7.2.3 Practice Questions Flashcards
Question 1.
Which of the following are key purposes of running a credentialed scan in a vulnerability assessment? (Select two.)
Correct Answer:
Compromised user account
Correct Answer:
Testing routines
Question 2.
You are a cybersecurity analyst at a large corporation. Your team has been tasked with conducting a vulnerability assessment of the company’s internal network. You have been given the option to perform either a credentialed or non-credentialed scan.
Which of the following factors would most strongly suggest that a credentialed scan is the appropriate choice for this situation?
Correct Answer:
The company has recently implemented a new security policy that restricts the use of administrative privileges.
Question 3.
An application security analyst at a software company is assessing a new software application before releasing it to customers. Before deciding on the BEST approach for the assessment, the analyst recalls that there are different methods of analysis to evaluate the software’s security posture.
The analyst wants to assess the software’s running state to identify potential vulnerabilities during its execution.
Considering the preference to evaluate the software in its running state and identifying vulnerabilities during execution, which type of examination should the analyst primarily rely on?
Correct Answer:
Dynamic analysis
Question 4.
Which of the following are key areas of focus for a non-credentialed scan in a vulnerability assessment? (Select two.)
Correct Answer:
External network perimeter
Correct Answer:
Unprivileged user access
Question 5.
You are a cybersecurity analyst at a financial institution. Your team has been tasked with conducting a vulnerability assessment of the company’s external network perimeter.
You have been given the option to perform either a credentialed or non-credentialed scan.
Which of the following factors would MOST strongly suggest that a non-credentialed scan is the appropriate choice for this situation?
Correct Answer:
The company’s network has recently been targeted by a series of external cyber attacks.
Question 6.
As a cybersecurity analyst, you are tasked with identifying known vulnerabilities in the third-party software packages, libraries, and dependencies used within your organization.
Which of the following would be the MOST effective tool for accomplishing this task?
Correct Answer:
National Vulnerability Database (NVD)
Question 7.
You are a cybersecurity analyst at a large organization. You’ve noticed that several third-party software packages used within your organization have not been updated in a while.
What is the MOST appropriate action to take?
Correct Answer:
Inform your manager about the issue and suggest implementing automated package monitoring.
Question 8.
As a cybersecurity analyst, you are tasked with improving the security of your organization’s software applications. One of your responsibilities is to ensure that all third-party software packages, libraries, and dependencies used within your organization are up-to-date and free from known vulnerabilities.
Which of the following would be the MOST effective tool for accomplishing this task?
Correct Answer:
Software Bill of Materials (SBOM)
Question 9.
Which of the following statements about network vulnerability scanners is true?
Correct Answer:
Network vulnerability scanners can test common operating systems, desktop applications, and server applications.
Question 10.
Which of the following statements about vulnerability scanning is true?
Correct Answer:
Package monitoring is a critical capability in application vulnerability assessment practices as it tracks and assesses the security of third-party software packages, libraries, and dependencies.
