User Account

All Pages

Which of the following are penetration testing methodology

Assignment Help Management Information Sys
Reference no: EM132017843

1) Which of the following are Penetration testing methodology?
A. White box model
B. Black box model
C. Gray box model
D. All of the above

2) Which of the following skills are needed to be a security tester?
A. Knowledge of network and computer technology
B. Ability to communicate with management and IT personnel
C. An understanding of the laws in your location and ability to use necessary tools
D. All of the above

3) Which of the following are the district layer of TCP/IP?
A. Network and Internet
B. Transport and Application
C. Network, Internet, Transport, Presentation
D. A and B

4) Which of the followings are the TCP segment flags?
A. SYN flag: synch flag , ACK flag: acknowledgment flag
B. PSH flag: push flag, URG flag: urgent flag, STF flag: set test flag
C. PSH flag: push flag, URG flag: urgent flag, RST flag: reset flag, FIN flag: finish flag
D. A and C

5) Which of the following are properties of User Datagram Protocol (UDP)?
A. Fast but unreliable delivery protocol and Operates on Transport layer
B. Used for speed but Does not need to verify receiver is listening or ready
C. Depends on higher layers of TCP/IP stack handle problems and Referred to as a connectionless protocol
D. All of the above

6) Distributed denial-of-service (DDoS) attack is:
A. Attack on host from single servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speed
B. Attack on host from multiple servers or workstations and Network could be flooded with billions of packets that causes Loss of bandwidth and Degradation or loss of speed
C. Attack on server from multiple host or workstations and Network could be flooded with billions of packets causes Loss of bandwidth and Degradation or loss of speed
D. None of the above

7) Different categories of Attacks are:
A. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow
B. Ping of Death, Session hijacking
C. Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), Buffer overflow, Ping of Death, Port High jacking (PoH)
D. A and B

8) Which of the following are Social Engineering Tactics?
A. Persuasion, Intimidation, Coercion
B. Persuasion, Intimidation, Coercion, Extortion, blackmailing
C. Persuasion, Intimidation, Coercion, Extortion, Urgency
D. All of the above

9) Which of the following/s are types of Port Scans?
A. ACK scan, FIN scan, UDP scan
B. SYN scan, NULL scan, XMAS scan,
C. ACK scan, FIN scan, UDP scan, SYN scan, NULL scan, XMAC scan
D. A and B

10) Enumeration extracts information about:
A. Resources or shares on the network
B. Usernames or groups assigned on the network
C. User's password and recent logon times
D. All of the above

11) Which of the following are NetBIOS Enumeration Tools?
A. Nbtstat command, Net view command, Net use command
B. Nbtstat command, Net view command, Dumpsec command
C. Nbtstat command, Net view command, Hyena command
D. None of the above

12) Dumsec is an Enumeration tool for Windows systems that does the following/s:
A. Allows user to connect to a server and "dump", Permissions for shares, Permissions for printers
B. Permissions for the Registry, Users in column or table format, Policies ,Rights, Services
C. Allows user to connect to a server and "dump", Permissions for shares, Permissions for printers and Permissions for the Registry, Users in column or table format
D. A and B

13) Which of the following are Tools for enumerating Windows targets?
A. Nbtstat, Net view, Net use
B. Nbtstat, Net view, Net use and Other utilities
C. Nbtstat, Net view, Net use, Nessus
D. All of the above

14) Which of the following statements is more accurate about Windows OS?
A. Many Windows OSs have serious vulnerabilities
B. None of the Windows OSs have any serious vulnerabilities
C. A few Windows OSs have any serious vulnerabilities
D. All of the Windows OSs have any serious vulnerabilities

15) Which of the following best describes Remote Procedure Call?
A. Allows a program running on one host to run code on a remote host
B. Allows a program running on one server to run code on another server
C. Allows a program running any server to run code on a designated clinet
D. None of the above

16) Buffer Overflows occurs when:
A. Data is written to a buffer and corrupts data in memory next to allocated buffer
B. Normally, occurs when copying strings of characters from one buffer to another
C. Data is deleted from a buffer and corrupts data in memory next to deleted buffer
D. A and B

17) Microsoft Baseline Security Analyzer (MBSA) is capable of checking which of the following/s?
A. Patches, Security updates, Configuration errors
B. Blank or weak passwords
C. A and B
D. None of the above

18) Which of the following/s are Vulnerabilities in Windows file systems?
A. Lack of ACL support in FAT and Risk of malicious ADSs in NTFS
B. RCP, NetBIOS, SMB, Null sessions
C. Windows Web services and IIS
D. All of the above

19) An Embedded system is:
A. Any computer system that is a general-purpose PC or server and they are in all networks and Perform essential functions
B. Any computer system that isn't a general-purpose PC or server and they are in all networks and Perform essential functions
C. Any computer system that isn't a server or client
D. None of the above

20) Object Linking and Embedding Database are Set of interfaces that:
A. Enable applications to access data stored in DBMS and relies on connection strings and allows application to access data stored on external device
B. Enable applications to access data stored in a server and relies on connection tokens and allows application to access data stored on external device
C. Enable applications to access data stored in flat files
D. All of the above

21) ActiveX Data Objects are:
A. Programming interface for connecting Web applications to a database
B. Defines a set of technologies that allow desktop applications to interact with Web
C. Network interface for connecting Web applications to a database
D. A and B

22) Attackers controlling a Web server can do which of the following/s?
A. Deface the Web site and destroy company's database or sell contents
B. Gain control of user accounts and perform secondary attacks
C. Gain root access to other application servers
D. All of the above

23) Which of the following/s are Web application vulnerabilities?
A. Cross-site scripting (XSS) flaws and Injection flaws and malicious file execution and Unsecured direct object reference
B. Cross-site request forgery (CSRF) and Information leakage and incorrect error handling and Broken authentication and session management
C. Unsecured cryptographic storage and Unsecured communication and Failure to restrict URL access
D. All of the above

24) Which of the following statements best describes Wireless Hacking?
A. Hacking a wireless network is different from hacking a wired Lan and Port scanning and Enumeration techniques can not be used.
B. Hacking a wireless network is not much different from hacking a wired LAN and Port scanning and Enumeration techniques can be used.
C. Hacking a wireless network is not much different from hacking a wired LAN and Port scanning technique can be used
D. All of the above

25) Cryptography is:
A. Process of converting plaintext into ciphertext
B. Process of converting ciphertext into plaintext
C. Process of converting plaintext into ciphertext and vise versa
D. All of the above

26) Which of the following statements is true?
A. Cryptography is a new technology
B. Cryptography has been around for thousands of years
C. Cryptography has been around for hundreds of years
D. None of the above

27) Which of the following best describes Hashing Algorithms?
A. Takes a variable-length message and produces a fixed-length value (i.e., message digest), Like a fingerprint of the message
B. Takes a variable-length message and produces a fixed-length value (i.e., message digest), Like a fingerprint of the message, If message is changed, hash value changes
C. Takes a fixed-length message and produces a variable-length value (i.e., message digest), Like a fingerprint of the message, If message is changed, hash value changes
D. B and C

Reference no: EM132017843

Questions Cloud

What is the profitability index of the transmission : A new transmission in your truck will cost $5,000.00. Luckily, it should reduce maintenance expense by $3,725.00 each year for the next 10 years.
What will the value of the firm be : New Schools expects an EBIT of $87,000 every year forever. The firm currently has no debt, and its cost of equity is 14.6 percent. The firm can borrow at 7.4.
Find what is the expected return of the portfolio : If the return on the market portfolio is 9% and the 90-day T-Bills are selling at 2% (the risk-free rate); is the expected return of the portfolio aligned.
What would cost of equity be if debt–equity ratio were zero : What would the cost of equity be if the debt–equity ratio were zero?
Which of the following are penetration testing methodology : Which of the following are Penetration testing methodology? Which of the following skills are needed to be a security tester?
Save each month until the month before he retires : Given a rate of return of 4% for the foreseeable future, how much does he need to save each month until the month before he retires?
What is amount recorded for the day sales : The actual cash received from cash sales was $14,356, and the amount indicated by the cash register total was $14,290. What is amount recorded for the day sales
Evaluate the role of basic networking and operating system : Job Experience Integration: Describe how your work experiences were used in the classroom and attributed to your performance in the course.
What is the coupon rate of bond with par value : What is the coupon rate of a bond with a par value of $1000, it is currently selling for $800, has 15 years to maturity and market rate is 10% per annul ?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Write a research paper on project management success

Write a research paper on Project management critical success factors and Future development of project management.

  Identify and discuss potential political impacts and ethics

Identify and discuss potential political impacts and ethical questions that could result from the program or policy evaluation you are proposing in your Final Paper. Make sure to identify relevant stakeholder variables and any other extrinsic soci..

  Discuss the future of data management for large firms

Produce a comparison of the management issues associated with traditional data management and with Big Data Management. Discuss the future of data management for large firms and the implications for IT management.

  What is your assessment of the competitive situation

1- What is your assessment of the competitive situation in which B&O finds itself in 2006? 2- B&Os radical design driven approach seems at odds with conventional business wisdom at many points, what are the advantages and disadvantages of this appr..

  Use of coordinated information technology

Coordinated information technology and competitive advantage - This discussed the use of coordinated information technology as it applies to delivering a competitive advantage for an organization.

  Proposed erp system

A one-page outline of your project proposal - The outline should briefly describe: the organization you will use, the proposed ERP system, and the rationale behind your selection.

  Provide a proposal to organize all the required data element

A prestigious university has recently implemented a consolidation strategy that will require it to centralize their student records. In order to move forward, the local university will need to develop a data model that will retain student records ..

  Who oversees geographically distributed enterprise networks

Why is it increasing most important for a CIO or IT executive who oversees geographically distributed enterprise networks to be business literate?

  Compare business continuity and disaster recovery planning

Analyze the way in which CIP has or has not advanced between the releases of the DHS' NIPP and the NIST's Framework for Improving Critical Infrastructure Cybersecurity. Justify your response.

  How were five components of information system identifiable

How were the five components of an information system identifiable in the sales literature, and what did the literature say about each of these components (enter "N/A" on missing items)?

  How does health record structures in computer-driven formats

How does Health record structures in computer-driven formats

  Create a potential liability as employee can be stolen

Databases create a mass of information that is easily searched and accessed. They also create a potential liability as employee and customer information can be stolen and misused.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd