2.5.2 Network Security Testing Quiz Answers
2.5.2 Network Security Testing Quiz. Cyber Threat Management Module 2 Quiz Answers
1. What is the purpose of the Tripwire network testing tool?
- to perform vulnerability scanning
- to provide password auditing and recovery
- to detect unauthorized wired network access
- to provide information about vulnerabilities and aid in penetration testing and IDS signature development
- to assess configuration against established policies, recommended best practices, and compliance standards
Explanation: The Nesus tool provides remote vulnerability scanning that focuses on remote access, password misconfiguration, and DoS against the TCP/IP stack. L0phtcrack provides password auditing and recovery. Metasploit provides information about vulnerabilities and aids in penetration testing and IDS signature development.
2. An administrator is troubleshooting NetBIOS name resolution on a Windows PC. What command line utility can be used to do this?
- nbtstat
- ipconfig
- arp
- netstat
Explanation: The nbtstat command line utility can be used to troubleshoot NetBIOS name resolution problems in a Windows system.
3. The laptop of an attacker is attached to a corporate network. The attacker is examining all of the network traffic that is passing through the network interface card. Which network reconnaissance method does this scenario describe?
- penetration exercise
- red team blue team
- sniffing
- bug bounty
Explanation: Sniffing is effectively electronic eavesdropping on a network. It occurs when someone is examining all network traffic as it passes through their NIC, independent of whether the traffic is addressed to them or not. Criminals accomplish network sniffing using software, hardware, or a combination of the two.
4. Which cybersecurity weapon scans for use of default passwords, missing patches, open ports, misconfigurations, and active IP addresses?
- packet sniffers
- password crackers
- vulnerability scanners
- packet analyzers
Explanation: There are many tools that a cybersecurity specialist uses to evaluate the potential vulnerabilities of an organization.
5. An organization has hired a former hacker to test how well the organization would tolerate a real attack by using malicious techniques. What type of testing is the hacker performing for the organization?
- vulnerability
- sniffing
- reconnaissance
- penetration
Explanation: A penetration test is a safe way for an organization to test systems for weakness by using the same malicious techniques that are used by real hackers.
6. Which penetration test phase is concerned with conducting reconnaissance to gain information about the target network or device?
- attack
- discovery
- reporting
- planning
Explanation: There are four phases in performing network penetration tests: planning, discovery, attack, and reporting.
Phase 2, discovery, is concerned with using passive and active reconnaissance techniques to gather information.
7. A new technician was overheard telling colleagues that a secure network password had been discovered through a search of social media sites. What technique was used to acquire the password?
- passive reconnaissance
- man-in-the-middle
- active reconnaissance
- buffer overflow
- brute force
Explanation: Active reconnaissance means directly interacting with network systems to gather information using many of the tools that are used in penetration testing and vulnerability assessment. Passive reconnaissance means indirectly learning about the network and network users through searches from information sources that range from Facebook to leaked password details on the dark web.
8. What network security testing tool has the ability to provide details on the source of suspicious network activity?
- Tripwire
- Zenmap
- SIEM
- SuperScan
Explanation: There are various network security tools available for network security testing and evaluation. SuperScan is a Microsoft port scanning software that detects open TCP and UDP ports on systems. Nmap and Zenmap are low-level network scanners available to the public. Tripwire is used to assess if network devices are compliant with network security policies. SIEM is used to provide real-time reporting of security events on the network.
9. What network scanning tool has advanced features that allows it to use decoy hosts to mask the source of the scan?
- Nmap
- Metasploit
- Tripwire
- Nessus
Explanation: There are various network security tools available for network security testing and evaluation. Nessus can scan systems for software vulnerabilities. Metasploit is used for penetration testing and IDS signature development. Tripwire is used to assess if network devices are compliant with network security policies. Nmap is a low-level network scanner available to the public that an administrator can use to identify network layer protocol support on hosts. Nnmap can use decoy hosts to mask the source of the scan.
10. A new person has joined the security operations team for a manufacturing plant. What is a common scope of responsibility for this person?
- day-to-day maintenance of network security
- data security on host devices
- physical and logical security of all business personnel
- managing redundancy operations for all systems
Explanation: The operations team is responsible for keeping the network up and running in a secure and protected manner. They prevent reoccurring problems when possible, implement designs that reduce hardware failures to an acceptable level for critical systems, and reduce the impact of hardware failure.
11. Which approach provides automated tools allowing an organization to collect data about security threats from various sources?
- SuperScan
- Nmap
- SOAR
- NETCAT
Explanation: Orchestration Automation and Response (SOAR) tools allow an organization to collect data about security threats from various sources, and respond to low-level events without human intervention.
12. How does network scanning help assess operations security?
- It can simulate attacks from malicious sources.
- It can log abnormal activity.
- It can detect weak or blank passwords.
- It can detect open TCP ports on network systems.
Explanation: Network scanning can help a network administrator strengthen the security of the network and systems by identifying open TCP and UDP ports that could be targets of an attack.
13. What network testing tool is used for password auditing and recovery?
- Metasploit
- SuperScan
- Nessus
- L0phtcrack
Explanation: The Nesus tool provides remote vulnerability scanning that focuses on remote access, password misconfiguration, and DoS against the TCP/IP stack. L0phtcrack provides password auditing and recovery. Metasploit provides information about vulnerabilities and aids in penetration testing and IDS signature development.
14. What describes a feature of credentialed scans?
- They are less invasive than non-credentialed scans.
- They try to exploit vulnerabilities and may even crash the target.
- They return fewer false positives and fewer false negatives.
- They do not require usernames and passwords to provide authorized access to a system.
Explanation: In credentialed scans, usernames and passwords provide authorized access to a system, allowing the scanner to harvest more information. Credentialed scans return fewer false positives and fewer false negatives.