









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A series of multiple-choice questions and answers related to vulnerability management. It covers various aspects of vulnerability assessment, including active and passive scanning, application-level assessment, design flaws, external assessment, misconfigurations, and the vulnerability management life cycle. Insights into different types of security assessments, vulnerability scanning techniques, and the importance of regular system patches and baseline creation.
Typology: Exams
1 / 15
This page cannot be seen from the preview
Don't miss anything!










Denning [Date] [Course title]
Charles, a security analyst, needs to check his network for vulnerabilities. He wants a scan that interacts with network nodes and repairs security issues found. Which kind of scanning BEST describes Charles' requirements? Active scanning Internal assessment Host-based assessment Passive scanning - Correct Answers: Active scanning An active scanner transmits packets to network nodes to determine exposed ports and independently repair security flaws. A company is considering the purchase of a new application. During the evaluation period, a security analyst wants to make sure that all areas of the app are secure, especially input controls. Which assessment BEST meets these requirements? Application-level assessment Passive assessment Host-based assessment Wireless network assessment - Correct Answers: Application-level assessment Application-level assessments allow you to scrutinize completed applications when the source code is unknown. Every application area can be examined for input controls and data processing. John's company just purchased a new application for which they do not have the source code. Which of the following BEST describes the type of assessment John should use on this application? Application-level assessment Host-based assessment Passive assessment Wireless network assessment - Correct Answers: Application-level assessment
A scan only checks for open ports on the external network. A scan has a time of day in which it is most productive. - Correct Answers: A scan can only obtain data for the period of time that it runs. Misconfigurations occur throughout a network. What is the primary cause of misconfigurations? Lack of quality control by developers Network appliance incompatibility Human error Poor default settings - Correct Answers: Human error Misconfigurations in any area of the network are caused by human error. It is the responsibility of the IT and security teams to properly configure all apps, software, and network appliances. The following command and output were performed against a new web server prior to deploying it to production. Which type of security process identifies security weaknesses in an organization's infrastructure that might result in the output below? Windows server enumeration Reconnaissance process Vulnerability assessment Physical security audit - Correct Answers: Vulnerability assessment A security analyst is concerned about flaws in the operating system being used within their company. What should their FIRST step be to remedy this? Checking ports and services regularly Regular system patches Logging and monitoring Error checking - Correct Answers: Regular system patches
Allen's company has raised concerns about network information that can be observed without a hacker being discovered. Which of the following BEST describes the type of assessment that could be used to operate in this manner? Buffer overflows Active Host-based Passive - Correct Answers: Passive A passive assessment is a non-invasive observation of remote network traffic. As a security analyst working for an accounting firm, you need to evaluate the current environment. Which of the following is the FIRST thing you should do? Define the effectiveness of the current security policies and procedures. Create reports that clearly identify problem areas to present to management. Implement remediation steps. Decide the best times to test in order to limit the risk of having shutdowns during peak business hours. - Correct Answers: Define the effectiveness of the current security policies and procedures. Creating a baseline is vital to managing vulnerabilities. What is the FIRST step in creating this baseline? Select a network monitoring solution Use a vulnerability scanner Conduct a pre-assessment Set goals - Correct Answers: Conduct a pre-assessment The first step in baseline creation is a pre-assessment. Start by looking at the current security policies' effectiveness. Establish risks by evaluating how the policies are enforced and which vulnerabilities might have been overlooked.
Risk assessment Verification - Correct Answers: Remediation Remediation refers to the steps that are taken regarding vulnerabilities, such as evaluating them, locating risks, and designing responses for those vulnerabilities. In this phase, you implement the controls and protections from your plan of action. Which vulnerability life cycle step is BEST described as the phase in which a security analyst determines whether all the previous phases are effectively employed? Post-assessment phase Verification Writing clear concise reports Goal setting - Correct Answers: Verification What is the FIRST step in vulnerability scanning penetration? Purchasing a product and administering it from inside the network. Itemize each open port and service in the network. Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is. Test each open port for known vulnerabilities. - Correct Answers: Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is. A company decides to purchase and administer tools on their own. Which type of assessment solution are they using? System-based assessment Service-based assessment Platform-based assessment Product-based assessment - Correct Answers: Product-based assessment
John's company needs a product to fix found network vulnerabilities. This product needs to run inside their firewall without help from an outside professional. Which of the following BEST describes this type of assessment solution? Tree-based assessment Service-based assessment Product-based assessment Inference-based assessment - Correct Answers: Product-based assessment Which of the following is the BEST reason to choose a serviced-based assessment solution? It provides a preset plan for testing and scanning. The product is administered from inside the network. You can test and discover information as you go and then adjust according. It provides a protection level that a professional provides through knowledge. - Correct Answers: It provides a protection level that a professional provides through knowledge. A service-based assessment provides professional analysis, assessment, remediation, verification, and continuous monitoring. Which of the following is a dictionary of known patterns of cyberattacks used by hackers? CVE CWE CISA CAPEC - Correct Answers: CAPEC (Common Attack Pattern Enumeration and Classification) is a dictionary of known patterns of cyberattacks used by hackers. How many numbering authorities comprise the CVE?
A vulnerability's unique characteristics Vulnerabilities that are present only in certain environments or implementations - Correct Answers: The CVSS base metric is a vulnerability's unique characteristics. The changeable attributes of a vulnerability defines the temporal metric. The CVSS environmental metric defines vulnerabilities that are present only in certain environments or implementations. Which government agency sponsors five valuable resources for security analysts? Federal Bureau of Investigation Department of Homeland Security Securities and Exchange Commission Department of Defense - Correct Answers: Department of Homeland Security Which site MOST often shows the newest vulnerabilities before other sources? CVSS Calculator Common Attack Pattern Enumeration & Classification Full Disclosure Common Vulnerabilities and Exposures - Correct Answers: Full Disclosure A mailing list that often has the newest vulnerabilities listed before they show up on government-sponsored resources is operated by whom? Nmap Government Resources scoring system CISA CVE - Correct Answers: Nmap
Full Disclosure is a mailing list resource from Nmap. Full Disclosure is a public forum for discussion of software vulnerabilities and attack techniques. John is a security analyst, and he needs the following information about a current exploit: -Fix information -Impact rating -Severity score What is his BEST resource? Common Attack Pattern Enumeration Classification Cybersecurity Infrastructure Security Agency National Vulnerability Database Common Weakness Enumeration - Correct Answers: National Vulnerability Database The National Vulnerability Database (NVD) list includes detailed information for each entry in the CVE list, such as impact rating, severity score, and fix information. Which resource can BEST be described as a site that combines diverse ideas and perspectives from professionals, academics, and government sources? Common Weakness Enumeration Japanese Vulnerability Notes National Vulnerability Database Common Attack Pattern Enumeration and Classification - Correct Answers: Common Weakness Enumeration (CWE) is a site that combines diverse ideas and perspectives from professionals, academics, and government sources to create a unified standard for cybersecurity. You have just installed Nessus for auditing a network segment. Which of the following Nessus scans would be BEST suited for an initial query of hosts on a network segment?
-Scan, prioritize, and fix smartphone vulnerabilities. -Analyze and report findings from a centralized data warehouse. Which of the following BEST describes scan information? Suggestions for remediation with links to patches. The name of the scanning tool, its version, and the network ports that have been scanned. The scan's origin and the scanner's vulnerability assessment. The target system's name and address. - Correct Answers: The name of the scanning tool, its version, and the network ports that have been scanned. You are looking for a vulnerability assessment tool that detects vulnerabilities on mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? Retina CS for Mobile SecurityMetrics Mobile Nessus Professional Network Scanner - Correct Answers: SecurityMetrics Mobile SecurityMetrics Mobile detects vulnerabilities on mobile devices. It can help you protect customers' data and avoid unwanted app privileges, mobile malware, device theft, connectivity issues, threats to device storage, and unauthorized account access. You can expect a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which web application scanner looks for common vulnerabilities, like cross-site scripting and SQL injections, and also scans for the OWASP Top 10? Qualys Nessus
Burp Suite OpenVAS - Correct Answers: Burp Suite Kjell wants a network scanning tool that gives remediation solutions to found vulnerabilities. He also wants to be able to create customized scan jobs that run during off hours and can scan multiple network technologies. Which application is BEST for him? Nessus OWASP ZAP Arachni Burp Suite - Correct Answers: Nessus A security analyst needs an infrastructure vulnerability scanner that's flexible enough for low- and high-level protocols, is updated daily with new vulnerabilities, and allows for performance tuning. The company is on a tight budget, so it needs to be open source. Which tool is the BEST option? OpenVAS Nessus Professional Burp Suite Qualys Vulnerability Management - Correct Answers: OpenVAS Which web application scanner uses an on-path (man-in-the-middle) proxy design? OWASP Top 10 OWASP ZAP Burp Suite Nikto - Correct Answers: OWASP ZAP Troy, a security analyst, needs a web application scanner that is extensible and that evaluates each web application individually. Which tool is BEST for his needs?