When Casey scanned a network host, she received the results shown here. What does she know based on the scan results? A. The device is a Cisco device. B. The device is running CentO. C. The device was built by IBM. D. None of the above.
Amir’s remote scans of a target organization’s class C network block using nmap (nmap -sS 10.0.10.1/24) show only a single web server. If Amir needs to gather additional reconnaissance information about the organization’s network, which of the following
scanning techniques is most likely to provide additional detail? A. Use a UDP scan. B. Perform a scan from on-site. C. Scan using the -p 1-65535 flag. D. Use nmap’s IPS evasion techniques.
Damian wants to limit the ability of attackers to conduct passive fingerprinting exercises on his network. Which of the following practices will help to mitigate this risk? A. Implement an IPS. B. Implement a firewall. C. Disable promiscuous mode for NICs. D. Enable promiscuous mode for NICs.
As part of his active reconnaissance activities, Frank is provided with a shell account accessible via SSH. If Frank wants to run a default nmap scan on the network behind the firewall shown here, how can he accomplish this? A. ssh -t 192.168.34.11 nmap 192.168.34.0/24 B. ssh -R 8080:192.168.34.11:8080 [remote account:remote password] C. ssh -proxy 192.168.11 [remote account:remote password] D. Frank cannot scan multiple ports with a single ssh command.
Which sources are most commonly used to gather information about technologies a target organization uses during intelligence gathering? A. OSINT searches of support forums and social engineering B. Port scanning and social engineering C. Social media review and document metadata D. Social engineering and document metadata.
Rick is reviewing flows of a system on his network and discovers the following flow logs. What is the system doing?
ICMP "Echo request"
Date flow start Duration Proto Src IP Addr:Port->Dst IP Addr:Port Packets Bytes Flows
2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:8.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.6:0->10.1.1.1:0.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.7:8.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.7:0->10.1.1.1:0.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.8:8.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.8:0->10.1.1.1:0.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.9:8.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.9:0->10.1.1.1:0.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.10:8.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.10:0->10.1.1.1:0.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:11.0 11 924 1
2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.11:0->10.1.1.1:0.0 11 924 1 A. A port scan B. A failed three-way handshake C. A ping sweep D. A traceroute.
In what type of attack does the adversary leverage a position on a guest operating system
to gain access to hardware resources assigned to other operating systems running in the
same hardware environment?
A. Buffer overflow B. Directory traversal C. VM escape D. Cross-site scripting.
Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server? A. Reconfigure cipher support. B. Apply Windows security patches. C. Obtain a new SSL certificate. D. Enhance account security policies.
The presence of ____________ triggers specific vulnerability scanning requirements based on law or regulation.
A. Credit card information B. Protected health information
C. Personally identifiable information D. Trade secret information.
This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was
announced by a software manufacturer yesterday afternoon. The scanner did not detect
the vulnerability although Eric knows that at least two of his servers should have the issue.
Eric contacted the vulnerability scanning vendor, who assured him that they released a signature
for the vulnerability overnight. What should Eric do as a next step?
A. Check the affected servers to verify a false positive. B. Check the affected servers to verify a false negative. C. Report a bug to the vendor. D. Update the vulnerability signatures.
Joaquin is frustrated at the high level of false positive reports produced by his vulnerability scans and is contemplating a series of actions designed to reduce the false positive rate. Which one of the following actions is least likely to have the desired effect?
A. Moving to credentialed scanning B. Moving to agent-based scanning C. Integrating asset information into the scan D. Increasing the sensitivity of scans.
Zara is prioritizing vulnerability scans and would like to base the frequency of scanning on the information asset value. Which of the following criteria would be most appropriate for her to use in this analysis?
A. Cost of hardware acquisition B. Cost of hardware replacement C. Types of information processed
D. Depreciated hardware cost.
Laura is working to upgrade her organization’s vulnerability management program. She
would like to add technology that is capable of retrieving the configurations of systems,
even when they are highly secured. Many systems use local authentication, and she wants
to avoid the burden of maintaining accounts on all of those systems. What technology
should Laura consider to meet her requirement? A. Credentialed scanning B. Uncredentialed scanning C. Server-based scanning D. Agent-based scanning.
Ted is configuring vulnerability scanning for a file server on his company’s internal network. The server is positioned on the network as shown here. What types of vulnerability scans should Ted perform to balance the efficiency of scanning effort with expected results? A. Ted should not perform scans of servers on the internal network. B. Ted should only perform internal vulnerability scans. C. Ted should only perform external vulnerability scans. D. Ted should perform both internal and external vulnerability scans.
Kyong manages the vulnerability scans for his organization. The senior director that
oversees Kyong’s group provides a report to the CIO on a monthly basis on operational
activity, and he includes the number of open critical vulnerabilities. He would like to provide
this information to his director in as simple a manner as possible each month. What should Kyong do? A. Provide the director with access to the scanning system. B. Check the system each month for the correct number and email it to the director. C. Configure a report that provides the information to automatically send to the director’s
email at the proper time each month. D. Ask an administrative assistant to check the system and provide the director with the
information.
Rahul ran a vulnerability scan of a server that will be used for credit card processing in his environment and received a report containing the vulnerability shown here. What action must Rahul take? A. Remediate the vulnerability when possible. B. Remediate the vulnerability prior to moving the system into production and rerun the
scan to obtain a clean result. C. Remediate the vulnerability within 90 days of moving the system to production. D. No action is required.
#162/cap1 What priority should Aaron place on remediating this vulnerability? A. Aaron should make this vulnerability his highest priority. B. Aaron should remediate this vulnerability urgently but does not need to drop everything. C. Aaron should remediate this vulnerability within the next month. D. Aaron does not need to assign any priority to remediating this vulnerability.
Ji-won recently restarted an old vulnerability scanner that had not been used in more than
a year. She booted the scanner, logged in, and configured a scan to run. After reading the
scan results, she found that the scanner was not detecting known vulnerabilities that were
detected by other scanners. What is the most likely cause of this issue?
A. The scanner is running on an outdated operating system. B. The scanner’s maintenance subscription is expired. C. Ji-won has invalid credentials on the scanner. D. The scanner does not have a current, valid IP address.
Isabella runs both internal and external vulnerability scans of a web server and detects a
possible SQL injection vulnerability. The vulnerability only appears in the internal scan
and does not appear in the external scan. When Isabella checks the server logs, she sees the
requests coming from the internal scan and sees some requests from the external scanner
but no evidence that a SQL injection exploit was attempted by the external scanner. What
is the most likely explanation for these results? A. A host firewall is blocking external network connections to the web server. B. A network firewall is blocking external network connections to the web server. C. A host IPS is blocking some requests to the web server. D. A network IPS is blocking some requests to the web server.
During a recent vulnerability scan, Ed discovered that a web server running on his network has access to a database server that should be restricted. Both servers are running on his organization’s VMware virtualization platform. Where should Ed look first to configure
a security control to restrict this access?
A. VMware B. Datacenter firewall C. Perimeter (Internet) firewall D. Intrusion prevention system.
After reviewing the results of a vulnerability scan, Gabriella discovered a flaw in her Oracle database server that may allow an attacker to attempt a direct connection to the server. She would like to review NetFlow logs to determine what systems have connected to the server recently. What TCP port should Gabriella expect to find used for this communication?
A. 443 B. 1433 C. 1521 D. 8080.
Terry recently ran a vulnerability scan against his organization’s credit card processing
environment that found a number of vulnerabilities. Which vulnerabilities must he remediate
in order to have a “clean” scan under PCI DSS standards?
A. Critical vulnerabilities B. Critical and high vulnerabilities C. Critical, high, and moderate vulnerabilities D. Critical, high, moderate, and low vulnerabilities.
Brian is considering the use of several different categories of vulnerability plug-ins. Of the types listed here, which is the most likely to result in false positive reports?
A. Registry inspection B. Banner grabbing C. Service interrogation D. Fuzzing.
Which one of the following is not an appropriate criterion to use when prioritizing the remediation of vulnerabilities?
A. Network exposure of the affected system B. Difficulty of remediation C. Severity of the vulnerability D. All of these are appropriate.
Landon is preparing to run a vulnerability scan of a dedicated Apache server that his organization is planning to move into a DMZ. Which one of the following vulnerability scans is least likely to provide informative results?
A. Web application vulnerability scan B. Database vulnerability scan C. Port scan D. Network vulnerability scan.
Brent ran a vulnerability scan of several network infrastructure devices on his network and obtained the result shown here. What is the extent of the impact that an attacker could have by exploiting this vulnerability directly? A. Denial of service B. Theft of sensitive information C. Network eavesdropping D. Reconnaissance.
Yashvir runs the cybersecurity vulnerability management program for his organization. He sends a database administrator a report of a missing database patch that corrects a high severity security issue. The DBA writes back to Yashvir that he has applied the patch. Yashvir
reruns the scan, and it still reports the same vulnerability. What should he do next?
A. Mark the vulnerability as a false positive. B. Ask the DBA to recheck the database. C. Mark the vulnerability as an exception. D. Escalate the issue to the DBA’s manager.
Erik is reviewing the results of a vulnerability scan and comes across the vulnerability report shown here.
Which one of the following services is least likely to be affected by this vulnerability? A. HTTPS B. HTTP C. SSH D. VPN.
Larry recently discovered a critical vulnerability in one of his organization’s database servers during a routine vulnerability scan. When he showed the report to a database administrator, the administrator responded that they had corrected the vulnerability by using a vendor-supplied workaround because upgrading the database would disrupt an important process. Larry verified that the workaround is in place and corrects the vulnerability.
How should Larry respond to this situation? A. Mark the report as a false positive. B. Insist that the administrator apply the vendor patch. C. Mark the report as an exception. D. Require that the administrator submit a report describing the workaround after each vulnerability scan.
Margot discovered that a server in her organization has a SQL injection vulnerability. She
would like to investigate whether attackers have attempted to exploit this vulnerability.
Which one of the following data sources is least likely to provide helpful information?
A. NetFlow logs B. Web server logs C. Database logs D. IDS logs.
#205/cap1 During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability? A. Remove JRE from workstations. B. Upgrade JRE to the most recent version. C. Block inbound connections on port 80 using the host firewall. D. Use a web content filtering system to scan for malicious traffic.
Grace ran a vulnerability scan and detected an urgent vulnerability in a public-facing web server. This vulnerability is easily exploitable and could result in the complete compromise of the server. Grace wants to follow best practices regarding change control while also mitigating
this threat as quickly as possible. What would be Grace’s best course of action?
A. Initiate a high-priority change through her organization’s change management process and wait for the change to be approved. B. Implement a fix immediately and document the change after the fact. C. Schedule a change for the next quarterly patch cycle. D. Initiate a standard change through her organization’s change management process.
Doug is preparing an RFP for a vulnerability scanner for his organization. He needs to know the number of systems on his network to help determine the scanner requirements.
Which one of the following would not be an easy way to obtain this information?
A. ARP tables B. Asset management tool C. Discovery scan D. Results of scans recently run by a consultant.
Which one of the following approaches provides the most current and accurate information about vulnerabilities present on a system because of the misconfiguration of operating system settings? A. On-demand vulnerability scanning B. Continuous vulnerability scanning C. Scheduled vulnerability scanning D. Agent-based monitoring.
Wanda recently discovered the vulnerability shown here on a Windows server in her organization.
She is unable to apply the patch to the server for six weeks because of operational issues. What workaround would be most effective in limiting the likelihood that this vulnerability would be exploited? A. Restrict interactive logins to the system. B. Remove Microsoft Office from the server. C. Remove Internet Explorer from the server. D. Apply the security patch.
Garrett is configuring vulnerability scanning for a new web server that his organization is
deploying on its DMZ network. The server hosts the company’s public website. What type
of scanning should Garrett configure for best results?
.
A. Garrett should not perform scanning of DMZ systems. B. Garrett should perform external scanning only C. Garrett should perform internal scanning only. D. Garrett should perform both internal and external scanning.
Joe discovered a critical vulnerability in his organization’s database server and received
permission from his supervisor to implement an emergency change after the close of
business. He has eight hours before the planned change window. In addition to planning
the technical aspects of the change, what else should Joe do to prepare for the change?
A. Ensure that all stakeholders are informed of the planned outage. B. Document the change in his organization’s change management system. C. Identify any potential risks associated with the change. D. All of the above.
Ted recently ran a vulnerability scan of his network and was overwhelmed with results. He
would like to focus on the most important vulnerabilities. How should Ted reconfigure his vulnerability scanner?
A. Increase the scan sensitivity. B. Decrease the scan sensitivity. C. Increase the scan frequency. D. Decrease the scan frequency.
Sunita discovered the vulnerability shown here in an application developed by her organization.
What application security technique is most likely to resolve this issue? A. Bounds checking B. Network segmentation C. Parameter handling D. Tag removal.
Terry is reviewing a vulnerability scan of a Windows server and came across the vulnerability shown here. What is the risk presented by this vulnerability? A. An attacker may be able to execute a buffer overflow and execute arbitrary code on the server. B. An attacker may be able to conduct a denial-of-service attack against this server. C. An attacker may be able to determine the operating system version on this server. D. There is no direct vulnerability, but this information points to other possible vulnerabilities on the server.
Gene runs a vulnerability scan of his organization’s datacenter and produces a summary report to share with his management team. The report includes the chart shown here. When Gene’s manager reads the report, she points out that the report is burying important details because it is highlighting too many unimportant issues. What should Gene do to resolve this issue? A. Tell his manager that all vulnerabilities are important and should appear on the report. B. Create a revised version of the chart using Excel. C. Modify the sensitivity level of the scan D. Stop sharing reports with the management team.
Raphael discovered during a vulnerability scan that an administrative interface to one of
his storage systems was inadvertently exposed to the Internet. He is reviewing firewall
logs and would like to determine whether any access attempts came from external sources.
Which one of the following IP addresses reflects an external source? A. 10.15.1.100 B. 12.8.1.100 C. 172.16.1.100 D. 192.168.1.100.
After running a vulnerability scan of systems in his organization’s development shop, Mike discovers the issue shown here on several systems. What is the best solution to this vulnerability? A. Apply the required security patches to this framework. B. Remove this framework from the affected systems. C. Upgrade the operating system of the affected systems. D. No action is necessary.
Xiu Ying is configuring a new vulnerability scanner for use in her organization’s datacenter.
Which one of the following values is considered a best practice for the scanner’s update frequency? A. Daily B. Weekly C. Monthly D. Quarterly.
249/cap1 Elliott runs a vulnerability scan of one of the servers belonging to his organization and finds the results shown here. Which one of these statements is not correct? A. This server requires one or more Linux patches. B. This server requires one or more Oracle database patches. C. This server requires one or more Firefox patches. D. This server requires one or more MySQL patches.
Donna is working with a system engineer who wants to remediate vulnerabilities in a server that he manages. Of the report templates shown here, which would be most useful to the engineer? A. Qualys Top 20 Report B. PCI Technical Report C. Executive Report D. Technical Report.
Abdul received the vulnerability report shown here for a server in his organization. The server runs a legacy application that cannot easily be updated. What risks does this vulnerability present? A. Unauthorized access to files stored on the server B. Theft of credentials C. Eavesdropping on communications D. All of the above.
TOM receives the vulnerability report shown next. Assuming that the firewall is configured properly, what action should Tom take immediately? A. Block RDP access to this server from all hosts. B. Review and secure server accounts. C. Upgrade encryption on the server. D. No action is required.
Kamea is designing a vulnerability management system for her organization. Her highest priority is conserving network bandwidth. She does not have the ability to alter the configuration or applications installed on target systems. What solution would work best in
Kamea’s environment to provide vulnerability reports?
A. Agent-based scanning B. Server-based scanning C. Passive network monitoring D. Port scanning.
Laura received a vendor security bulletin that describes a zero-day vulnerability in her organization’s main database server. This server is on a private network but is used by publicly accessible web applications. The vulnerability allows the decryption of
administrative connections to the server. What reasonable action can Laura take to address this issue as quickly as possible? A. Apply a vendor patch that resolves the issue. B. Disable all administrative access to the database server. C. Require VPN access for remote connections to the database server. D. Verify that the web applications use strong encryption.
Kylie reviewed the vulnerability scan report for a web server and found that it has multiple SQL injection and cross-site scripting vulnerabilities. What would be the least difficult way for Kylie to address these issues?
A. Install a web application firewall. B. Recode the web application to include input validation. C. Apply security patches to the server operating system.. D. Apply security patches to the web server service.
Pietro is responsible for distributing vulnerability scan reports to system engineers who will remediate the vulnerabilities. What would be the most effective and secure way for Pietro to distribute the reports?
A. Pietro should configure the reports to generate automatically and provide immediate, automated notification to administrators of the results. B. Pietro should run the reports manually and send automated notifications after he
reviews them for security purposes. C. Pietro should run the reports on an automated basis and then manually notify administrators
of the results after he reviews them. D. Pietro should run the reports manually and then manually notify administrators of
the results after he reviews them.
Which one of the following vulnerabilities is the most difficult to confirm with an external vulnerability scan?
A. Cross-site scripting B. Cross-site request forgery C. Blind SQL injection D. Unpatched web server.
Ann would like to improve her organization’s ability to detect and remediate security vulnerabilities by adopting a continuous monitoring approach. Which one of the following is not a characteristic of a continuous monitoring program? A. Analyzing and reporting findings B. Conducting forensic investigations when a vulnerability is exploited C. Mitigating the risk associated with findings D. Transferring the risk associated with a finding to a third party.
Holly ran a scan of a server in her datacenter and the most serious result was the vulnerability shown here. What action is most commonly taken to remediate this vulnerability? A. Remove the file from the server. B. Edit the file to limit information disclosure. C. Password protect the file. D. Limit file access to a specific IP range.
What strategy can be used to immediately report configuration changes to a vulnerability scanner? A. Scheduled scans B. Continuous monitoring C. Automated remediation D. Automatic updates.
During a recent vulnerability scan, Mark discovered a flaw in an internal web application
that allows cross-site scripting attacks. He spoke with the manager of the team responsible
for that application and was informed that he discovered a known vulnerability and the
manager worked with other leaders and determined that the risk is acceptable and does
not require remediation. What should Mark do? A. Object to the manager’s approach and insist on remediation. B. Mark the vulnerability as a false positive. C. Schedule the vulnerability for remediation in six months. D. Mark the vulnerability as an exception.
Vincent is a security manager for a U.S. federal government agency subject to FISMA.
Which one of the following is not a requirement that he must follow for his vulnerability scans to maintain FISMA compliance? A. Run complete scans on at least a monthly basis. B. Use tools that facilitate interoperability and automation. C. Remediate legitimate vulnerabilities. D. Share information from the vulnerability scanning process.
Sharon is designing a new vulnerability scanning system for her organization. She must
scan a network that contains hundreds of unmanaged hosts. Which of the following
techniques would be most effective at detecting system configuration issues in her
environment?
A. Agent-based scanning B. Credentialed scanning C. Server-based scanning D. Passive network monitoring.
What is the most likely result of failing to correct this vulnerability?
A. All users will be able to access the site. B. All users will be able to access the site, but some may see an error message. C. Some users will be unable to access the site. D. All users will be unable to access the site.
Meredith recently ran a vulnerability scan on her organization’s accounting network segment and found the vulnerability shown here on several workstations. What would be the most effective way for Meredith to resolve this vulnerability? A. Remove Flash Player from the workstations. B. Apply the security patches described in the Adobe bulletin. C. Configure the network firewall to block unsolicited inbound access to these workstations. D. Install an intrusion detection system on the network.
Sara’s organization has a well-managed test environment. What is the most likely issue that Sara will face when attempting to evaluate the impact of a vulnerability remediation by first deploying it in the test environment? A. Test systems are not available for all production systems. B. Production systems require a different type of patch than test systems. C. Significant configuration differences exist between test and production systems. D. Test systems are running different operating systems than production systems.
How many vulnerabilities listed in the report shown here are significant enough to warrant immediate remediation in a typical operating environment? A. 22 B. 14 C. 5 D. 0.
Which one of the following types of data is subject to regulations in the United States that
specify the minimum frequency of vulnerability scanning?
A. Driver’s license numbers B. Insurance records C. Credit card data D. Medical records.
Trevor is working with an application team on the remediation of a critical SQL injection
vulnerability in a public-facing service. The team is concerned that deploying the fix will
require several hours of downtime and that will block customer transactions from completing.
What is the most reasonable course of action for Trevor to suggest?
A. Wait until the next scheduled maintenance window. B. Demand that the vulnerability be remediated immediately. C. Schedule an emergency maintenance for an off-peak time later in the day. D. Convene a working group to assess the situation.
Thomas discovers a vulnerability in a web application that is part of a proprietary system
developed by a third-party vendor and he does not have access to the source code. Which
one of the following actions can he take to mitigate the vulnerability without involving
the vendor? A. Apply a patch B. Update the source code C. Deploy a web application firewall D. Conduct dynamic testing.
Walt is designing his organization’s vulnerability management program and is working
to identify potential inhibitors to vulnerability remediation. He has heard concern from
functional leaders that remediating vulnerabilities will impact the ability of a new system
to fulfill user requests. Which one of the following inhibitors does not apply to this situation? A. Degrading functionality B. Organizational governance C. Legacy systems D. Business process interruption.
|
