# Network security testing — Quiz

### Network security testing

**1. During the "Test" phase of the Cisco Security Wheel, a security professional uses a tool that sends probe packets to identify active hosts and open services on a network. This tool is most accurately classified as a(n): (Choose one answer)**\
a) Packet Analyzer\
b) **Network Scanner**\
c) Intrusion Prevention System\
d) Software Analyzer

**2. What is the primary functional difference between OpenVAS and Nmap, making them complementary tools in a security testing workflow? (Choose one answer)**\
a) Nmap is passive, while OpenVAS is active\
b) Nmap scans for vulnerabilities, while OpenVAS performs host discovery\
c) **Nmap discovers hosts and services, while OpenVAS scans for known vulnerabilities**\
d) Nmap is a command-line tool, while OpenVAS has a graphical interface

**3. A security analyst needs to quickly capture and inspect all TCP traffic on port 443 on a server with minimal system resource usage. The most appropriate tool for this basic inspection task is: (Choose one answer)**\
a) Ghidra\
b) OpenVAS\
c) Wireshark\
d) **tcpdump**

**4. Which of the following tasks is a primary function of a protocol analyzer like Wireshark, as opposed to a software analyzer like Ghidra? (Choose one answer)**\
a) Disassembling machine code into assembly language\
b) Identifying a buffer overflow vulnerability in a compiled binary\
c) **Decoding and analyzing the contents of an HTTP session to identify cleartext passwords**\
d) Step-by-step debugging of a program's execution flow

**5. Deep Packet Inspection (DPI) primarily involves the analysis of which layers of the OSI model to understand application-specific data? (Choose one answer)**\
a) **Layers 5-7**\
b) Layers 1-2\
c) Layers 3-4\
d) Layers 6-7