Mitigating Vulnerabilities Flashcards

1
Q

Vulnerabilities must be prioritized and remediated

A

Remediation and Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Remediation

A

Remediation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

There is no countermeasure put into place because the level of risk is low enough
or the risk doesn’t justify the cost to mitigate the associated risk

A

Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Settings for services and policy configuration for a server operating in a particular
application role

A

Configuration Baselines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A not-for-profit organization that publishes the well-known “Top 20 Critical
Security Controls”

A

Center for Internet Security (CIS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A type of security control that acts as a substitute for a principal control

A

Compensating Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

System Hardening

A

System Hardening

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Identifying, testing, and deploying OS and application updates

A

Patch Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Legacy System

A

Legacy System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A system owned by its developer or vendor where lack of vendor support may be
an inhibitor to remediation

A

Proprietary System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A system by which an organization makes and implements decisions in pursuit if
its objectives

A

Organizational Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A period of time when an organization’s way of doing operations is interrupted

A

Business Process Interruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A period of time when an organization’s systems are not performing at peak
functionality, which could lead to business process interruption

A

Degrading Functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Usually a preliminary or exploratory agreement to express an intent to work
together that is not legally binding and does not involve the exchange of money

A

Memorandum of Understanding (MOU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A contractual agreement setting out the detailed terms under which an ongoing
service is provided

A

Service Level Agreement (SLA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly