CISSP - Chapter 15 Review Questions
Which one of the following tools is used primarily to perform network discovery scans?
A. Nmap
B. Nessus
C. Metasploit
D. lsof - Answer A
Adam recently ran a network port scan of a web server running in his organization. He
ran the scan from an external network to get an attacker's perspective on the scan.
Which one of the following results is the greatest cause for alarm?
A. 80/open
B. 22/filtered
C. 443/open
D. 1433/open - Answer D
Which one of the following factors should not be taken into consideration when planning
a security testing schedule for a particular system?
A. Sensitivity of the information stored on the system
B. Difficulty of performing the test
C. Desire to experiment with new testing tools
D. Desirability of the system to attackers - Answer C
Which one of the following is not normally included in a security assessment?
A. Vulnerability scan
B. Risk assessment
C. Mitigation of vulnerabilities
D. Threat assessment - Answer C
Who is the intended audience for a security assessment report?
A. Management
B. Security auditor
C. Security professional
D. Customers - Answer A
Beth would like to run an nmap scan against all of the systems on her organization's
private network. These include systems in the 10.0.0.0 private address space. She
would like to scan this entire private address space because she is not certain what
subnets are used.
What network address should Beth specify as the target of her scan?
A. 10.0.0.0/0
B. 10.0.0.0/8
C. 10.0.0.0/16
D. 10.0.0.0/24 - Answer B
Alan ran an nmap scan against a server and determined that port 80 is open on the
server. What tool would likely provide him the best additional information about the
server's purpose and the identity of the server's operator?
Which one of the following tools is used primarily to perform network discovery scans?
A. Nmap
B. Nessus
C. Metasploit
D. lsof - Answer A
Adam recently ran a network port scan of a web server running in his organization. He
ran the scan from an external network to get an attacker's perspective on the scan.
Which one of the following results is the greatest cause for alarm?
A. 80/open
B. 22/filtered
C. 443/open
D. 1433/open - Answer D
Which one of the following factors should not be taken into consideration when planning
a security testing schedule for a particular system?
A. Sensitivity of the information stored on the system
B. Difficulty of performing the test
C. Desire to experiment with new testing tools
D. Desirability of the system to attackers - Answer C
Which one of the following is not normally included in a security assessment?
A. Vulnerability scan
B. Risk assessment
C. Mitigation of vulnerabilities
D. Threat assessment - Answer C
Who is the intended audience for a security assessment report?
A. Management
B. Security auditor
C. Security professional
D. Customers - Answer A
Beth would like to run an nmap scan against all of the systems on her organization's
private network. These include systems in the 10.0.0.0 private address space. She
would like to scan this entire private address space because she is not certain what
subnets are used.
What network address should Beth specify as the target of her scan?
A. 10.0.0.0/0
B. 10.0.0.0/8
C. 10.0.0.0/16
D. 10.0.0.0/24 - Answer B
Alan ran an nmap scan against a server and determined that port 80 is open on the
server. What tool would likely provide him the best additional information about the
server's purpose and the identity of the server's operator?
