures?
A. Specifications
B. Mechanisms
C. Activities
D. Individuals