FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 9: Network Vulnerability Assessment

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

True/False

Review LaterAdd Note

Review Later

Allowing users to decide which mobile code to run is the best way to resolve weaknesses introduced with mobile code.

Correct Answer

verified

Show Answer

Question 2

Multiple Choice

Review LaterAdd Note

Review Later

Because it accepts firewall and intrusion logs from many sources, ____ is often one of the first organizations to spot network anomalies, and it often traces them to specific malware or vulnerability exploits.

A) Microsoft
B) the ISC
C) Mitre
D) ISACs

Correct Answer

verified

Show Answer

Question 3

Short Answer

Review LaterAdd Note

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -When run with the -sI switch, it allows you to bounce your scan across a firewall by using one of the idle DMZ hosts as the initiator of the scan.

A(n) ____________________ is a network channel or connection point in a data communications system.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -An enhanced Web scanner that, among other things, scans an entire Web site for valuable pieces of information, such as server names and e-mail addresses.

What are "race conditions"?

Why should you secure open ports?

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -Designed to crack WEP and WPA-PSK keys to allow packet sniffing and wireless network auditing.

Which vulnerability can occur if a programmer does not properly validate user input and allows an attacker to include unintended SQL input that can be passed to a database?

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -A UNIX or Linux systems support tool that allows a remote individual to "mirror" entire Web sites.

____ is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.

The process of exploring the Internet presence of a target is sometimes called ____________________.

A(n) ____ uses all the techniques and tools available to an attacker in an attempt to compromise or penetrate an organization's defenses.

A(n) ____________________ vulnerability scanner initiates traffic on the network in order to identify security holes.

Probably the most popular port scanner is ____, which runs on both UNIX and Windows systems.

One of the preparatory parts of the attack methodology is the collection of publicly available information about a potential target, a process known as ____.

If Web software can access parts of the underlying operating system's file system through normal URL mappings, a(n) ____ may occur.

Match each item with a statement below. a.Sam Spade f.NetStumbler b.Wget g.AirSnare c.Nmap "Idle scanning" option h.Aircrack-ng d.Firewalk i.Wireshark e.XProbe2 -Uses ICMP to determine the remote OS.

The ____ stage of the attack methodology is a systematic survey of the target organization's Internet addresses, conducted to identify the network services offered by the hosts in that range.

Passive scanners are advantageous in that they do not require vulnerability analysts to get prior approval for testing.