Download CompTIA Cybersecurity Analyst (CySA+) - Module 2: Vulnerability Management and more Exams Computer Science in PDF only on Docsity!
CompTIA Cybersecurity Analyst (CySA+) -
Module 2: Vulnerability Management
All parts of a security policy should be public knowledge. True False - False What reasons might a company forgo scanning a critical system? Too much time Confidentiality Backups already exist Costs too much - Too much time & Costs too much What is the factor that determines scanning frequency characterized by an accepted amount of risk? Technical Constraints Risk Acceptance Risk Appetite Regulatory Requirements - Risk Appetite An assessment scan is used to discover assets. True False - False What type of test gives the best perspective of an outsider threat? Non-Credentialed Scan Passive Scan Agent-Based Scan Credentialed Scan - Non-Credentialed Scan What should be considered when prioritizing vulnerabilities to be fixed? Where it is How critical it is Time to fix Which scanner was used - How critical it is & Time to fix What is a factor considered when categorizing a change to a system?
Scope Size Sensitivity Level Risk - Risk What could inhibit a change from being implemented? Cost Complexity Approval All of the Above - All of the Above An Agent-Based Scan has a lesser impact on a network vs Sever-based. True False - True Which scan effects network traffic the least? Non-Credentialed Scan Agent-Based Scan Passive Scan Server-Based Scan - Passive Scan Which one of these is legally binding? MOU SLA ATWA MTTR - SLA What determines when a companies security capabilities should grow. Workflow Regulatory Requirements Technical Constraints Risk Appetite - Workflow Which type of scan uses a copy of the network traffic to find vulnerabilities? Agent-Based Scan Non-Credentialed Scan Passive Scan Server-Based Scan - Passive Scan
What is making sure that a vulnerability scanner is kept up-to-date? Regulatory Requirements Vulnerability Feed SCAP Change Control - Vulnerability Feed A security policy stays relatively static throughout a companies history. True False - False What is a projected acceptable amount of downtime that is allowed that can determine if a change can be implemented? Regulatory Requirements MTTR Risk Appetite Availability - Availability What allows scanners to determine if a system meets a configuration baseline if that scanner is compatible? SCAP SLA Sandboxing CVSS - SCAP What uses a list of known weaknesses to determine if a system meets certain baseline? CVSS CWE SJW CVE - CWE & CVE Having multiple scanners does not decrease the likelihood of false negatives. True False - False What determines how far a vulnerability scan will examine? Vulnerability Feed Sensitivity Level Scope Depth - Sensitivity Level
Regulatory requirements could prevent a company from increasing it's risk appetite. True False - True Which scan gives the most information about a system? Passive Scan Non-Credentialed Scan Credentialed Scan Server-Based Scan - Credentialed Scan What determines how frequently a certain type of scan will run? Sensitivity Level Time Management Vulnerability Feed Scope - Scope A companies security policy doesn't need to change for different countries if it is compliant within it's own. True False - False What is the average amount of time that it takes to correct an issue? Availability MOU MTTR Downtime Management - MTTR What type of scan gives the best perspective of a potential insider threat? Credentialed Scan Passive Scan Agent-Based Scan Non-Credentialed Scan - Credentialed Scan Sandboxing should never be used without also having a formal change management process. True False - False
What are some things that may inhibit remediation? Scanning Frequency Unstructured Data Lack of Approval Sandboxing - Scanning Frequency & Lack of Approval What are some reasons a vulnerability that is simple to fix would be addressed before a more critical one? Time Money Complexity All of the Above - All of the Above A Server-Based scanner is centered around a software installed on the host. True False - False Running an untuned vulnerability scanner may cause an increased amount of false positives. True False - True Unpatchable systems should be identified by vulnerability scanners and exceptions should be made when scanning them. True False - True Which of the following scans will attempt to compare a system's configurations against a best practice framework? Framework scan Vulnerability Scan Compliance Scan Best Practice Scan - Compliance Scan When attempting to scan a Windows system a commonly known vulnerability is discovered for a Linux system. This is known as a what? False Positive True Positive
False Negative True Negative - False Positive Vulnerability scans should be continuously run until no more vulnerabilities exist no matter what. True False - False Vulnerability scans should be treated as though they are 100% accurate initially and every result should be investigated. True False - True Which of the following examples should an analyst measure while analyzing trends in order to determine the security posture of a host? What percentage of compliance targets are being met How many vulnerabilities are discovered How many compliance goals are being met compared to last week How many invalid login attempts are recorded - How many compliance goals are being met compared to last week Which of the following scenarios should be marked as an exception in a vulnerability scanner? A host that is unable to have an internet connection A host that cannot utilize a desired software A host only temporarily connected to the network A host with unpatchable software - A host with unpatchable software An admin is continuously finding false positives on a host. Upon looking further it is discovered that a known issue that cannot be fixed is creating these false positives. Which of the following should the admin create to remedy the situation? A log A report A patch An exception - An exception When implementing remedies to vulnerabilities discovered on a system patches should be applied on a first come first served basis. True False - False
Agent-based authentication Multi-factor Authentication MAC filtering Health scans - Agent-based authentication & Health scans A SCADA system is unable to be protected like a regular computer network. True False - False When assigning tasks to different teams your boss decides to have one team manage the physical infrastructure and another manage the virtual infrastructure. This is known as ______. Best practice Mandatory Access Control Job Isolation Separation of duties - Separation of duties In order to prevent the risk of one virtual machine compromising another they should be placed on the same host so that logical controls may separate them. True False - False SCADA systems have built in security measures that should be untrusted as they may interfere with other security controls on the network. True False - False Which of the following can be utilized to prevent access to an industrial controls system over the network? IDS SCADA Firewall SCADA-based IPS - Firewall SCADA and ICS tend to require older versions of operating systems and should never be connected to the network as a result. True False - False
Since VPN connections cannot completely confirm which devices are connecting at the other end of the connection so multi-factor authentication should be utilized to further confirm which host is connecting. True False - True
