D.  80

                9.  Which one of the following tests provides the most accurate and
                    detailed information about the security state of a server?


                    A.  Unauthenticated scan

                    B.  Port scan

                    C.  Half-open scan

                    D.  Authenticated scan

              10.  What type of network discovery scan only follows the first two
                    steps of the TCP handshake?

                    A.  TCP connect scan

                    B.  Xmas scan

                    C.  TCP SYN scan

                    D.  TCP ACK scan


               11.  Matthew would like to test systems on his network for SQL
                    injection vulnerabilities. Which one of the following tools would be
                    best suited to this task?

                    A.  Port scanner

                    B.  Network vulnerability scanner

                    C.  Network discovery scanner

                    D.  Web vulnerability scanner

               12.  Badin Industries runs a web application that processes e-

                    commerce orders and handles credit card transactions. As such, it
                    is subject to the Payment Card Industry Data Security Standard
                    (PCI DSS). The company recently performed a web vulnerability
                    scan of the application and it had no unsatisfactory findings. How
                    often must Badin rescan the application?

                    A.  Only if the application changes

                    B.  At least monthly


                    C.  At least annually