226 Chapter 9 ■ Practice Test 1
112. Kolin is searching for a network security solution that will allow him to help reduce zero-
day attacks while using identities to enforce a security policy on systems before they con-
nect to the network. What type of solution should Kolin implement?
A. A firewall
B. A NAC system
C. An intrusion detection system
D. Port security- Gwen comes across an application that is running under a service account on a web server.
The service account has full administrative rights to the server. What principle of informa-
tion security does this violate?
A. Need to know
B. Separation of duties
C. Least privilege
D. Job rotation - Which of the following is not a type of structural coverage in a code review process?
A. Statement
B. Trace
C. Loop
D. Data flow - Which of the following tools is best suited to the information gathering phase of a penetra-
tion test?
A. Whois
B. zzuf
C. Nessus
D. Metasploit
For questions 116–118, please refer to the following scenario:During a web application vulnerability scanning test, Steve runs Nikto against a web
server he believes may be vulnerable to attacks. Using the Nikto output shown here,
answer the following questions.