Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CompTIA Cybersecurity Analyst (CySA+) - Module 2- Vulnerability Management complete questions and answers
Typology: Exams
1 / 19
All parts of a security policy should be public knowledge. True False - answer is False What reasons might a company forgo scanning a critical system? Too much time Confidentiality Backups already exist Costs too much - answer is Too much time & Costs too much What is the factor that determines scanning frequency characterized by an accepted amount of risk? Technical Constraints Risk Acceptance Risk Appetite Regulatory Requirements - answer is Risk Appetite
An assessment scan is used to discover assets. True False - answer is False What type of test gives the best perspective of an outsider threat? Non-Credentialed Scan Passive Scan Agent-Based Scan Credentialed Scan - answer is Non-Credentialed Scan What should be considered when prioritizing vulnerabilities to be fixed? Where it is How critical it is Time to fix Which scanner was used - answer is How critical it is & Time to fix What is a factor considered when categorizing a change to a system? Scope Size
Sensitivity Level Risk - answer is Risk What could inhibit a change from being implemented? Cost Complexity Approval All of the Above - answer is All of the Above An Agent-Based Scan has a lesser impact on a network vs Sever-based. True False - answer is True Which scan effects network traffic the least? Non-Credentialed Scan Agent-Based Scan Passive Scan Server-Based Scan - answer is Passive Scan Which one of these is legally binding?
MTTR - answer is SLA What determines when a companies security capabilities should grow. Workflow Regulatory Requirements Technical Constraints Risk Appetite - answer is Workflow Which type of scan uses a copy of the network traffic to find vulnerabilities? Agent-Based Scan Non-Credentialed Scan Passive Scan Server-Based Scan - answer is Passive Scan The results of vulnerability scans should be shared with the entire company in order to fix vulnerabilities. True False - answer is True
What is it called when a scan misses an existing vulnerability? False Reporting True Negative False Negative False Positive - answer is False Negative Which has a higher chance of being compromised? Agent-Based Scan SCAP Passive Scan Server-Based Scan - answer is Agent-Based Scan Which type of scan is most likely to cause major disruption in everyday operations? Agent-Based Scan Non-Credentialed Scan Server-Based Scan Credentialed Scan - answer is Credentialed Scan What factors help determine the potential frequency of scanning? Technical Constraints
Vulnerability Feed Workflow Scope - answer is Technical Constraints & Workflow After a successful scan it is best to continue running them over time. True False - answer is True When running a vulnerability scan what determines the number of systems are part of it? Sensitivity Level Technical Constraints Scope SCAP - answer is Scope What is making sure that a vulnerability scanner is kept up-to-date? Regulatory Requirements Vulnerability Feed SCAP Change Control - answer is Vulnerability Feed A security policy stays relatively static throughout a companies history.
True False - answer is False What is a projected acceptable amount of downtime that is allowed that can determine if a change can be implemented? Regulatory Requirements MTTR Risk Appetite Availability - answer is Availability What allows scanners to determine if a system meets a configuration baseline if that scanner is compatible? SCAP SLA Sandboxing CVSS - answer is SCAP What uses a list of known weaknesses to determine if a system meets certain baseline? CVSS CWE SJW
CVE - answer is CWE & CVE Having multiple scanners does not decrease the likelihood of false negatives. True False - answer is False What determines how far a vulnerability scan will examine? Vulnerability Feed Sensitivity Level Scope Depth - answer is Sensitivity Level Regulatory requirements could prevent a company from increasing it's risk appetite. True False - answer is True Which scan gives the most information about a system? Passive Scan Non-Credentialed Scan Credentialed Scan
Server-Based Scan - answer is Credentialed Scan What determines how frequently a certain type of scan will run? Sensitivity Level Time Management Vulnerability Feed Scope - answer is Scope A companies security policy doesn't need to change for different countries if it is compliant within it's own. True False - answer is False What is the average amount of time that it takes to correct an issue? Availability MOU MTTR Downtime Management - answer is MTTR What type of scan gives the best perspective of a potential insider threat? Credentialed Scan
Passive Scan Agent-Based Scan Non-Credentialed Scan - answer is Credentialed Scan Sandboxing should never be used without also having a formal change management process. True False - answer is False Which type of scan does not require an active connection to the network? Credentialed Scan Agent-Based Scan Server-Based Scan Non-Credentialed Scan - answer is Agent-Based Scan What allows for easy categorization of vulnerabilities by assigning them a value based on certain characteristics? CVSS CWE CVE SCA - answer is CVSS Which of these outlines an agreement between two parties outlining their services?
Corporate Policy MOU SLA - answer is MOU & SLA A proactive change is one that occurs before and incident can occur True False - answer is True Which factor determines scanning frequency when dealing with the complexity of a system? Workflow Technical Constraints Risk Appetite Regulatory Requirements - answer is Technical Constraints Which type of scan causes its own potential security concern by supplying full admin rights to someone else? Non-Credentialed Scan Server-Based Scan Credentialed Scan Agent-Based Scan - answer is Credentialed Scan
A Non-Credentialed Scan is much less stable and more likely to cause a system crash. 1 - answer is 1 (?) What are some things that may inhibit remediation? Scanning Frequency Unstructured Data Lack of Approval Sandboxing - answer is Scanning Frequency & Lack of Approval What are some reasons a vulnerability that is simple to fix would be addressed before a more critical one? Time Money Complexity All of the Above - answer is All of the Above A Server-Based scanner is centered around a software installed on the host. True False - answer is False
Running an untuned vulnerability scanner may cause an increased amount of false positives. True False - answer is True Unpatchable systems should be identified by vulnerability scanners and exceptions should be made when scanning them. True False - answer is True Which of the following scans will attempt to compare a system's configurations against a best practice framework? Framework scan Vulnerability Scan Compliance Scan Best Practice Scan - answer is Compliance Scan When attempting to scan a Windows system a commonly known vulnerability is discovered for a Linux system. This is known as a what? False Positive True Positive False Negative
True Negative - answer is False Positive Vulnerability scans should be continuously run until no more vulnerabilities exist no matter what. True False - answer is False Vulnerability scans should be treated as though they are 100% accurate initially and every result should be investigated. True False - answer is True Which of the following examples should an analyst measure while analyzing trends in order to determine the security posture of a host? What percentage of compliance targets are being met How many vulnerabilities are discovered How many compliance goals are being met compared to last week How many invalid login attempts are recorded - answer is How many compliance goals are being met compared to last week Which of the following scenarios should be marked as an exception in a vulnerability scanner?
A host that is unable to have an internet connection A host that cannot utilize a desired software A host only temporarily connected to the network A host with unpatchable software - answer is A host with unpatchable software An admin is continuously finding false positives on a host. Upon looking further it is discovered that a known issue that cannot be fixed is creating these false positives. Which of the following should the admin create to remedy the situation? A log A report A patch An exception - answer is An exception When implementing remedies to vulnerabilities discovered on a system patches should be applied on a first come first served basis. True False - answer is False In all situations all configurations of a host should match that host's framework in order to insure system compliance. True False - answer is False
Which of the following are the most likely target of an attacker? Endpoints Network Appliances Servers Mobile Devices - answer is Servers What form of attack can cause the most damage to a server by exposing it to misuse from a legitimate user? An Internal attack A DDoS attack a MitM attack An external attack - answer is An Internal attack Mobile phones should be treated as though they are malicious when entering the work network until proven otherwise. True False - answer is True Your boss wants to implement a solution to manage mobile devices and control how they may interact with a network. What is this called? DoS
SCADA - answer is MDM An attacker may compromise the corporate network by first compromising the network of a business partner. True False - answer is True When implementing a VPN solution which of the following security controls should be utilized in order to guarantee a secure connection from a legitimate device? Choose all that apply. Agent-based authentication Multi-factor Authentication MAC filtering Health scans - answer is Agent-based authentication & Health scans A SCADA system is unable to be protected like a regular computer network. True False - answer is False
When assigning tasks to different teams your boss decides to have one team manage the physical infrastructure and another manage the virtual infrastructure. This is known as ______. Best practice Mandatory Access Control Job Isolation Separation of duties - answer is Separation of duties In order to prevent the risk of one virtual machine compromising another they should be placed on the same host so that logical controls may separate them. True False - answer is False SCADA systems have built in security measures that should be untrusted as they may interfere with other security controls on the network. True False - answer is False Which of the following can be utilized to prevent access to an industrial controls system over the network? IDS SCADA
Firewall SCADA-based IPS - answer is Firewall SCADA and ICS tend to require older versions of operating systems and should never be connected to the network as a result. True False - answer is False Since VPN connections cannot completely confirm which devices are connecting at the other end of the connection so multi-factor authentication should be utilized to further confirm which host is connecting. True False - answer is True