which of the following types of testing?
The security consultant is assigned to test a client’s new software for security, after logs show targeted
attacks from the Internet. To determine the weaknesses, the consultant has no access to the application
program interfaces, code, or data structures. This is an example of which of the following types of
testing?
what the security company might do during a black box test?
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security
company has been hired to perform a penetration test against his network. The security company asks
Matt which type of testing would be most beneficial for him. Which of the following BEST describes what
the security company might do during a black box test?
which of the following types of testing?
A quality assurance analyst is reviewing a new software product for security, and has complete access to
the code and data structures used by the developers. This is an example of which of the following types of
testing?
Which of the following reviews should Jane conduct?
Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall
application but does not have all the details. Jane needs to review the software before it is released to
production. Which of the following reviews should Jane conduct?
which of the following types of testing?
An IT auditor tests an application as an authenticated user. This is an example of which of the following
types of testing?
Which of the following is the developer performing when testing the application?
A software development company has hired a programmer to develop a plug-in module to an existing
proprietary application. After completing the module, the developer needs to test the entire application
to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer
performing when testing the application?
The security administrator is determining the:
A set of standardized system images with a pre-defined set of applications is used to build end-user
workstations. The security administrator has scanned every workstation to create a current inventory of
all applications that are installed on active workstations and is documenting which applications are outof-date and could be exploited. The security administrator is determining the:
Which of the following does this describe?
On a train, an individual is watching a proprietary video on Joe’s laptop without his knowledge. Which of
the following does this describe?
Which of the following BEST describes the compromised system?
An administrator is investigating a system that may potentially be compromised, and sees the following
log entries on the router.
*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 3 packets.
*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 6 packets.
*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) ->
10.10.1.5 (6667), 8 packets.
Which of the following BEST describes the compromised system?
Which of the following devices is used for the transparent security inspection of network…?
Which of the following devices is used for the transparent security inspection of network traffic by
redirecting user packets prior to sending the packets to the intended destination?