Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
A. Architectural review
B. Penetration test
C. Port scanner
D. Design review
CompTIA exam questions
Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
A. Architectural review
B. Penetration test
C. Port scanner
D. Design review
A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).
A. Deploy a honeypot
B. Disable unnecessary services
C. Change default passwords
D. Implement an application firewall
E. Penetration testing
During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).
A. 21
B. 22
C. 23
D. 69
E. 3389
F. SSH
G. Terminal services
H. Rlogin
I. Rsync
J. Telnet
A new security analyst is given the task of determining whether any of the company’s servers are vulnerable to a recently discovered attack on an old version of SSH. Which of the following is the quickest FIRST step toward determining the version of SSH running on these servers?
A. Passive scanning
B. Banner grabbing
C. Protocol analysis
D. Penetration testing
The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
A. Implement a honeynet
B. Perform a penetration test
C. Examine firewall logs
D. Deploy an IDS
A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?
A. Patch management assessment
B. Business impact assessment
C. Penetration test
D. Vulnerability assessment
Which of the following is a penetration testing method?
A. Searching the WHOIS database for administrator contact information
B. Running a port scanner against the target’s network
C. War driving from a target’s parking lot to footprint the wireless network
D. Calling the target’s helpdesk, requesting a password reset
An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?
A. Penetration
B. White box
C. Black box
D. Gray box
Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?
A. Vulnerability assessment
B. Black box testing
C. White box testing
D. Penetration testing
During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?
A. All users have write access to the directory.
B. Jane has read access to the file.
C. All users have read access to the file.
D. Jane has read access to the directory.