Chapter 6 ■ Security Assessment and Testing (Domain 6) 129
- Susan needs to scan a system for vulnerabilities, and she wants to use an open-source tool
to test the system remotely. Which of the following tools will meet her requirements and
allow vulnerability scanning?
A. Nmap
B. O p enVA S
C. MBSA
D. Nessus - NIST Special Publication 800-53A describes four major types of assessment objects that
can be used to identify items being assessed. If the assessment covers IPS devices, which
type of assessment objects is being assessed?
A. A specification
B. A mechanism
C. An activity
D. An individual - Jim has been contracted to perform a penetration test of a bank’s primary branch. In order
to make the test as real as possible, he has not been given any information about the bank
other than its name and address. What type of penetration test has Jim agreed to perform?
A. A crystal box penetration test
B. A gray box penetration test
C. A black box penetration test
D. A white box penetration test - Alex is using nmap to perform port scanning of a system, and he receives three different
port status messages in the results. Match each of the numbered status messages with the
appropriate lettered description. You should use each item exactly once.
Status message- Open
- Closed
- Filtered
DescriptionA. The port is accessible on the remote system, but no application is accepting connec-
tions on that port.
B. The port is not accessible on the remote system.
C. The port is accessible on the remote system, and an application is accepting connec-
tions on that port.