FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 15: Vulnerability Assessment and Third Party Integration

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

Match the following terms to the appropriate definitions. -A comparison of the present state of a system to its baseline.​

A) asset
B) cyberterrorism
C) hactivist
D) exploit kit
E) computer spy
F) risk
G) threat
H) threat agent
I) vulnerability
J) threat vector

K) C) and F)
L) A) and H)

Correct Answer

verified

Show Answer

Question 2

Essay

Review LaterAdd Note

Review Later

Describe the purpose of a honeypot.

Correct Answer

verified

A honeypot can also direct an attacker's attention away from legitimate servers. A honeypot encourages attackers to spend their time and energy on the decoy server while distracting their attention from the data on the real server.

Question 3

Short Answer

Review LaterAdd Note

Most vulnerability scanners maintain a(n) ____________________ that categorizes and describes the vulnerabilities that it can detect.

List four things that a vulnerability scanner can do.

A healthy security posture results from a sound and workable strategy toward managing risks.

Discuss the purpose of OVAL.

A(n) ____________________ box test is one in which some limited information has been provided to the tester.

Match the following terms to the appropriate definitions. -​In software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development.

The first step in a vulnerability assessment is to determine the assets that need to be protected.

List and describe the three categories that TCP/IP divides port numbers into.

When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.

A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software.

What is the name of the process that takes a snapshot of the current security of an organization?

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

Discuss one type of asset that an organization might have.

Match the following terms to the appropriate definitions. -In software development, presenting the code to multiple reviewers in order to reach agreement about its security.​

Match the following terms to the appropriate definitions. -​A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques.

What is the end result of a penetration test?

​What term below describes a prearranged purchase or sale agreement between a government agency and a business?

If TCP port 20 is open, then an attacker can assume that FTP is being used.