Ch.15

Question 1

The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

Question 1 options:

threat mitigation

threat profiling

risk modeling

threat modeling

Answer 1

threat modeling

Question 2

What is the name of the process that takes a snapshot of the current security of an organization?

Question 2 options:

threat analysis

vulnerability appraisal

risk assessment

threat assessment

Answer 2

vulnerability appraisal

Question 3

Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?

Question 3 options:

profile

threat

control

baseline

Answer 3

baseline

Question 4

The comparison of the present state of a system to its baseline is known as what?

Question 4 options:

Baseline reporting

Compliance reporting

Baseline assessment

Compliance review

Answer 4

Baseline reporting

Question 5

In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?

Question 5 options:

black box

code review

white box

scanner

Answer 5

code review

Question 6

What is the name for the code that can be executed by unauthorized users within a software product?

Question 6 options:

vulnerability surface

risk profile

input surface

attack surface

Answer 6

attack surface

Question 7

During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

Question 7 options:

threat scanner

vulnerability profiler

port scanner

application profiler

Answer 7

port scanner

Question 8

A port in what state below implies that an application or service assigned to that port is listening for any instructions?

Question 8 options:

open port

empty port

closed port

interruptible system

Answer 8

open port

Question 9

An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

Question 9 options:

open port

open address

closed address

closed port

Answer 9

closed port

Question 10

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

Question 10 options:

application analyzer

protocol analyzer

threat profiler

system analyzer

Answer 10

protocol analyzer

Question 11

Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

Question 11 options:

port scanner

write blocker

honeypot

honeycomb

Answer 11

honeypot

Question 12

What is the term for a network set up with intentional vulnerabilities?

Question 12 options:

honeynet

honeypot

honeycomb

honey hole

Answer 12

honeynet

Question 13

What is another term used for a security weakness?

Question 13 options:

threat

vulnerability

risk

opportunity

Answer 13

vulnerability

Question 14

Which scan examines the current security, in a passive method?

Question 14 options:

application scan

system scan

threat scan

vulnerability scan

Answer 14

vulnerability scan

Question 15

What is the end result of a penetration test?

Question 15 options:

penetration test profile

penetration test report

penetration test system

penetration test view

Answer 15

penetration test report

Question 16

Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?

Question 16 options:

white box

black box

replay

system

Answer 16

white box

Question 17

A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:

Question 17 options:

Blanket Purchase Agreement (BPA)

​Service Level Agreement (SLA)

​Memorandum of Understanding (MOU)

​Interconnection Security Agreement (ISA)

Answer 17

​Service Level Agreement (SLA)

Question 18

What term below describes a prearranged purchase or sale agreement between a government agency and a business?

Question 18 options:

​Service Level Agreement (SLA)

​Memorandum of Understanding (MOU)

​Blanket Purchase Agreement (BPA)

​Interconnection Security Agreement (ISA)

Answer 18

​Blanket Purchase Agreement (BPA)

Question 19

What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?​

Question 19 options:

​Confidentiality

​Integrity

​Availability

​Safety

Answer 19

​Integrity

Question 20

What term below describes the start-up relationship between partners?​

Question 20 options:

​Off-boarding

​Uptaking

​On-boarding

​Uploading

Answer 20

​On-boarding