Cybersecurity Exam: Vulnerability Management and Scanning, Exams of Cybercrime, Cybersecurity and Data Privacy

A series of multiple-choice questions and answers related to vulnerability management and scanning in cybersecurity. It covers topics such as vulnerability scanning tools, frequency, credentialed scans, scap components, fisma requirements, vulnerability management life cycle, continuous monitoring, impact categorization, cvss scoring, vm escape attacks, intrusion detection systems, cross-site scripting, cloud security assessment tools, shared responsibility model, and faas computing. Insights into best practices and common vulnerabilities in cybersecurity.

Typology: Exams

2024/2025

Available from 03/13/2025

examplung..
examplung.. 🇺🇸

1.7K documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Ch 4 - 6 Exam with
complete solution
Denning [Date] [Course title]
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Cybersecurity Exam: Vulnerability Management and Scanning and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Ch 4 - 6 Exam with

complete solution

Denning [Date] [Course title]

D. Quarterly PCI DSS requires that organizations conduct vulnerability scans on at least a quarterly basis, although many organizations choose to conduct scans on a much more frequent basis. - Correct Answers: Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans? A. Daily B. Weekly C. Monthly D. Quarterly B. Snort Qualys, Nessus, and OpenVAS are all examples of vulnerability scanning tools. Snort is an intrusion detection system. - Correct Answers: Which one of the following is not an example of a vulnerability scanning tool? A. Qualys B. Snort C. Nessus D. OpenVAS D. Read-only Credentialed scans only require read-only access to target servers. Renee should follow the principle of least privilege and limit the access available to the scanner. - Correct Answers: Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? A. Domain administrator

Control enhancement number 4 requires that an organization determine what information about the system is discoverable by adversaries. This enhancement only applies to FISMA high systems. - Correct Answers: What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries? A. Low B. Moderate C. High D. Severe C. Reporting Although reporting and communication are an important part of vulnerability management, they are not included in the life cycle. The three life-cycle phases are detection, remediation, and testing. - Correct Answers: Which one of the following activities is not part of the vulnerability management life cycle? A. Detection B. Remediation C. Reporting D. Testing A. Continuous monitoring Continuous monitoring incorporates data from agent-based approaches to vulnerability detection and reports security-related configuration changes to the vulnerability management platform as soon as they occur, providing the ability to analyze those changes for potential vulnerabilities. - Correct Answers: What approach to vulnerability scanning incorporates information from agents running on the target servers? A. Continuous monitoring

B. Ongoing scanning C. On-demand scanning D. Alerting B. Moderate impact Systems have a moderate impact from a confidentiality perspective if the unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. - Correct Answers: Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized? A. Low impact B. Moderate impact C. High impact D. Severe impact A. CVSS The Common Vulnerability Scoring System (CVSS) provides a standardized approach for measuring and describing the severity of security vulnerabilities. Jessica could use this scoring system to prioritize issues raised by different source systems. - Correct Answers: Jessica is reading reports from vulnerability scans run by different parts of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task? A. CVSS B. CVE C. CPE D. XCCDF

A. High B. Medium C. Low D. Severe D. 3. Version 3.1 of CVSS is currently available but is not as widely used as the more common CVSS version 2.0. - Correct Answers: What is the most recent version of CVSS that is currently available? A. 1. B. 2. C. 2. D. 3. A. VM escape VM escape vulnerabilities are the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. In an escape attack, the attacker has access to a single virtual host and then manages to leverage that access to intrude on the resources assigned to a different virtual machine. - Correct Answers: In what type of attack does the attacker seek to gain access to resources assigned to a different virtual machine? A. VM escape B. Management interface brute force C. LDAP injection D. DNS amplification B. IDS

Intrusion detection systems (IDSs) are a security control used to detect network or host attacks. The Internet of Things (IoT), supervisory control and data acquisition (SCADA) systems, and industrial control systems (ICSs) are all associated with connecting physical world objects to a network. - Correct Answers: Which one of the following terms is not typically used to describe the connection of physical devices to a network? A. IoT B. IDS C. ICS D. SCADA D. Cross-site scripting In a cross-site scripting (XSS) attack, an attacker embeds scripting commands on a website that will later be executed by an unsuspecting visitor accessing the site. The idea is to trick a user visiting a trusted site into executing malicious code placed there by an untrusted third party. - Correct Answers: Monica discovers that an attacker posted a message in a web forum that she manages that is attacking users who visit the site. Which one of the following attack types is most likely to have occurred? A. SQL injection B. Malware injection C. LDAP injection D. Cross-site scripting B. ScoutSuite ScoutSuite is the only cloud assessment tool listed here that performs security scans of Azure environments. Inspector and Prowler are AWS-specific tools. Pacu is an exploitation framework used in penetration testing. - Correct Answers: Amanda would like to run a security configuration scan of her Microsoft Azure cloud environment. Which one of the following tools would be most appropriate for her needs?

D. Hybrid cloud Hybrid cloud environments blend elements of public, private, and/or community cloud solutions. A hybrid cloud requires the use of technology that unifies the different cloud offerings into a single, coherent platform. - Correct Answers: Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers? A. Public cloud B. Private cloud C. Community cloud D. Hybrid cloud C. Using a cloud provider's web interface to provision resources Infrastructure as code is any approach that automates the provisioning, management, and deprovisioning of cloud resources. Defining resources through JSON or YAML is IaC, as is writing code that interacts with an API. Provisioning resources through a web interface is manual, not automated, and therefore does not qualify as IaC. - Correct Answers: Which one of the following is not an example of infrastructure as code? A. Defining infrastructure in JSON B. Writing code to interact with a cloud provider's API C. Using a cloud provider's web interface to provision resources D. Defining infrastructure in YAML C. Inline CASB solutions can monitor activity but cannot actively enforce policy. Inline CASB solutions require either network reconfiguration or the use of a software agent. They intercept requests from users to cloud providers and, by doing so, are able to both monitor activity and enforce policy. - Correct Answers: Which one of the following statements about inline CASB is incorrect?

A. Inline CASB solutions often use software agents on endpoints. B. Inline CASB solutions intercept requests from users to cloud providers. C. Inline CASB solutions can monitor activity but cannot actively enforce policy. D. Inline CASB solutions may require network reconfiguration. D. Pacu Pacu is an AWS-specific exploitation framework. It is particularly well suited to identifying the permissions available to an account during a penetration test. ScoutSuite, Inspector, and Prowler are all assessment tools that would not directly provide the information that Gina seeks. - Correct Answers: Gina gained access to a client's AWS account during a penetration test. She would like to determine what level of access she has to the account. Which one of the following tools would best meet her need? A. ScoutSuite B. Inspector C. Prowler D. Pacu