TestOut Network Pro 12.2.10 Practice
Questions Questions With Solutions 100%
Solved
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Quantitative analysis assigns a financial value, or a real number (and the cost required to recover
from a loss) to each asset.
Qualitative analysis seeks to identify costs that cannot be concretely defined.
Transfer and acceptance are responses to risk, not risk analysis methods.
What is the main difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed within the security perimeter; penetration testing is
performed outside of the security perimeter.
Penetration testing simulates an actual attack on the network and is conducted from outside the
organization's security perimeter. Vulnerability scanning is typically performed internally by
users with administrative access to the system.
The goal of both vulnerability scanning and penetration testing is to identify the effectiveness of
security measures and identify weaknesses that can be fixed. While some penetration testing is
, TestOut Network Pro 12.2.10 Practice
Questions Questions With Solutions 100%
Solved
performed with no knowledge of the network, penetration testing could be performed by testers
with detailed information about the systems. Both vulnerability scanning and penetration testing
can use similar tools, although you should avoid illegal tools in both activities.
A security administrator is conducting a penetration test on a network. She connects a notebook
system running Linux to the wireless network and then uses Nmap to probe various network
hosts to see which operating system they are running.
Which process did the administrator use for the penetration test in this scenario? Active
fingerprinting
The administrator in this scenario used active fingerprinting. Active fingerprinting is a form of
system enumeration that is designed to gain as much information about a specific computer as
possible. It identifies operating systems based upon ICMP message quoting characteristics.
Portions of an original ICMP request are repeated (or quoted) within the response, and each
operating system quotes this information back in a slightly different manner. Active
fingerprinting can determine the operating system and even the patch level.
Passive fingerprinting works in much the same manner as active fingerprinting. However, this
technique does not utilize active probes of specific systems. Network enumeration (also called
Questions Questions With Solutions 100%
Solved
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Quantitative analysis assigns a financial value, or a real number (and the cost required to recover
from a loss) to each asset.
Qualitative analysis seeks to identify costs that cannot be concretely defined.
Transfer and acceptance are responses to risk, not risk analysis methods.
What is the main difference between vulnerability scanning and penetration testing?
Vulnerability scanning is performed within the security perimeter; penetration testing is
performed outside of the security perimeter.
Penetration testing simulates an actual attack on the network and is conducted from outside the
organization's security perimeter. Vulnerability scanning is typically performed internally by
users with administrative access to the system.
The goal of both vulnerability scanning and penetration testing is to identify the effectiveness of
security measures and identify weaknesses that can be fixed. While some penetration testing is
, TestOut Network Pro 12.2.10 Practice
Questions Questions With Solutions 100%
Solved
performed with no knowledge of the network, penetration testing could be performed by testers
with detailed information about the systems. Both vulnerability scanning and penetration testing
can use similar tools, although you should avoid illegal tools in both activities.
A security administrator is conducting a penetration test on a network. She connects a notebook
system running Linux to the wireless network and then uses Nmap to probe various network
hosts to see which operating system they are running.
Which process did the administrator use for the penetration test in this scenario? Active
fingerprinting
The administrator in this scenario used active fingerprinting. Active fingerprinting is a form of
system enumeration that is designed to gain as much information about a specific computer as
possible. It identifies operating systems based upon ICMP message quoting characteristics.
Portions of an original ICMP request are repeated (or quoted) within the response, and each
operating system quotes this information back in a slightly different manner. Active
fingerprinting can determine the operating system and even the patch level.
Passive fingerprinting works in much the same manner as active fingerprinting. However, this
technique does not utilize active probes of specific systems. Network enumeration (also called
