ITN 261 Chapter 5 Exam Questions with Correct Detailed Answers (Verified Answers) Graded A+
Which of these may be considered worst practice when it comes to vulnerability scans?
1. Scanning production servers
2. Notifying operations staff ahead of time
3. Taking no action on the results
4....
ITN 261 Chapter 5 Exam Questions with
Correct Detailed Answers (Verified
Answers) Graded A+
1. You want to identify responsive hosts without a port scan.
2. You want to use something that is light on network traffic.
3. You want to use a protocol that may be allowed through the firewall.
4. All of the above. - Answer- 4. All of the above.
There may be several reasons for performing a ping sweep. You likely want to identify
responsive hosts on the network segment you are targeting. You may not, though, want
to use a full port scan. ICMP is a lightweight protocol and there is a chance it will be
allowed through the firewall, since it's used for troubleshooting and diagnostics.
Which of these may be considered worst practice when it comes to vulnerability scans?
1. Scanning production servers
2. Notifying operations staff ahead of time
3. Taking no action on the results
4. Using limited details in your scan reports - Answer- 3. Taking no action on the results
You would be expected to scan production servers, since that would be where you
would be most interested to find vulnerabilities. Letting operations staff know ahead of
time is polite since vulnerability scans may inadvertently knock over systems that would
need to be stood back up. Being paged in the middle of the night unexpectedly isn't fun.
If you know it's coming, it makes it easier. You may have reasons to use limited details
in your scan reports, including trying to reduce the disk space used or the paper used in
printing the reports. Taking no action on the results of a vulnerability scan is about the
worst thing you can do when it comes to vulnerability scans. It's worse than not running
them, since you could be considered liable because you know about the vulnerabilities
but you aren't doing anything about them.
Which of these may be considered an evasive technique?
1. Scanning nonstandard ports
2. Encoding data
3. Using a proxy server
4. Using nmap in blind mode - Answer- 2. Encoding data
Scanning nonstandard ports isn't evasive. It's just as noisy as, and potentially more
detectable than, scanning standard ports. You could use a proxy for some tasks, but all
it would do would be to hide your own IP address, which isn't evasive. You could still be
blocked or detected. Nmap does not have a blind mode. When you encode data,
though, you make it harder for the firewall or IDS to identify something bad that may be
happening, since these devices can't read the messages coming through.
, If you were to notice operating system commands inside a DNS request while looking at
a packet capture, what might you be looking at?
1. Tunneling attack
2. DNS amplification
3. DNS recursion
4. XML entity injection - Answer- 1. Tunneling attack
Tunneling attacks can be used to hide one protocol inside another. They may be used
to send operating system commands using a tunnel system. A DNS amplification attack
is where a small DNS request results in much larger responses sent to the target. DNS
recursion is used to look up information from DNS servers. An XML entity injection
attack is a web-based attack and wouldn't be found inside a DNS request.
What is an XMAS scan?
1. TCP scan with SYN/ACK/FIN set
2. UDP scan with FIN/PSH set
3. TCP scan with FIN/PSH/URG set
4. UDP scan SYN/URG/FIN set - Answer- 3. TCP scan with FIN/PSH/URG set
The XMAS scan is a TCP scan that uses unusual flag settings in the TCP headers to
attempt to evade firewalls or IDSs. The XMAS scan uses the FIN, PSH, and URG flags
and is called an XMAS scan because it looks like the packet is lit up like a Christmas
tree. None of the other answers match what an XMAS scan is.
What would you use MegaPing for?
1. Running exploits
2. Running a port scan
3. Issuing manual web requests
4. Crafting packets - Answer- 2. Running a port scan
MegaPing can be used to perform a lot of different functions, but crafting packets,
sending manual web requests, and running exploits are not functions it supports. It can,
though, run a port scan.
What would be a reason to use the Override feature in OpenVAS?
1. You want to run a different plug-in for a vulnerability.
2. You want to change the scanner settings.
3. You want to use TCP rather than UDP.
4. You want to change a severity rating on a finding. - Answer- 4. You want to change a
severity rating on a finding.
Plug-ins are matched to vulnerabilities. A different plug-in would identify a different
vulnerability and there is no way to change that. Scanner settings can be changed when
you set up a scan. Using TCP rather than UDP is vague. If you want to change a
severity rating from the one supplied by OpenVAS, you would override that rating. You
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Scholarsstudyguide. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.65. You're not tied to anything after your purchase.