A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.
Which of the following tools is the security engineer using to produce the above output?
A. Vulnerability scanner
B. SIEM
C. Port scanner
D. SCAP scanner
CompTIA Advanced Security Practitioner (CASP) Question 27
A company contracts a security engineer to perform a penetration test of its client-facing web portal. Which of the following activities would be MOST appropriate?
A. Use a protocol analyzer against the site to see if data input can be replayed from the browser
B. Scan the website through an interception proxy and identify areas for the code injection
C. Scan the site with a port scanner to identify vulnerable services running on the web server
D. Use network enumeration tools to identify if the server is running behind a load balancer
CompTIA Security+ Question K-94
Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?
A. Honeypot
B. Port scanner
C. Protocol analyzer
D. Vulnerability scanner
CompTIA Security+ Question J-72
Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?
A. Honeynet
B. Vulnerability scanner
C. Port scanner
D. Protocol analyzer
CompTIA Security+ Question H-100
Which of the following tools would a security administrator use in order to identify all running services throughout an organization?
A. Architectural review
B. Penetration test
C. Port scanner
D. Design review
CompTIA Security+ Question H-75
Emily, the Chief Information Officer (CIO), has requested an audit take place to determine what services and operating systems are running on the corporate network. Which of the following should be used to complete this task?
A. Fingerprinting and password crackers
B. Fuzzing and a port scan
C. Vulnerability scan and fuzzing
D. Port scan and fingerprinting
CompTIA Security+ Question G-62
Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane’s company?
A. Vulnerability scanner
B. Honeynet
C. Protocol analyzer
D. Port scanner
CompTIA Security+ Question G-55
Which of the following is a penetration testing method?
A. Searching the WHOIS database for administrator contact information
B. Running a port scanner against the target’s network
C. War driving from a target’s parking lot to footprint the wireless network
D. Calling the target’s helpdesk, requesting a password reset
CompTIA Security+ Question A-83
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
A. Penetration test
B. Vulnerability scan
C. Load testing
D. Port scanner
CompTIA Security+ Question A-82
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
A. Port scanner
B. Network sniffer
C. Protocol analyzer
D. Process list