Chapter 6: Security Assessment and Testing (Domain 6) 369
- B. Locks can be preventative access controls by stopping unwanted access, can deter
potential intruders by making access difficult, and are physical access controls. They are
not directive controls because they don’t control the actions of subjects. - B. Windows uses Kerberos for authentication. RADIUS is typically used for wireless
networks, modems, and network devices, while OAuth is primarily used for web
applications. TACACS+ is used for network devices. - C. The default ports for SSL/TLS LDAP directory information and global catalog services
are 636 and 3269, respectively. Unsecure LDAP uses 389, and unsecure global directory
services use 3268.
Chapter 6: Security Assessment and Testing (Domain 6)
- B. TCP and UDP ports 137–139 are used for NetBIOS services, whereas 445 is used for
Active Directory. TCP 1433 is the default port for Microsoft SQL, indicating that this is
probably a Windows server providing SQL services. - D. Mutation testing modifies a program in small ways and then tests that mutant to
determine if it behaves as it should or if it fails. This technique is used to design and test
software tests through mutation. Static code analysis and regression testing are both
means of testing code, whereas code auditing is an analysis of source code rather than a
means of designing and testing software tests. - B. TCP port 443 normally indicates an HTTPS server. Nikto is useful for vulnerability
scanning web servers and applications and is the best choice listed for a web server.
Metasploit includes some scanning functionality but is not a purpose-built tool for
vulnerability scanning. zzuf is a fuzzing tool and isn’t relevant for vulnerability scans,
whereas sqlmap is a SQL injection testing tool. - A. Syslog is a widely used protocol for event and message logging. Eventlog, netlog, and
Remote Log Protocol are all made-up terms. - C. Fuzzers are tools that are designed to provide invalid or unexpected input to
applications, testing for vulnerabilities like format string vulnerabilities, buffer overflow
issues, and other problems. A static analysis relies on examining code without running
the application or code and thus would not fill forms as part of a web application. Brute-
force tools attempt to bypass security by trying every possible combination for passwords
or other values. A black box is a type of penetration test where the testers do not know
anything about the environment. - B. OpenVAS is an open-source vulnerability scanning tool that will provide Susan with a
report of the vulnerabilities that it can identify from a remote, network-based scan. Nmap
is an open-source port scanner. Both the Microsoft Baseline Security Analyzer (MBSA)
and Nessus are closed-source tools, although Nessus was originally open source.