When comparing the testing methodologies of Open Web Application Security Project (OWASP)
and Open Source Security Testing Methodology Manual (OSSTMM) the main difference is

Which of the following is a protocol that is prone to a man-in-the-middle (MITM) attack and maps a
32-bit address to a 48-bit address?

Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid
detection by the network’s IDS?

Windows file servers commonly hold sensitive files, databases, passwords and more. Which of
the following choices would be a common vulnerability that usually exposes them?

Which type of access control is used on a router or firewall to limit network activity?

Which NMAP command combination would let a tester scan every TCP port from a class C
network that is blocking ICMP with fingerprinting and service detection?

Which types of detection methods are employed by Network Intrusion Detection Systems (NIDS)?
(Choose two.)

The fundamental difference between symmetric and asymmetric key cryptographic systems is that
symmetric key cryptography uses which of the following?

Which command lets a tester enumerate alive systems in a class C network via ICMP using native
Windows tools?

How can telnet be used to fingerprint a web server?