New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 10 Question 78 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 78
Topic #: 10
[All CSSLP Questions]

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the pre-attack phase successfully: Information gathering Determination of network range Identification of active systems

Location of open ports and applications Now, which of the following tasks should he perform next?

Show Suggested Answer Hide Answer
Suggested Answer: A

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules

designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may

not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.


by Becky at Dec 26, 2023, 04:47 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carmela
3 months ago
Not sure if OS fingerprinting is the best move here...
upvoted 0 times
...
Shanda
3 months ago
I agree, fingerprinting services is crucial for the next phase.
upvoted 0 times
...
Polly
4 months ago
Wait, installing a backdoor? That's illegal, right?
upvoted 0 times
...
Sueann
4 months ago
Mapping the network sounds like a solid next step too!
upvoted 0 times
...
Gerald
4 months ago
I think he should definitely perform OS fingerprinting next.
upvoted 0 times
...
Novella
4 months ago
Installing a backdoor seems really risky and unethical, even in a testing scenario. I don't think that's something John should do at this stage.
upvoted 0 times
...
Tish
4 months ago
I definitely recall a practice question where we had to choose between OS fingerprinting and service fingerprinting. I think service fingerprinting is more specific to the applications running, which could be more useful.
upvoted 0 times
...
Buck
4 months ago
I'm a bit unsure about whether mapping the network or fingerprinting services comes first. I think both are important, but I feel like mapping might give a better overall picture.
upvoted 0 times
...
Cortney
5 months ago
I remember we discussed the importance of OS fingerprinting in our last class. It helps identify the operating systems running on the network, which is crucial for the next steps.
upvoted 0 times
...
Myra
5 months ago
Okay, let me think this through step-by-step. We've already done information gathering, determined the network range, and identified active systems. Now we need to dig deeper into the services and applications running on the network. I think fingerprinting the services is the way to go.
upvoted 0 times
...
Brent
5 months ago
Installing a backdoor? No way, that's way too risky and not something an ethical hacker should do. I'm pretty sure the right answer is to fingerprint the services running on the network.
upvoted 0 times
...
Loreta
5 months ago
Hmm, I'm a bit unsure here. Mapping the network could also be a good next step to get a better understanding of the overall system. I'll have to think this through carefully.
upvoted 0 times
...
Lemuel
5 months ago
This seems like a straightforward question. I think the next logical step would be to perform OS fingerprinting on the We-are-secure network.
upvoted 0 times
...
Kati
5 months ago
I'm leaning towards option C, since the file is posted to a record, so users with access to that record should be able to view the file by default.
upvoted 0 times
...
Nikita
5 months ago
I think the key here is to focus on the word "customizable." That's the important detail we need to identify the right components. Let me go through each option and consider which ones can be customized.
upvoted 0 times
...
Sherita
5 months ago
Hmm, I'm a bit unsure about this one. I know governance and security controls are important, but I'm not sure which of these options would be the right answer. I'll have to think it through step-by-step.
upvoted 0 times
...
Pok
10 months ago
Option D is the way to go. Fingerprinting the services will give me a comprehensive understanding of the target's attack surface. Gotta love a good network mapping exercise!
upvoted 0 times
Fernanda
9 months ago
Kanisha: Absolutely, knowing the services running will help us identify potential vulnerabilities to exploit.
upvoted 0 times
...
Freeman
9 months ago
User 3: It's important to have a clear picture of the services in order to plan the attack effectively.
upvoted 0 times
...
Kanisha
9 months ago
User 2: Agreed, mapping the network and identifying the services running will give us valuable information for the next steps.
upvoted 0 times
...
Kanisha
10 months ago
User 1: Option D is definitely the right choice. Fingerprinting the services is crucial for understanding the attack surface.
upvoted 0 times
...
...
Willetta
10 months ago
Haha, I'm with Vicki on this one. Trying to backdoor the server? That's like cheating on a test - totally defeats the purpose of being an ethical hacker. Stick to the script, John!
upvoted 0 times
...
Vicki
10 months ago
Whoa, hold on! Installing a backdoor? That's crossing the line, buddy. I'm an ethical hacker, not a black hat. Option C is definitely not the way to go.
upvoted 0 times
Jerlene
9 months ago
B) Map the network of We-are-secure Inc.
upvoted 0 times
...
Taryn
10 months ago
User 2: Yeah, we should stick to ethical hacking practices.
upvoted 0 times
...
Paulene
10 months ago
A) Perform OS fingerprinting on the We-are-secure network.
upvoted 0 times
...
Justine
10 months ago
User 1: I agree, installing a backdoor is unethical.
upvoted 0 times
...
...
Nada
10 months ago
Performing OS fingerprinting on the target network is the logical next step. It will help me understand the vulnerabilities and plan my attack strategy more effectively.
upvoted 0 times
...
Rosina
10 months ago
I believe mapping the network of We-are-secure Inc. would also be a good next step to understand the network better.
upvoted 0 times
...
Willis
10 months ago
I agree with Nu. OS fingerprinting will help John gather more information about the network.
upvoted 0 times
...
Nu
11 months ago
I think John should perform OS fingerprinting on the We-are-secure network next.
upvoted 0 times
...
Michel
11 months ago
I believe mapping the network of We-are-secure Inc. would also be a good next step to understand the network better.
upvoted 0 times
...
Lashon
11 months ago
I agree with Nell. OS fingerprinting will help John gather more information about the network.
upvoted 0 times
...
Nell
11 months ago
I think John should perform OS fingerprinting on the We-are-secure network next.
upvoted 0 times
...

Save Cancel