Vulnerability Assessment Process Quiz

20 Questions | Total Attempts: 486

SettingsSettingsSettings
Vulnerability Assessment Process Quiz - Quiz

.


Questions and Answers
  • 1. 
     If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.
    • A. 

      True

    • B. 

      False

  • 2. 
    An effective security program demands comprehensive and continuous understanding of program and system configuration.
    • A. 

      True

    • B. 

      False

  • 3. 
    Over time, external monitoring processes should capture information about the external environment in a format that can be referenced both across the organization as threats emerge and for historical use.
    • A. 

      True

    • B. 

      False

  • 4. 
    The value of internal monitoring is low when the resulting knowledge of the network and systems configuration is fed into the vulnerability assessment and remediation maintenance domain.
    • A. 

      True

    • B. 

      False

  • 5. 
     Policy needs to be reviewed and refreshed from time to time to ensure that it’s sound.
    • A. 

      True

    • B. 

      False

  • 6. 
     ____ are a component of the security triple.
    • A. 

      Threats

    • B. 

      Assets

    • C. 

      Vulnerabilities

    • D. 

      All of the above

  • 7. 
    When the memory usage associated with a particular CPU-based system averages ____% or more over prolonged periods, consider adding more memory.
    • A. 

      30

    • B. 

      60

    • C. 

      90

    • D. 

      100

  • 8. 
    A(n) ____ item is a hardware or software item that is to be modified and revised throughout its life cycle.
    • A. 

      Revision

    • B. 

      Update

    • C. 

      Change

    • D. 

      Configuration

  • 9. 
     A ____ is the recorded state of a particular revision of a software or hardware configuration item.
    • A. 

      State

    • B. 

      Version

    • C. 

      Configuration

    • D. 

      Baseline

  • 10. 
    The ____ is a center of Internet security expertise and is located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University.
    • A. 

      Bug/CERT

    • B. 

      Bugtraq/CERT

    • C. 

      CC/CERT

    • D. 

      CERT/CC

  • 11. 
    The ____ commercial site focuses on current security tool resources.
    • A. 

      Nmap-hackers

    • B. 

      Packet Storm

    • C. 

      Security Laser

    • D. 

      Snort-sigs

  • 12. 
    The ____ mailing list includes announcements and discussion of an open-source IDPS.
    • A. 

      Nmap-hackers

    • B. 

      Packet Storm

    • C. 

      Security Focus

    • D. 

      Snort-sigs

  • 13. 
    The optimum approach for escalation is based on a thorough integration of the monitoring process into the ____.
    • A. 

      IDE

    • B. 

      CERT

    • C. 

      ERP

    • D. 

      IRP

  • 14. 
    Detailed ____ on the highest risk warnings can include identifying which vendor updates apply to which vulnerabilities as well as which types of defenses have been found to work against the specific vulnerabilities reported.
    • A. 

      Escalation

    • B. 

      Intelligence

    • C. 

      Monitoring

    • D. 

      Elimination

  • 15. 
    One approach that can improve the situational awareness of the information security function uses a process known as ____ to quickly identify changes to the internal environment.
    • A. 

      Baseline

    • B. 

      Difference analysis

    • C. 

      Differential

    • D. 

      Revision

  • 16. 
    ____ is used to respond to network change requests and network architectural design proposals.
    • A. 

      Network connectivity RA

    • B. 

      Dialed modem RA

    • C. 

      Application RA

    • D. 

      Vulnerability RA

  • 17. 
    There are ____ common vulnerability assessment processes.
    • A. 

      2

    • B. 

      3

    • C. 

      4

    • D. 

      5

  • 18. 
    The ____ vulnerability assessment process is designed to find and document selected vulnerabilities that are likely to be present on the internal network of the organization.
    • A. 

      Intranet

    • B. 

      Internet

    • C. 

      LAN

    • D. 

      WAN

  • 19. 
    The ____ process is designed to find and document the vulnerabilities that may be present because there are misconfigured systems in use within the organization.
    • A. 

      ASP

    • B. 

      ISP

    • C. 

      SVP

    • D. 

      PSV

  • 20. 
    The ____ vulnerability assessment process is designed to find and document any vulnerability that is present on dial-up modems connected to the organization’s networks.
    • A. 

      Modem

    • B. 

      Phone

    • C. 

      Dial-up

    • D. 

      Network