Page 1551 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1551
10. C. The TCP SYN scan sends a SYN packet and receives a SYN ACK
packet in response, but it does not send the final ACK required to
complete the three-way handshake.
11. D. SQL injection attacks are web vulnerabilities, and Matthew
would be best served by a web vulnerability scanner. A network
vulnerability scanner might also pick up this vulnerability, but the
web vulnerability scanner is specifically designed for the task and
more likely to be successful.
12. C. PCI DSS requires that Badin rescan the application at least
annually and after any change in the application.
13. B. Metasploit is an automated exploit tool that allows attackers to
easily execute common attack techniques.
14. C. Mutation fuzzing uses bit flipping and other techniques to
slightly modify previous inputs to a program in an attempt to
detect software flaws.
15. A. Misuse case testing identifies known ways that an attacker might
exploit a system and tests explicitly to see if those attacks are
possible in the proposed code.
16. B. User interface testing includes assessments of both graphical
user interfaces (GUIs) and command-line interfaces (CLIs) for a
software program.
17. B. During a white box penetration test, the testers have access to
detailed configuration information about the system being tested.
18. B. Unencrypted HTTP communications take place over TCP port
80 by default.
19. C. The Fagin inspection process concludes with the follow-up
phase.
20. B. The backup verification process ensures that backups are
running properly and thus meeting the organization’s data
protection objectives.
