SY EX | 2 MASTER | 暗記メーカー

SY EX | 2 MASTER

333問 • 6ヶ月前

問題一覧

During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?

- Perform a DNS brute-force attack.

A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?

- MySQL

During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?

- Determine the reason for the ports being open.

Which one of the following threats is the most pervasive in modern computing environments?

- Malware

Nara is concerned about the risk of attackers conducting a brute-force attack against her organization. Which one of the following factors is Nara most likely to be able to control?

- Total attack surface

What is the default Nmap scan type when Nmap is not provided with a scan type flag?

- A TCP SYN scan

Lakshman wants to limit what potential attackers can gather during passive or semipassive reconnaissance activities. Which of the following actions will typically most reduce his organization's footprint?

- Limit information available via the organizational website without authentication.

Cassandra's Nmap scan of an open wireless network (192.168.10/24) shows the following host at IP address 192.168.1.1. Which of the following is most likely to be the type of system at that IP address based on the scan results shown?

- A wireless router

Several organizations recently experienced security incidents when their AWS secret keys were published in public GitHub repositories. What is the most significant threat that could arise from this improper key management?

- Total loss of confidentiality, integrity, and availability

After Kristen received a copy of an Nmap scan run by a penetration tester that her company hired, she knows that the tester used the -o flag. What type of information should she expect to see included in the output other than open ports?

- Operating system and Common Platform Enumeration (CPE) data

Andrea wants to conduct a passive footprinting exercise against a target company. Which of the following techniques is not suited to a passive footprinting process?

- Banner grabbing

Alex wants to scan a protected network and has gained access to a system that can communicate to both his scanning system and the internal network, as shown in the image here. What type of Nmap scan should Alex conduct to leverage this host if he cannot install Nap on system A?

- A proxy scan

Maddox is conducting an inventory of access permissions on cloud-based object buckets, such as those provided by the AWS S3 service. What threat is he seeking to mitigate?

- Unprotected storage

Alex has been asked to assess the likelihood of reconnaissance activities against her organization (a small, regional business. Her first assignment is to determine the likelihood of port scans against systems in her organization's screened subnet (otherwise known as a DMZ). How should she rate the likelihood of this occurring?

- High.

Lucy recently detected a cross-site scripting (XSS) vulnerability in her organization's web server. The organization operates a support forum where users can enter HTML tags and the resulting code is displayed to other site visitors. What type of cross-site scripting vulnerability did Lucy discover?

- Persistent

Florian discovered a vulnerability in a proprietary application developed by his organization. The application has a flaw that allows users to log into the system by providing a valid username and leaving the password blank. What term best describes this overflow?

- Broken access control

The company that Dan works for has recently migrated to an SaaS provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment?

- Rely on vendor testing and audits.

18. Which one of the following languages is least susceptible to an injection attack?

- STIX

Which one of the following types of malware would be most useful in a privilege escalation attack?

- Rootkit

//////////// Abdul is conducting a security audit of a multicloud computing environment that incorporates resources from AWS and Microsoft Azure. Which one of the following tools will be least useful to him?

- Pacu

Greg is concerned about the use of DDoS attack tools against his organization, so he purchased a mitigation service from his ISP. What portion of the threat model did Greg reduce?

- Impact

Carrie needs to lock down a Windows workstation that has recently been scanned using Nmap with the results shown here. She knows that the workstation needs to access websites and that the system is part of a Windows domain. What ports should she allow through the system's firewall for externally initiated connections?

- No ports should be open.

Adam's port scan returns results on six TCP ports: 22, 80, 443, 515, 631, and 9100. If Adam needs to guess what type of device this is based on these ports, what is his best guess?

- A printer

In his role as the SOC operator, Manish regularly scans a variety of servers in his organization. After two months of reporting multiple vulnerabilities on a Windows file server, Manish recently escalated the issue to the server administrator's manager. At the next weekly scan window, Manish noticed that all the vulnerabilities were no longer active; however, ports 137, 139, and 445 were still showing as open. What most likely happened?

- The server was patched.

While conducting reconnaissance, Piper discovers what she believes is an SMTP service running on an alternate port. What technique should she use to manually validate her guess?

- Telnet to the port.

Marta is a security analyst who has been tasked with performing Nmap scans of her organization's network. She is a new hire and has been given this logical diagram of the organization's network but has not been provided with any additional detail. Marta wants to determine what IP addresses to scan from location A. How can she find this information?

- Query DNS and WHOlS to find her organization's registered hosts.

If Marta runs a scan from location B that targets the servers on the datacenter network and then runs a scan from location C, what differences is she most likely to see between the scans?

- Scans from location C will show fewer open ports.

Marta wants to perform regular scans of the entire organizational network but only has a budget that supports buying hardware for a single scanner. Where should she place her scanner to have the most visibility and impact?

- Location B

Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will easily provide the most useful information if they are all possible to conduct on the network he is targeting?

- Zone transfer

Geoff wants to perform passive reconnaissance as part of an evaluation of his organization's security controls. Which of the following techniques is a valid technique to perform as part of a passive DNS assessment?

- A WHOIS query

Mike's penetration test requires him to use passive mapping techniques to discover network topology. Which of the following tools is best suited to that task?

- Wireshark

When Scott performs an map scan with the -T flag set to 5, what variable is he changing?

- How fast the scan runs

While application vulnerability scanning one of her target organizations web servers, Andrea notices that the server's hostname is resolving to a cloudflare.com host. What does Andrea know about her scan?

- It is scanning a CDN-hosted copy of the site.

Part of Tracy's penetration testing assignment is to evaluate the WPA3 Enterprise protected wireless networks of her target organization. What major differences exist between reconnaissances of a wired network versus a wireless network?

- Encryption and physical accessibility

lan's company has an internal policy requiring that they perform regular port scans of all of their servers. Ian has been part of a recent effort to move his organization's servers to an infrastructure as a service (laaS) provider. What change will lan most likely need to make to his scanning efforts?

- Follow the service provider's scan policies.

Lauren wants to identify all the printers on the subnets she is scanning with nmap. Which of the following nmap commands will not provide her with a list of likely printers?

- nmap -sU -p 9100,515,631 10.0.10.15/22 -0X printers.txt

What services will the following nmap scan test for? nmap -sV -p 22,25,53,389 192.168.2.50/27

- SSH, SMTP, DNS, LDAP

While conducting a topology scan of a remote web server, Susan notes that the IP addresses returned for the same DNS entry change over time. What has she likely encountered?

- A load balancer

Nihar wants to conduct an map scan of a firewalled subnet. Which of the following is not an map firewall evasion technique he could use?

- Changing packet header flags

When Casey scanned a network host, she received the results shown here. What does she know based on the scan results?

- None of the above.

Aidan operates the point-of-sale network for a company that accepts credit cards and is thus required to be compliant with PCI DSS. During his regular assessment of the point-of-sale terminals, he discovers that a recent Windows operating system vulnerability exists on all of them. Since they are all embedded systems that require a manufacturer update, he knows that he cannot install the available patch. What is Aidan's best option to stay compliant with PCI DSS and protect his vulnerable systems?

- Identify, implement, and document compensating controls.

What occurs when Mia uses the following command to perform an map scan of a network? nap - sP 192.168.2.0/24

- A scan of all hosts that respond to ping in the 192.168.2.0 to 192.168.2.255 network range

Amir's remote scans of a target organization's class C network block using the map command (map -sS 10.0.10.1/24) show only a single web server. If Amir needs to gather additional reconnaissance information about the organization's network, which of the following scanning techniques is most likely to provide additional detail?

- Perform a scan from on-site.

Damian wants to limit the ability of attackers to conduct passive fingerprinting exercises on his network. Which of the following practices will help to mitigate this risk?

- Disable promiscuous mode for NICs.

As part of his active reconnaissance activities, Frank is provided with a shell account accessible via SSH. If Frank wants to run a default map scan on the network behind the firewall shown here, how can he accomplish this?

- Frank cannot scan multiple ports with a single ssh command.

Angela captured the following packets during a reconnaissance effort run by her organization's red team. What type of information are they looking for?

- Directory traversal attacks

Stacey encountered a system that shows as "filtered" and "firewalled" during an map scan. Which of the following techniques should she not consider as she is planning her next scan?

- Spoofing the destination address

Kim is preparing to deploy a new vulnerability scanner and wants to ensure that she can get the most accurate view of configuration issues on laptops belonging to traveling salespeople. Which technology will work best in this situation?

- Agent-based scanning

Carla runs a vulnerability scan of a new appliance that engineers are planning to place on her organization's network and finds the results shown here. Of the actions listed, which would correct the highest criticality vulnerability?

- Replace the expired SSL certificate.

Sadiq is responsible for the security of a network used to control systems within his organization's manufacturing plant. The network connects manufacturing equipment, sensors, and controllers. He runs a vulnerability scan on this network and discovers that several of the controllers are running out-of-date firmware that introduces security issues. The manufacturer of the controllers is out of business. What action can Sadig take to best remediate this vulnerability in an efficient manner?

- Ensure that the ICS is on an isolated network.

Vic scanned a Windows server used in his organization and found the result shown here. The server is on an internal network with access limited to IT staff and is not part of a domain. How urgently should Vic remediate this vulnerability?

- This is a moderate vulnerability that can be scheduled for remediation at a convenient time.

Rob's manager recently asked him for an overview of any critical security issues that exist on his network. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?

- High Severity Report

Wendy is the security administrator for a membership association that is planning to launch an online store. As part of this launch, she will become responsible for ensuring that the website and associated systems are compliant with all relevant standards. What regulatory regime specifically covers credit card information?

- PCI DSS

During a port scan of a server, Miguel discovered that the following ports are open on the internal network: • TCP port 25 • TCP port 80 • TCP port 110 • TCP port 443 • TCP port 1433 • TCP port 3389 The scan results provide evidence that a variety of services are running on this server. Which one of the following services is not indicated by the scan results?

- SSH

Nina is a software developer, and she receives a report from her company's cybersecurity team that a vulnerability scan detected a SQL injection vulnerability in one of her applications. She examines her code and makes a modification in a test environment that she believes corrects the issue. What should she do next?

- Request a scan of the test environment to confirm that the issue is corrected.

George recently ran a port scan on a network device used by his organization. Which one of the following open ports represents the most significant possible security vulnerability?

- 23

Harold runs a vulnerability scan of a server that he is planning to move into production and finds the vulnerability shown here.: What operating system is most likely running on the server in this vulnerability scan report?

- Windows

Harold is preparing to correct the vulnerability. What service should he inspect to identify the issue?

- RDP

Harold would like to secure the service affected by this vulnerability. Which one of the following protocols/versions would be an acceptable way to resolve the issue?

- None of the above

Seth found the vulnerability shown here in one of the systems on his network. What component requires a patch to correct this issue?

- Hypervisor

Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server?:

- Apply Window security patches.

The presence of ______ triggers specific vulnerability scanning requirements based on law or regulation.

- Credit card information

Stella is analyzing the results of a vulnerability scan and comes across the vulnerability shown here on a server in her organization. The SharePoint service in question processes all of the organization's work orders and is a critical part of the routine business workflow. What priority should Stella place on remediating this vulnerability?

- Stella should make this vulnerability one of her highest priorities.

What operating system is most likely running on the server in this vulnerability scan report?

- Windows

What is the best way that Stella can correct this vulnerability?

- Apply one or more application patches.

Harry is developing a vulnerability scanning program for a large network of sensors used by his organization to monitor a transcontinental gas pipeline. What term is commonly used to describe this type of sensor network?

- SCADA

This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was announced by a software manufacturer yesterday afternoon. The scanner did not detect the vulnerability although Eric knows that at least two of his servers should have the issue. Eric contacted the vulnerability scanning vendor, who assured him that they released a signature for the vulnerability overnight. What should Eric do as a next step?

- Update the vulnerability signatures.

Natalie ran a vulnerability scan of a web application recently deployed by her organization, and the scan result reported a blind SQL injection. She reported the vulnerability to the developers, who scoured the application and made a few modifications but did not see any evidence that this attack was possible. Natalie reran the scan and received the same result. The developers are now insisting that their code is secure. What is the most likely scenario?

- The result is a false positive.

Kasun discovers a missing Windows security patch during a vulnerability scan of a server in his organization's datacenter. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?

- To the virtualized system

Joaquin is frustrated at the high level of false positive reports produced by his vulnerability scans and is contemplating a series of actions designed to reduce the false positive rate. Which one of the following actions is least likely to have the desired effect?

- Increasing the sensitivity of scans

Joe is conducting a network vulnerability scan against his datacenter and receives reports from svstem administrators that the scans are slowing down their systems. There are no network connectivity issues, only performance problems on individual hosts. He looks at the scan settings shown here. Which setting would be most likely to correct the problem?

- Max simultaneous checks per host

Isidora runs a vulnerability scan of the management interface for her organization's DNS service. She receives the vulnerability report shown here. What should be Isidora's next action? Ok

- Investigate the contents of the cookie.

Zara is prioritizing vulnerability scans and would like to base the frequency of scanning on the information asset value. Which of the following criteria would be most appropriate for her to use in this analysis?

- Types of information processed

Laura is working to upgrade her organization's vulnerability management program. She would like to add technology that is capable of retrieving the configurations of systems, even when they are highly secured. Many systems use local authentication, and she wants to avoid the burden of maintaining accounts on all of those systems. What technology should Laura consider to meet her requirement?

- Agent-based scanning

Javier discovered the vulnerability shown here in a system on his network. He is unsure what system component is affected. What type of service is causing this vulnerability?

- Database service

Alicia runs a vulnerability scan of a server being prepared for production and finds the vulnerability shown here. Which one of the following actions is least likely to reduce this risk?

- Install a network IPS in front of the server.

After scanning his organization's email server, Singh discovered the vulnerability shown here. What is the most effective response that Singh can take in this situation?

- No action is required.

A SQL injection exploit typically gains access to a database by exploiting a vulnerability in a(n),

- Web application

Ryan ran a vulnerability scan of one of his organization's production systems and received the report shown here. He would like to understand this vulnerability better and then remediate the issue. Ryan will not be able to correct the vulnerability for several days. In the meantime, he would like to configure his intrusion prevention system to watch for issues related to this vulnerability. Which one of the following protocols would an attacker use to exploit this vulnerability?

- HTTPS

Which one of the following actions could Ryan take to remediate the underlying issue without disrupting business activity?

- Apply a security patch.

If an attacker is able to exploit this vulnerability, what is the probable result that will have the highest impact on the organization?

- Administrative control of the server

Ted is configuring vulnerability scanning for a file server on his company's internal network. The server is positioned on the network as shown here. What types of vulnerability scans should Ted perform to balance the efficiency of scanning effort with expected results?

- Ted should perform only internal vulnerability scans.

Zahra is attempting to determine the next task that she should take on from a list of security priorities. Her boss told her that she should focus on activities that have the most "bang for the buck." Of the tasks shown here, which should she tackle first?

- Task 1

Morgan is interpreting the vulnerability scan from her organization's network, shown here. She would like to determine which vulnerability to remediate first. Morgan would like to focus on vulnerabilities that are most easily exploitable by someone outside her organization. Assuming the firewall is properly configured, which one of the following vulnerabilities should Morgan give the highest priority?

- Severity 5 vulnerability in the web server

Mike runs a vulnerability scan against his company's virtualization environment and finds the vulnerability shown here in several of the virtual hosts. What action should Mike take?

- No action is necessary because this is an informational report.

Juan recently scanned a system and found that it was running services on ports 139 and 445. What operating system is this system most likely running?

- Windows

Gene is concerned about the theft of sensitive information stored in a database. Which one of the following vulnerabilities would pose the most direct threat to this information?

- SQL injection

Which one of the following protocols is not likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?

- IPsec

Rahul ran a vulnerability scan of a server that will be used for credit card processing in his environment and received a report containing the vulnerability shown here. What action must Rahul take?

- No action is required.

Aaron is scanning a server in his organization's datacenter and receives the vulnerability report shown here. The service is exposed only to internal hosts. What is the normal function of the service with this vulnerability?

- Time synchronization

Aaron is scanning a server in his organization's datacenter and receives the vulnerability report shown here. The service is exposed only to internal hosts. What priority should Aaron place on remediating this vulnerability?

- Aaron does not need to assign any priority to remediating this vulnerability.

Without access to any additional information, which one of the following vulnerabilities would you consider the most severe if discovered on a production web server?

- CGI generic SQL injection

Gina ran a vulnerability scan on three systems that her organization is planning to move to production and received the results shown here. How many of these issues should Gina require be resolved before moving to production?

- O.

Ji-won recently restarted an old vulnerability scanner that had not been used in more than a year. She booted the scanner, logged in, and configured a scan to run. After reading the scan results, she found that the scanner was not detecting known vulnerabilities that were detected by other scanners. What is the most likely cause of this issue?

- The scanner's maintenance subscription is expired.

Isabella runs both internal and external vulnerability scans of a web server and detects a possible SOL iniection vulnerability. The vulnerability appears only in the internal scan and does not appear in the external scan. When Isabella checks the server logs, she sees the requests coming from the internal scan and sees some requests from the external scanner but no evidence that a SQL injection exploit was attempted by the external scanner. What is the most likely explanation for these results?

- A network IPS is blocking some requests to the web server.

Rick discovers the vulnerability shown here in a server running in his datacenter. What characteristic of this vulnerability should concern him the most?

- It affects kernel-mode drivers.

Carl runs a vulnerability scan of a mail server used by his organization and receives the vulnerability report shown here. What action should Carl take to correct this issue?

- Carl should upgrade OpenSSL.

Renee is configuring a vulnerability scanner that will run scans of her network. Corporate policy requires the use of daily vulnerability scans. What would be the best time to configure the scans?

- During the evening when operations are minimal to reduce the impact on systems

Ahmed is reviewing the vulnerability scan report from his organization's central storage service and finds the results shown here. Which action can Ahmed take that will be effective in remediating the highest-severity issue possible?

- Upgrade to SNMP v3.

100

Glenda ran a vulnerability scan of workstations in her organization. She noticed that many of the workstations reported the vulnerability shown here. She would like to not only correct this issue but also prevent the likelihood of similar issues occurring in the future. What action should Glenda take to achieve her goals?

- Glenda should configure all workstations to automatically upgrade Chrome.

Weekly Test 1

Weekly Test 1

WT 1

WT 1

Practical Problems and Experiences REFRESHER 1

ユーザ名非公開 · 100問 · 13日前

Practical Problems and Experiences REFRESHER 1

100問 • 13日前

ユーザ名非公開

Plumbing Arithmetic Terms 4

ユーザ名非公開 · 27問 · 13日前

Plumbing Arithmetic Terms 4

27問 • 13日前

ユーザ名非公開

Plumbing Arithmetic Terms 3

ユーザ名非公開 · 49問 · 13日前

Plumbing Arithmetic Terms 3

49問 • 13日前

ユーザ名非公開

Plumbing Arithmetic Terms 2

ユーザ名非公開 · 47問 · 13日前

Plumbing Arithmetic Terms 2

47問 • 13日前

ユーザ名非公開

Plumbing Arithmetic Terms 1

ユーザ名非公開 · 49問 · 13日前

Plumbing Arithmetic Terms 1

Plumbing Tools 2

Plumbing Tools 2

Plumbing Tools 1

Plumbing Tools 1

Competence 6

ユーザ名非公開 · 146問 · 1ヶ月前

Competence 6

146問 • 1ヶ月前

ユーザ名非公開

(Finals) Professional issues in Information Technology Mocktest BSIT 505

Xai Alexandrei Delos Reyes · 27問 · 1ヶ月前

(Finals) Professional issues in Information Technology Mocktest BSIT 505

27問 • 1ヶ月前

Xai Alexandrei Delos Reyes

(Finals) Application Development Mocktest BSIT 505

Xai Alexandrei Delos Reyes · 62問 · 1ヶ月前

(Finals) Application Development Mocktest BSIT 505

62問 • 1ヶ月前

Xai Alexandrei Delos Reyes

(Finals) Event-Driven Programming Mocktest BSIT 505

Xai Alexandrei Delos Reyes · 65問 · 2ヶ月前

(Finals) Event-Driven Programming Mocktest BSIT 505

65問 • 2ヶ月前

Xai Alexandrei Delos Reyes

Competence 6

Emm · 146問 · 2ヶ月前

Competence 6

146問 • 2ヶ月前

Emm

cyber crime ict

Desa Mae Santiago · 12問 · 3ヶ月前

cyber crime ict

12問 • 3ヶ月前

Desa Mae Santiago

ICT web

Desa Mae Santiago · 24問 · 3ヶ月前

ICT web

24問 • 3ヶ月前

Desa Mae Santiago

Competence 6

ユーザ名非公開 · 146問 · 3ヶ月前

Competence 6

146問 • 3ヶ月前

ユーザ名非公開

6 ) System Processes

The R.S.S.H Delivery Company · 8問 · 3ヶ月前

6 ) System Processes

8問 • 3ヶ月前

The R.S.S.H Delivery Company

2 ) Logging Levels

The R.S.S.H Delivery Company · 15問 · 3ヶ月前

2 ) Logging Levels

15問 • 3ヶ月前

The R.S.S.H Delivery Company

セキュリティ

akari · 100問 · 4ヶ月前

セキュリティ

100問 • 4ヶ月前

akari

問題一覧

- Perform a DNS brute-force attack.

A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?

- MySQL

During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?

- Determine the reason for the ports being open.

Which one of the following threats is the most pervasive in modern computing environments?

- Malware

Nara is concerned about the risk of attackers conducting a brute-force attack against her organization. Which one of the following factors is Nara most likely to be able to control?

- Total attack surface

What is the default Nmap scan type when Nmap is not provided with a scan type flag?

- A TCP SYN scan

- Limit information available via the organizational website without authentication.

- A wireless router

- Total loss of confidentiality, integrity, and availability

- Operating system and Common Platform Enumeration (CPE) data

Andrea wants to conduct a passive footprinting exercise against a target company. Which of the following techniques is not suited to a passive footprinting process?

- Banner grabbing

- A proxy scan

Maddox is conducting an inventory of access permissions on cloud-based object buckets, such as those provided by the AWS S3 service. What threat is he seeking to mitigate?

- Unprotected storage

- High.

- Persistent

- Broken access control

- Rely on vendor testing and audits.

18. Which one of the following languages is least susceptible to an injection attack?

- STIX

Which one of the following types of malware would be most useful in a privilege escalation attack?

- Rootkit

- Pacu

Greg is concerned about the use of DDoS attack tools against his organization, so he purchased a mitigation service from his ISP. What portion of the threat model did Greg reduce?

- Impact

- No ports should be open.

Adam's port scan returns results on six TCP ports: 22, 80, 443, 515, 631, and 9100. If Adam needs to guess what type of device this is based on these ports, what is his best guess?

- A printer

- The server was patched.

While conducting reconnaissance, Piper discovers what she believes is an SMTP service running on an alternate port. What technique should she use to manually validate her guess?

- Telnet to the port.

- Query DNS and WHOlS to find her organization's registered hosts.

If Marta runs a scan from location B that targets the servers on the datacenter network and then runs a scan from location C, what differences is she most likely to see between the scans?

- Scans from location C will show fewer open ports.

- Location B

- Zone transfer

- A WHOIS query

Mike's penetration test requires him to use passive mapping techniques to discover network topology. Which of the following tools is best suited to that task?

- Wireshark

When Scott performs an map scan with the -T flag set to 5, what variable is he changing?

- How fast the scan runs

- It is scanning a CDN-hosted copy of the site.

- Encryption and physical accessibility

- Follow the service provider's scan policies.

Lauren wants to identify all the printers on the subnets she is scanning with nmap. Which of the following nmap commands will not provide her with a list of likely printers?

- nmap -sU -p 9100,515,631 10.0.10.15/22 -0X printers.txt

What services will the following nmap scan test for? nmap -sV -p 22,25,53,389 192.168.2.50/27

- SSH, SMTP, DNS, LDAP

While conducting a topology scan of a remote web server, Susan notes that the IP addresses returned for the same DNS entry change over time. What has she likely encountered?

- A load balancer

Nihar wants to conduct an map scan of a firewalled subnet. Which of the following is not an map firewall evasion technique he could use?

- Changing packet header flags

When Casey scanned a network host, she received the results shown here. What does she know based on the scan results?

- None of the above.

- Identify, implement, and document compensating controls.

What occurs when Mia uses the following command to perform an map scan of a network? nap - sP 192.168.2.0/24

- A scan of all hosts that respond to ping in the 192.168.2.0 to 192.168.2.255 network range

- Perform a scan from on-site.

Damian wants to limit the ability of attackers to conduct passive fingerprinting exercises on his network. Which of the following practices will help to mitigate this risk?

- Disable promiscuous mode for NICs.

- Frank cannot scan multiple ports with a single ssh command.

Angela captured the following packets during a reconnaissance effort run by her organization's red team. What type of information are they looking for?

- Directory traversal attacks

Stacey encountered a system that shows as "filtered" and "firewalled" during an map scan. Which of the following techniques should she not consider as she is planning her next scan?

- Spoofing the destination address

- Agent-based scanning

- Replace the expired SSL certificate.

- Ensure that the ICS is on an isolated network.

- This is a moderate vulnerability that can be scheduled for remediation at a convenient time.

- High Severity Report

- PCI DSS

- SSH

- Request a scan of the test environment to confirm that the issue is corrected.

George recently ran a port scan on a network device used by his organization. Which one of the following open ports represents the most significant possible security vulnerability?

- 23

- Windows

Harold is preparing to correct the vulnerability. What service should he inspect to identify the issue?

- RDP

Harold would like to secure the service affected by this vulnerability. Which one of the following protocols/versions would be an acceptable way to resolve the issue?

- None of the above

Seth found the vulnerability shown here in one of the systems on his network. What component requires a patch to correct this issue?

- Hypervisor

- Apply Window security patches.

The presence of ______ triggers specific vulnerability scanning requirements based on law or regulation.

- Credit card information

- Stella should make this vulnerability one of her highest priorities.

What operating system is most likely running on the server in this vulnerability scan report?

- Windows

What is the best way that Stella can correct this vulnerability?

- Apply one or more application patches.

- SCADA

- Update the vulnerability signatures.

- The result is a false positive.

- To the virtualized system

- Increasing the sensitivity of scans

- Max simultaneous checks per host

Isidora runs a vulnerability scan of the management interface for her organization's DNS service. She receives the vulnerability report shown here. What should be Isidora's next action? Ok

- Investigate the contents of the cookie.

- Types of information processed

- Agent-based scanning

Javier discovered the vulnerability shown here in a system on his network. He is unsure what system component is affected. What type of service is causing this vulnerability?

- Database service

Alicia runs a vulnerability scan of a server being prepared for production and finds the vulnerability shown here. Which one of the following actions is least likely to reduce this risk?

- Install a network IPS in front of the server.

After scanning his organization's email server, Singh discovered the vulnerability shown here. What is the most effective response that Singh can take in this situation?

- No action is required.

A SQL injection exploit typically gains access to a database by exploiting a vulnerability in a(n),

- Web application

- HTTPS

Which one of the following actions could Ryan take to remediate the underlying issue without disrupting business activity?

- Apply a security patch.

If an attacker is able to exploit this vulnerability, what is the probable result that will have the highest impact on the organization?

- Administrative control of the server

- Ted should perform only internal vulnerability scans.

- Task 1

- Severity 5 vulnerability in the web server

Mike runs a vulnerability scan against his company's virtualization environment and finds the vulnerability shown here in several of the virtual hosts. What action should Mike take?

- No action is necessary because this is an informational report.

Juan recently scanned a system and found that it was running services on ports 139 and 445. What operating system is this system most likely running?

- Windows

Gene is concerned about the theft of sensitive information stored in a database. Which one of the following vulnerabilities would pose the most direct threat to this information?

- SQL injection

Which one of the following protocols is not likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?

- IPsec

Rahul ran a vulnerability scan of a server that will be used for credit card processing in his environment and received a report containing the vulnerability shown here. What action must Rahul take?

- No action is required.

- Time synchronization

- Aaron does not need to assign any priority to remediating this vulnerability.

Without access to any additional information, which one of the following vulnerabilities would you consider the most severe if discovered on a production web server?

- CGI generic SQL injection

- O.

- The scanner's maintenance subscription is expired.

- A network IPS is blocking some requests to the web server.

Rick discovers the vulnerability shown here in a server running in his datacenter. What characteristic of this vulnerability should concern him the most?

- It affects kernel-mode drivers.

Carl runs a vulnerability scan of a mail server used by his organization and receives the vulnerability report shown here. What action should Carl take to correct this issue?

- Carl should upgrade OpenSSL.

Renee is configuring a vulnerability scanner that will run scans of her network. Corporate policy requires the use of daily vulnerability scans. What would be the best time to configure the scans?

- During the evening when operations are minimal to reduce the impact on systems

- Upgrade to SNMP v3.

100

- Glenda should configure all workstations to automatically upgrade Chrome.