D.  There is no rescanning requirement.

               13.  Grace is performing a penetration test against a client’s network
                    and would like to use a tool to assist in automatically executing

                    common exploits. Which one of the following security tools will
                    best meet her needs?

                    A.  nmap

                    B.  Metasploit

                    C.  Nessus

                    D.  Snort

               14.  Paul would like to test his application against slightly modified
                    versions of previously used input. What type of test does Paul

                    intend to perform?

                    A.  Code review

                    B.  Application vulnerability review

                    C.  Mutation fuzzing

                    D.  Generational fuzzing

               15.  Users of a banking application may try to withdraw funds that
                    don’t exist from their account. Developers are aware of this threat
                    and implemented code to protect against it. What type of software
                    testing would most likely catch this type of vulnerability if the

                    developers have not already remediated it?

                    A.  Misuse case testing

                    B.  SQL injection testing

                    C.  Fuzzing

                    D.  Code review

               16.  What type of interface testing would identify flaws in a program’s
                    command-line interface?

                    A.  Application programming interface testing

                    B.  User interface testing