Chapter 13 Flashcards
At what point in a vulnerability assessment would an attack tree be utilized?
Vulnerability appraisal
Risk assessment
Risk mitigation
Threat evaluation
Threat evaluation
Which of the following is NOT true about privacy?
Today, individuals can achieve any level of privacy that is desired.
Privacy is difficult due to the volume of data silently accumulated by technology.
Privacy is freedom from attention, observation, or interference based on your decision.
Privacy is the right to be left alone to the degree that you choose.
Today, individuals can achieve any level of privacy that is desired.
Which of the following is NOT a risk associated with the use of private data?
Individual inconveniences and identity theft
Associations with groups
Statistical inferences
Devices being infected with malware
Devices being infected with malware
Which of the following is NOT an issue raised regarding how private data is gathered and used?
The data is gathered and kept in secret.
By law, all encrypted data must contain a “backdoor” entry point.
Informed consent is usually missing or is misunderstood.
The accuracy of the data cannot be verified.
By law, all encrypted data must contain a “backdoor” entry point.
Which of the following is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm?
Vulnerability assessment
Penetration test
Vulnerability scan
Risk appraisal
Vulnerability assessment
Which of these should NOT be classified as an asset?
Business partners
Buildings
Employee databases
Accounts payable
Accounts payable
Which of the following command-line tools tests a connection between two network devices?
Netstat
Ping
Nslookup
Ifconfig
Ping
Which statement regarding vulnerability appraisal is NOT true?
Vulnerability appraisal is always the easiest and quickest step.
Every asset must be viewed in light of each threat.
Each threat could reveal multiple vulnerabilities.
Each vulnerability should be cataloged.
Vulnerability appraisal is always the easiest and quickest step.
Which of the following constructs scenarios of the types of threats that assets can face to learn who the attackers are, why they attack, and what types of attacks may occur?
Vulnerability prototyping
Risk assessment
Attack assessment
Threat modeling
Threat modeling
Which of the following tools is a Linux command-line protocol analyzer?
Wireshark
Tcpdump
IP
Arp
Tcpdump
Which of the following is a command-line alternative to Nmap?
Netcat
Statnet
Mapper
Netstat
Netcat
Which of these is NOT a state of a port that can be returned by a port scanner?
Open
Busy
Blocked
Closed
Busy
Which of the following data sensitivity labels is the highest level of data sensitivity?
Ultra
Confidential
Private
Secret
Confidential
Which of the following data sensitivity labels has the lowest level of data sensitivity?
Unrestricted
Public
Free
Open
Public
Which of the following is NOT a function of a vulnerability scanner?
Detects which ports are served and which ports are browsed for each individual system
Alerts users when a new patch cannot be found
Maintains a log of all interactive network sessions
Detects when an application is compromised
Alerts users when a new patch cannot be found
