MSIS 4123 Exam 4 Questions With Correct
Answers
CEH - CORRECT ANSWER✔✔-Certified Ethical Hacker; Certificate from EC-Council,
| | | | | | | |
Multiple choice
| |
CVE - CORRECT ANSWER✔✔-Common Vulnerabilities and Exposure; database of
| | | | | | | | |
known vulnerabilities
|
CWE - CORRECT ANSWER✔✔-Common Weakness Enumeration; Classification
| | | | | | |
system for vulnerabilities
| |
Ethical Hacking - CORRECT ANSWER✔✔-Broadly covers the use of any/all hacking
| | | | | | | | | | |
techniques for "good" use. | | |
GPEN - CORRECT ANSWER✔✔-Certificate from GIAC; Offered by SANS with their
| | | | | | | | | | |
classes, Multiple choice| |
NVD - CORRECT ANSWER✔✔-National Vulnerability Database; Connects to CVE
| | | | | | | | |
and others
|
OSCP - CORRECT ANSWER✔✔-Certificate from Offensive Security; Requires real
| | | | | | | | |
pen test and report; Very hard
| | | | |
,Pen Testing Areas - CORRECT ANSWER✔✔-Network
| | | | |
WiFi
Web Apps|
Mobile
Database
Pen Testing Discovery - CORRECT ANSWER✔✔-Footprinting
| | | | |
Scanning
Enumeration
Pen Testing Enumeration - CORRECT ANSWER✔✔-Aggressive search with active
| | | | | | | | |
connection and directed queries to identify network resources, shares, users,
| | | | | | | | | |
groups, applications
|
Pen Testing Exploitation - CORRECT ANSWER✔✔-Using vulnerabilites to deliver a
| | | | | | | | | |
payload (bad code) to the victim computer; Metasploit, Armitage
| | | | | | | |
Pen Testing Footprinting - CORRECT ANSWER✔✔-Learning about an organization;
| | | | | | | | |
passive; WHOIS |
Pen Testing Full Knowlege Test - CORRECT ANSWER✔✔-From the view of an
| | | | | | | | | | | |
insider, knows everything about the systems and company
| | | | | | |
Pen Testing Justifications - CORRECT ANSWER✔✔-System Accreditation
| | | | | |
Risk Assessment
|
, Auditing
Justifying Security Expenditures
| |
Compliance
Pen Testing Scanning - CORRECT ANSWER✔✔-Passively identifying computer,
| | | | | | | |
ports, services, shares, etc.; NMAP, NESSUS
| | | | |
Pen Testing Steps - CORRECT ANSWER✔✔-Business and Legal
| | | | | | |
Vulnerability Test |
Vulnerabilty Analysis |
Remediation
Pen Testing Zero Knowlege Test - CORRECT ANSWER✔✔-From the view of a
| | | | | | | | | | | |
hacker, knows nothing about the system; most realistic
| | | | | | |
Penetration Testing - CORRECT ANSWER✔✔-Vulnerability testing, reporting and
| | | | | | | |
remediation of networks and computers
| | | |
Vulnerability Assessment - CORRECT ANSWER✔✔-Identifying, quantifying and
| | | | | | |
ranking vulnerabilities in a system
| | | |
Vulnerabilty Mapping - CORRECT ANSWER✔✔-Matching found services, ports
| | | | | | | |
and o/s to known vulnerabilities
| | | |
Answers
CEH - CORRECT ANSWER✔✔-Certified Ethical Hacker; Certificate from EC-Council,
| | | | | | | |
Multiple choice
| |
CVE - CORRECT ANSWER✔✔-Common Vulnerabilities and Exposure; database of
| | | | | | | | |
known vulnerabilities
|
CWE - CORRECT ANSWER✔✔-Common Weakness Enumeration; Classification
| | | | | | |
system for vulnerabilities
| |
Ethical Hacking - CORRECT ANSWER✔✔-Broadly covers the use of any/all hacking
| | | | | | | | | | |
techniques for "good" use. | | |
GPEN - CORRECT ANSWER✔✔-Certificate from GIAC; Offered by SANS with their
| | | | | | | | | | |
classes, Multiple choice| |
NVD - CORRECT ANSWER✔✔-National Vulnerability Database; Connects to CVE
| | | | | | | | |
and others
|
OSCP - CORRECT ANSWER✔✔-Certificate from Offensive Security; Requires real
| | | | | | | | |
pen test and report; Very hard
| | | | |
,Pen Testing Areas - CORRECT ANSWER✔✔-Network
| | | | |
WiFi
Web Apps|
Mobile
Database
Pen Testing Discovery - CORRECT ANSWER✔✔-Footprinting
| | | | |
Scanning
Enumeration
Pen Testing Enumeration - CORRECT ANSWER✔✔-Aggressive search with active
| | | | | | | | |
connection and directed queries to identify network resources, shares, users,
| | | | | | | | | |
groups, applications
|
Pen Testing Exploitation - CORRECT ANSWER✔✔-Using vulnerabilites to deliver a
| | | | | | | | | |
payload (bad code) to the victim computer; Metasploit, Armitage
| | | | | | | |
Pen Testing Footprinting - CORRECT ANSWER✔✔-Learning about an organization;
| | | | | | | | |
passive; WHOIS |
Pen Testing Full Knowlege Test - CORRECT ANSWER✔✔-From the view of an
| | | | | | | | | | | |
insider, knows everything about the systems and company
| | | | | | |
Pen Testing Justifications - CORRECT ANSWER✔✔-System Accreditation
| | | | | |
Risk Assessment
|
, Auditing
Justifying Security Expenditures
| |
Compliance
Pen Testing Scanning - CORRECT ANSWER✔✔-Passively identifying computer,
| | | | | | | |
ports, services, shares, etc.; NMAP, NESSUS
| | | | |
Pen Testing Steps - CORRECT ANSWER✔✔-Business and Legal
| | | | | | |
Vulnerability Test |
Vulnerabilty Analysis |
Remediation
Pen Testing Zero Knowlege Test - CORRECT ANSWER✔✔-From the view of a
| | | | | | | | | | | |
hacker, knows nothing about the system; most realistic
| | | | | | |
Penetration Testing - CORRECT ANSWER✔✔-Vulnerability testing, reporting and
| | | | | | | |
remediation of networks and computers
| | | |
Vulnerability Assessment - CORRECT ANSWER✔✔-Identifying, quantifying and
| | | | | | |
ranking vulnerabilities in a system
| | | |
Vulnerabilty Mapping - CORRECT ANSWER✔✔-Matching found services, ports
| | | | | | | |
and o/s to known vulnerabilities
| | | |