DCOM258 QUIZ3 EXAM QUESTIONS AND ANSWERS WITH
COMPLETE SOLUTIONS GRADED A++ LATEST UPDATE
Following a data breach at a large retail company, their public relations team
issues a statement emphasizing the company's commitment to consumer
privacy. Identify the true statements concerning this event. (Select all that apply.)
-Data exfiltration by a malicious actor may have caused the data breach.
-The privacy breach may allow the threat actor to sell the data to other malicious actors.
When comparing vulnerability scanning and penetration testing to each other,
which statement is true?
Vulnerability scanning generally uses a passive approach, and penetration testing uses
a more active approach.
During a penetration test, systems administrators for a large company are tasked
to play on the white team for an affiliated company. Examine each of the following
roles and determine which role the systems admins will fill.
The systems admins will arbitrate the exercise, setting rules of engagement and
guidance.
Analyze and eliminate the item that is NOT an example of a reconnaissance
technique.
Initial exploitation
An outside security consultant updates a company's network, including data
cloud storage solutions. The consultant leaves the manufacturer's default
, settings when installing network switches, assuming the vendor shipped the
switches in a default-secure configuration. Examine the company's network
security posture and select the statements that describe key vulnerabilities in this
network. (Select all that apply.
-The default settings in the network switches represent a weak configuration.
-The network is open to third-party risks from using an outside contractor to configure
cloud storage settings.
A system administrator is tasked with scanning the company's network to include
a traceroute, identify which common ports are open, and which software and
software versions are running on each system. Evaluate and select the syntax
that should be used to yield the desired information if the administrator will be
executing this task from a Linux command line.
nmap -A 10.1.0.0/24
Which statement best explains the differences between black box, white box, and
gray box attack profiles used in penetration testing?
black box perform reconnaissance.
white box skips reconnaissance.
gray box partial reconnaissance.
In which of these situations might a non-credentialed vulnerability scan be more
advantageous than a credentialed scan? (Select all that apply.)
-External assessments of a network perimeter
-Web application scanning
COMPLETE SOLUTIONS GRADED A++ LATEST UPDATE
Following a data breach at a large retail company, their public relations team
issues a statement emphasizing the company's commitment to consumer
privacy. Identify the true statements concerning this event. (Select all that apply.)
-Data exfiltration by a malicious actor may have caused the data breach.
-The privacy breach may allow the threat actor to sell the data to other malicious actors.
When comparing vulnerability scanning and penetration testing to each other,
which statement is true?
Vulnerability scanning generally uses a passive approach, and penetration testing uses
a more active approach.
During a penetration test, systems administrators for a large company are tasked
to play on the white team for an affiliated company. Examine each of the following
roles and determine which role the systems admins will fill.
The systems admins will arbitrate the exercise, setting rules of engagement and
guidance.
Analyze and eliminate the item that is NOT an example of a reconnaissance
technique.
Initial exploitation
An outside security consultant updates a company's network, including data
cloud storage solutions. The consultant leaves the manufacturer's default
, settings when installing network switches, assuming the vendor shipped the
switches in a default-secure configuration. Examine the company's network
security posture and select the statements that describe key vulnerabilities in this
network. (Select all that apply.
-The default settings in the network switches represent a weak configuration.
-The network is open to third-party risks from using an outside contractor to configure
cloud storage settings.
A system administrator is tasked with scanning the company's network to include
a traceroute, identify which common ports are open, and which software and
software versions are running on each system. Evaluate and select the syntax
that should be used to yield the desired information if the administrator will be
executing this task from a Linux command line.
nmap -A 10.1.0.0/24
Which statement best explains the differences between black box, white box, and
gray box attack profiles used in penetration testing?
black box perform reconnaissance.
white box skips reconnaissance.
gray box partial reconnaissance.
In which of these situations might a non-credentialed vulnerability scan be more
advantageous than a credentialed scan? (Select all that apply.)
-External assessments of a network perimeter
-Web application scanning
