Review Questions



                1.  Which one of the following tools is used primarily to perform
                    network discovery scans?

                    A.  Nmap

                    B.  Nessus

                    C.  Metasploit


                    D.  lsof
                2.  Adam recently ran a network port scan of a web server running in
                    his organization. He ran the scan from an external network to get

                    an attacker’s perspective on the scan. Which one of the following
                    results is the greatest cause for alarm?

                    A.  80/open


                    B.  22/filtered

                    C.  443/open

                    D.  1433/open
                3.  Which one of the following factors should not be taken into
                    consideration when planning a security testing schedule for a

                    particular system?

                    A.  Sensitivity of the information stored on the system

                    B.  Difficulty of performing the test

                    C.  Desire to experiment with new testing tools

                    D.  Desirability of the system to attackers

                4.  Which one of the following is not normally included in a security
                    assessment?

                    A.  Vulnerability scan

                    B.  Risk assessment


                    C.  Mitigation of vulnerabilities