7.2.5 Practice Questions Flashcards
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses?
answer
The remediation phase
The risk assessment phase
The verification phase
The monitoring phase
The remediation phase
Explanation
The remediation phase is for implementing the needed patching, hardening, and correction of weaknesses.
The risk assessment phase is for evaluating the found vulnerabilities for threat level.
The verification phase is for retesting the system to verify that your patching and hardening was effective.
The monitoring phase is when continuous system monitoring is effective.
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization’s systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in?
answer
Verification
Remediation
Create a baseline
Risk assessment
Risk assessment
Explanation
Risk assessment is the phase of evaluating the found vulnerabilities for threat level. You will need to create reports that clearly identify the problem areas to present to management. Then produce a plan of action to control the weaknesses, protect the information, and harden the systems.
Verification is the phase of retesting the system to verify that your patching and hardening was effective.
Remediation is the phase of implementing the necessary patching, hardening, and correction of weaknesses.
Create a baseline is the phase of defining the effectiveness of the current security policies and procedures.
Listen to exam instructions
Which of the following best describes the verification phase of the vulnerability management life cycle?
answer
Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing.
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas.
Communicate clearly to management what your findings and recommendations are for locking down the systems and patching problems.
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do?
answer
Decide the best times to test to limit the risk of having shutdowns during peak business hours.
Define the effectiveness of the current security policies and procedures.
Create reports that clearly identify the problem areas to present to management.
Choose the best security assessment tools for the systems you choose to test.
Define the effectiveness of the current security policies and procedures.
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand?
answer
Hackers have time on their side, and there will always be new threats to security.
The risks associated with enforcing security procedures and what threats may have been overlooked.
They need a plan of action to control weaknesses and harden systems.
How to define the effectiveness of the current security policies and procedures.
Hackers have time on their side, and there will always be new threats to security.
Listen to exam instructions
Which of the following solutions creates the risk that a hacker might gain access to the system?
answer
Inference-based
Product-based
Tree-based
Service-based
Service-based
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern?
answer
Tree-based
Service-based
Inference-based
Product-based
Inference-based
Listen to exam instructions
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing?
answer
Penetration
Baseline
Patch level
Stress
Penetration