A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which
technique will help protect against enumeration?

When utilizing technical assessment methods to assess the security posture of a network, which of the
following techniques would be most effective in determining whether end-user security training would be
beneficial?

Which of the following is a component of a risk assessment?

Which of the following is a detective control?

A penetration tester is hired to do a risk assessment of a company’s DMZ. The rules of engagement states that
the penetration test be done from an external IP address with no prior knowledge of the internal IT systems.
What kind of test is being performed?

Which of the following lists are valid data-gathering activities associated with a risk assessment?

What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the
received response?

A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that
were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below,
which of the following is likely to be installed on the target machine by the OS?
Starting NMAP 5.21 at 2011-03-15 11:06
NMAP scan report for 172.16.40.65
Host is up (1.00s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
139/tcp open netbios-ssn
515/tcp open
631/tcp open ipp
9100/tcp open
MAC Address: 00:00:48:0D:EE:89

An NMAP scan of a server shows port 25 is open. What risk could this pose?

The following is a sample of output from a penetration tester’s machine targeting a machine with the IP address
of 192.168.1.106:

What is most likely taking place?