134 Chapter 6 ■ Security Assessment and Testing (Domain 6)
- Testing that is focused on functions that a system should not allow are an example of what
type of testing?
A. Use case testing
B. Manual testing
C. Misuse case testing
D. Dynamic testing - What type of monitoring uses simulated traffic to a website to monitor performance?
A. Log analysis
B. Synthetic monitoring
C. Passive monitoring
D. Simulated transaction analysis - Which of the following vulnerabilities is unlikely to be found by a web vulnerability
scanner?
A. Path disclosure
B. Local file inclusion
C. Race condition
D. Buffer overflow - Jim uses a tool that scans a system for available services and then connects to them to
collect banner information to determine what version of the service is running. It then
provides a report detailing what it gathers, basing results on service fingerprinting, banner
information, and similar details it gathers combined with CVE information. What type of
tool is Jim using?
A. A port scanner
B. A service validator
C. A vulnerability scanner
D. A patch management tool - Emily builds a script that sends data to a web application that she is testing. Each time the
script runs, it sends a series of transactions with data that fits the expected requirements of
the web application to verify that it responds to typical customer behavior. What type of
transactions is she using, and what type of test is this?
A. Synthetic, passive monitoring
B. Synthetic, use case testing
C. Actual, dynamic monitoring
D. Actual, fuzzing