Network security testing — Quiz

Network security testing

1. During the "Test" phase of the Cisco Security Wheel, a security professional uses a tool that sends probe packets to identify active hosts and open services on a network. This tool is most accurately classified as a(n): (Choose one answer) a) Packet Analyzer b) Network Scanner c) Intrusion Prevention System d) Software Analyzer

2. What is the primary functional difference between OpenVAS and Nmap, making them complementary tools in a security testing workflow? (Choose one answer) a) Nmap is passive, while OpenVAS is active b) Nmap scans for vulnerabilities, while OpenVAS performs host discovery c) Nmap discovers hosts and services, while OpenVAS scans for known vulnerabilities d) Nmap is a command-line tool, while OpenVAS has a graphical interface

3. A security analyst needs to quickly capture and inspect all TCP traffic on port 443 on a server with minimal system resource usage. The most appropriate tool for this basic inspection task is: (Choose one answer) a) Ghidra b) OpenVAS c) Wireshark d) tcpdump

4. Which of the following tasks is a primary function of a protocol analyzer like Wireshark, as opposed to a software analyzer like Ghidra? (Choose one answer) a) Disassembling machine code into assembly language b) Identifying a buffer overflow vulnerability in a compiled binary c) Decoding and analyzing the contents of an HTTP session to identify cleartext passwords d) Step-by-step debugging of a program's execution flow

5. Deep Packet Inspection (DPI) primarily involves the analysis of which layers of the OSI model to understand application-specific data? (Choose one answer) a) Layers 5-7 b) Layers 1-2 c) Layers 3-4 d) Layers 6-7