Mitigating Vulnerabilities

Question 1

Vulnerabilities must be prioritized and remediated

Answer 1

Remediation and Mitigation

Question 2

Remediation

Answer 2

Remediation

Question 3

There is no countermeasure put into place because the level of risk is low enough
or the risk doesn’t justify the cost to mitigate the associated risk

Answer 3

Risk Acceptance

Question 4

Settings for services and policy configuration for a server operating in a particular
application role

Answer 4

Configuration Baselines

Question 5

A not-for-profit organization that publishes the well-known “Top 20 Critical
Security Controls”

Answer 5

Center for Internet Security (CIS)

Question 6

A type of security control that acts as a substitute for a principal control

Answer 6

Compensating Control

Question 7

System Hardening

Answer 7

System Hardening

Question 8

Identifying, testing, and deploying OS and application updates

Answer 8

Patch Management

Question 9

Legacy System

Answer 9

Legacy System

Question 10

A system owned by its developer or vendor where lack of vendor support may be
an inhibitor to remediation

Answer 10

Proprietary System

Question 11

A system by which an organization makes and implements decisions in pursuit if
its objectives

Answer 11

Organizational Governance

Question 12

A period of time when an organization’s way of doing operations is interrupted

Answer 12

Business Process Interruption

Question 13

A period of time when an organization’s systems are not performing at peak
functionality, which could lead to business process interruption

Answer 13

Degrading Functionality

Question 14

Usually a preliminary or exploratory agreement to express an intent to work
together that is not legally binding and does not involve the exchange of money

Answer 14

Memorandum of Understanding (MOU)

Question 15

A contractual agreement setting out the detailed terms under which an ongoing
service is provided

Answer 15

Service Level Agreement (SLA)