Friday, September 18, 2015

CISSP Exam Preparation (Question 313)

(313) Open box testing, in the Flaw Hypothesis Methodology of Penetration Testing applies to the analysis of

A. Routers and firewalls
B. Host-based IDS systems
C. Network-based IDS systems
D. General purpose operating systems

Correct Answer: D

Explanation

Explanation/Reference:

Explanation:

Flaw Hypothesis Methodology - A system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists and, assuming a flaw does exist, on the ease of exploiting it and on the extent of control or compromise it would provide. The prioritized list is used to direct the actual testing of the system. http://www.kernel.org/pub/linux/ libs/security/Orange-Linux/refs/Orange/Orange0-5.html

- Idham Azhari

No comments: