Skip to content

Chapter 15 Security Assessment and Testing

Domain 6 & 8

Written Lab

  1. Describe the difference between TCP SYN scanning and TCP connect scanning.

    p.733

  2. What are the three port status values returned by the nmap network discovery scanning tool?

    Open, closed, and filtered.

  3. What is the difference between static and dynamic code testing techniques?

    • Static testing techniques, such as code reviews, evaluate the security of software without running it by analyzing either the source code or the compiled application.

    • Dynamic testing evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.

  4. What is the difference between mutation fuzzing and generational fuzzing?

    • Mutation (dumb) fuzzing takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input. It might alter the characters of the content, append strings to the end of the content, or perform other data manipulation techniques.

    • Generational (intelligent) fuzzing develops data models and creates new fuzzed input based on an understanding of the types of data used by the program.