Question 1

Each packet/datagram contains a source port and destination port.

Accepted Answer

Each packet/datagram contains a source port and destination port which are used to identify the application or service that requested the transmission and the destination service that should receive the transmission.

Question 2

What is the name of the process that basically takes a snapshot of the current security of an organization?&#10;A)threat analysis&#10;B)vulnerability appraisal&#10;C)risk assessment&#10;D)threat assessment

Accepted Answer

A vulnerability appraisal is the process that takes a snapshot of the current security of an organization by identifying and evaluating vulnerabilities.

Question 3

A port in what state below implies that an application or service assigned to that port is listening for any instructions?&#10;A)open port&#10;B)empty port&#10;C)closed port&#10;D)interruptible system

Accepted Answer

An open port implies that an application or service assigned to that port is actively listening and ready to receive instructions or data. It is essentially an open doorway for communication between two systems.

Question 4

Realistically,risks can never be entirely eliminated.

Accepted Answer

Risks are inherent in any situation or decision, and while steps can be taken to mitigate them, there is always a possibility of something unexpected happening. Therefore, risks can never be entirely eliminated.

Question 5

What is another term used for a security weakness?&#10;A)threat&#10;B)vulnerability&#10;C)risk&#10;D)opportunity

Accepted Answer

A vulnerability refers to a security weakness that can be exploited by attackers. It can exist in a system, network, or application, making it prone to cyber attacks. Other options like threat and risk are related concepts but not equivalent to vulnerabilities. An opportunity does not imply a security weakness.

Question 6

Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed.

Accepted Answer

Vulnerability scanning is an essential step in maintaining the security of any system. It should be conducted on existing systems on a regular basis to identify any potential weaknesses or vulnerabilities that could be exploited by attackers. Additionally, vulnerability scanning should be performed whenever new technology equipment is deployed to ensure that it is properly configured and secured.

Question 7

An administrator running a port scan wants to ensure that no processes are listening on port 23.What state should the port be in?&#10;A)open port&#10;B)secure port&#10;C)hardened port&#10;D)closed port

Accepted Answer

A closed port is a port that is not actively listening for incoming connections. This means that the port is not in use and no processes are currently listening on it. An open port would be actively listening for incoming connections, and a secure or hardened port is not a standard state for a port to be in.

Question 8

The second step in a vulnerability assessment is to determine the assets that need to be protected.

Accepted Answer

The first step in a vulnerability assessment is typically to define and identify the assets that need protection, making the determination of assets not the second step but rather the initial step in the process.

Question 9

An administrator needs to view packets and decode and analyze their contents.What type of application should the administrator use?&#10;A)application analyzer&#10;B)protocol analyzer&#10;C)threat profiler&#10;D)system analyzer

Accepted Answer

A protocol analyzer, also known as a packet sniffer, is designed to capture and analyze network traffic in real-time. It allows the administrator to view packets as they are transmitted over the network and decode the contents to analyze network performance, troubleshoot problems, and detect security threats. Application analyzers are focused on analyzing and troubleshooting specific applications, while system analyzers focus on analyzing system performance. Threat profilers are used to identify and analyze potential security threats. Therefore, the best choice for this scenario is a protocol analyzer.

Question 10

A risk management assessment is a systematic and methodical evaluation of the security posture of the enterprise.

Accepted Answer

The answer of A risk management assessment is a systematic...

Question 11

During a vulnerability assessment,what type of software can be used to search a system for port vulnerabilities?&#10;A)threat scanner&#10;B)vulnerability profiler&#10;C)port scanner&#10;D)application profiler

Accepted Answer

The answer of During a vulnerability assessment,what type of software...

Question 12

Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic,yet they are imitations of real data files?&#10;A)port scanner&#10;B)honeynet&#10;C)honeypot&#10;D)honeycomb

Accepted Answer

The answer of Which is the term for a computer...

Question 13

TCP/IP uses a numeric value as an identifier to the applications and services on these systems.

Accepted Answer

The answer of TCP/IP uses a numeric value as an...

Question 14

What is the term for a network set up with intentional vulnerabilities?&#10;A)honeynet&#10;B)honeypot&#10;C)honeycomb&#10;D)honey hole

Accepted Answer

The answer of What is the term for a network...

Question 15

Which item below is the standard security checklist against which systems are evaluated for a security posture?&#10;A)profile&#10;B)threat&#10;C)control&#10;D)baseline

Accepted Answer

The answer of Which item below is the standard security...

Question 16

Determining vulnerabilities often depends on the background and experience of the assessor.

Accepted Answer

The answer of Determining vulnerabilities often depends on the background...

Question 17

The goal of what type of threat evaluation is to better understand who the attackers are,why they attack,and what types of attacks might occur?&#10;A)threat mitigation&#10;B)threat profiling&#10;C)risk modeling&#10;D)threat modeling

Accepted Answer

The answer of The goal of what type of threat...

Question 18

Netstat displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP)and DNS settings.

Accepted Answer

The answer of Netstat displays all current TCP/IP network configuration...

Question 19

Nslookup displays detailed information about how a device is communicating with other network devices.

Accepted Answer

The answer of Nslookup displays detailed information about how a...

Question 20

In white box and gray box testing,the first task of the tester is to perform preliminary information gathering on their own from outside the organization,sometimes called open source intelligence (OSINT).

Accepted Answer

The answer of In white box and gray box testing,the...

Question 21

What type of reconnaissance is a penetration tester performing if they are using tools that do not raise any alarms?&#10;A)active&#10;B)passive&#10;C)invasive&#10;D)evasive

Accepted Answer

The answer of What type of reconnaissance is a penetration...

Question 22

If a user uses the operating system's &#34;delete&#34; command to erase data,what type of data removal procedure was used?&#10;A)wiping&#10;B)purging&#10;C)degaussing&#10;D)data sanitation

Accepted Answer

The answer of If a user uses the operating system's...

Question 23

Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools?&#10;A)replication image&#10;B)assessment image&#10;C)penetration framework&#10;D)exploitation framework

Accepted Answer

The answer of Which of the following is used to...

Question 24

Which scan examines the current security,using a passive method?&#10;A)application scan&#10;B)system scan&#10;C)threat scan&#10;D)vulnerability scan

Accepted Answer

The answer of Which scan examines the current security,using a...

Question 25

Which security procedure is being demonstrated if an administrator is using Wireshark to watch for specific inbound and outbound traffic?&#10;A)application search&#10;B)application control&#10;C)firewall monitoring&#10;D)virus control

Accepted Answer

The answer of Which security procedure is being demonstrated if...

Question 26

Which of the following is the goal of a vulnerability scan? (Choose all that apply. )&#10;A)identify vulnerabilities&#10;B)identify common misconfigurations&#10;C)identify threat actors&#10;D)identify a lack of security controls

Accepted Answer

The answer of Which of the following is the goal...

Question 27

What type of scanner sends &#34;probes&#34; to network devices and examine the responses received back to evaluate whether a specific device needs remediation?&#10;A)active&#10;B)non-intrusive&#10;C)passive&#10;D)intrusive

Accepted Answer

The answer of What type of scanner sends &#34;probes&#34; to...

Question 28

What term is defined as the state or condition of being free from public attention to the degree that you determine?&#10;A)freedom&#10;B)secure&#10;C)privacy&#10;D)contentment

Accepted Answer

The answer of What term is defined as the state...

Question 29

What security goal do the following common controls address: hashing,digital signatures,certificates,nonrepudiation tools?&#10;A)confidentiality&#10;B)integrity&#10;C)availability&#10;D)safety

Accepted Answer

The answer of What security goal do the following common...

Question 30

If a penetration tester has gained access to a network and then tries to move around inside the network to other resources,what procedure is the tester performing?&#10;A)pivot&#10;B)spinning&#10;C)persistence&#10;D)secondary exploitation

Accepted Answer

The answer of If a penetration tester has gained access...

Question 31

What type of penetration testing technique is used if the tester has no prior knowledge of the network infrastructure that is being tested?&#10;A)white box&#10;B)gray box&#10;C)black box&#10;D)sealed box

Accepted Answer

The answer of What type of penetration testing technique is...

Question 32

Which of the following is a valid data sensitivity labeling and handling category? (Choose all that apply. )&#10;A)high-risk&#10;B)confidential&#10;C)personal health information&#10;D)proprietary

Accepted Answer

The answer of Which of the following is a valid...

Question 33

Select the vulnerability scan type that will use only the available information to hypothesize the status of the vulnerability.&#10;A)active&#10;B)non-intrusive&#10;C)passive&#10;D)intrusive

Accepted Answer

The answer of Select the vulnerability scan type that will...

Question 34

Which of the following groups categorize the risks associated with the use of private data? (Choose all that apply. )&#10;A)Statistical inferences.&#10;B)Associations with groups.&#10;C)Private and consumer data&#10;D)Individual inconveniences and identity theft.

Accepted Answer

The answer of Which of the following groups categorize the...

Question 35

Which tester has an in-depth knowledge of the network and systems being tested,including network diagrams,IP addresses,and even the source code of custom applications?&#10;A)white box&#10;B)black box&#10;C)replay&#10;D)system

Accepted Answer

The answer of Which tester has an in-depth knowledge of...

Question 36

What is the end result of a penetration test?&#10;A)penetration test profile&#10;B)penetration test report&#10;C)penetration test system&#10;D)penetration test view

Accepted Answer

The answer of What is the end result of a...

Question 37

What security goal do the following common controls address: Redundancy,fault tolerance,and patching.?&#10;A)confidentiality&#10;B)integrity&#10;C)availability&#10;D)safety

Accepted Answer

The answer of What security goal do the following common...

Question 38

Which data erasing method will permanently destroy a magnetic-based hard disk by reducing or eliminating the magnetic field?&#10;A)wiping&#10;B)purging&#10;C)degaussing&#10;D)data sanitation

Accepted Answer

The answer of Which data erasing method will permanently destroy...

Question 39

What process does a penetration tester rely on to access an ever higher level of resources?&#10;A)pivot&#10;B)spinning&#10;C)persistence&#10;D)continuous exploitation

Accepted Answer

The answer of What process does a penetration tester rely...

Question 40

What process addresses how long data must be kept and how it is to be secured?&#10;A)legal retention&#10;B)data retention&#10;C)legal and compliance&#10;D)data methodology

Accepted Answer

The answer of What process addresses how long data must...

Question 41

Explain the concepts of personal data theft and identity theft.

Accepted Answer

The answer of Explain the concepts of personal data theft...

Question 42

List and describe the elements that make up a security posture.

Accepted Answer

The answer of List and describe the elements that make...

Question 43

List and describe two common uses for a protocol analyzer.

Accepted Answer

The answer of List and describe two common uses for...

Question 44

List and describe the three categories that TCP/IP divides port numbers into.

Accepted Answer

The answer of List and describe the three categories that...

Question 45

List two types of hardening techniques.

Accepted Answer

The answer of List two types of hardening techniques....

Question 46

List at least four things that a vulnerability scanner can do.

Accepted Answer

The answer of List at least four things that a...

Question 47

Describe a penetration testing report.

Accepted Answer

The answer of Describe a penetration testing report....

Question 48

Describe the purpose of a honeypot.

Accepted Answer

The answer of Describe the purpose of a honeypot....

Question 49

When a security hardware device fails or a program aborts,which state should it go into?

Accepted Answer

The answer of When a security hardware device fails or...

Question 50

Discuss one type of asset that an organization might have.

Accepted Answer

The answer of Discuss one type of asset that an...

Deck 13: Vulnerability Assessment and Data Security