(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike ChappleЧитать онлайн книгу.
disclosure, and Elaine wants to follow common ethical disclosure practices. What should she do first?Build an in-house remediation or control and then publicly disclosure the vulnerability to prompt the vendor to patch it quickly.Build an in-house remediation or control and then notify the vendor of the issue.Notify the vendor and give them a reasonable amount of time to fix the issue.Publicly disclose the vulnerability so that the vendor will patch it in an appropriate amount of time.For questions 97–99, please refer to the following scenario. NIST Special Publication 800-115, the Technical Guide to Information Security Testing and Assessment, provides NIST's process for penetration testing. Use this image as well as your knowledge of penetration testing to answer the questions.Source: NIST SP 800-115.
97 Which of the following is not a part of the discovery phase?Hostname and IP address information gatheringService information captureDumpster divingPrivilege escalation
98 NIST specifies four attack phase steps: gaining access, escalating privileges, system browsing, and installing additional tools. Once attackers install additional tools, what phase will a penetration tester typically return to?DiscoveryGaining accessEscalating privilegesSystem browsing
99 Which of the following is not a typical part of a penetration test report?A list of identified vulnerabilitiesAll sensitive data that was gathered during the testRisk ratings for each issue discoveredMitigation guidance for issues identified
100 Alex is using nmap to perform port scanning of a system, and he receives three different port status messages in the results. Match each of the numbered status messages with the appropriate lettered description. You should use each item exactly once.Status messageOpenClosedFilteredDescriptionThe port is accessible on the remote system, but no application is accepting connections on that port.The port is not accessible on the remote system.The port is accessible on the remote system, and an application is accepting connections on that port.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.