Review 7 Flashcards
Which resource for ethical hackers combines the diverse ideas and perspectives from professionals, academics, and government sources to create a unified standard for cybersecurity?
Question options:
CAPEC
NVD
CVE
CWE
CWE
Which vulnerability assessment tool is meant for smaller organizations and offers comprehensive scanning?
Question options:
Nessus
Nikto
Qualsys
OpenVAS
Nessus
_____________ should be implemented in every organization to identify, evaluate, and control risks and vulnerabilities.
Question options:
Risk management
Vulnerability assessment
Active assessment
Vulnerability management
Vulnerability management
What is the first step in the Vulnerability Management Life Cycle?
Question options:
Risk assessment
Monitoring
Baseline creation
Vulnerability assessment
Baseline creation
Which type of assessment focuses on all types of user risks, including:
Malicious users
Uneducated users
Vendors
Administrators
Databases
Firewalls
Files
Web servers
Configuration errors
Question options:
Active
External
Host-Based
Internal
Host-Based
In which step of the Vulnerability Management Life Cycle do you recommend ongoing monitoring and routine penetration testing to be proactive in protecting the organization and its customers or clients?
Question options:
Monitoring
Remediation
Risk assessment
Vulnerability assessment
Monitoring
Which type of vulnerability assessment scan can simulate an attack to test for vulnerabilities and can repair weak points in the system?
Question options:
Passive Scan
External Scan
Internal Scan
Active Scan
Active Scan
Which resource for ethical hackers has a list of standard identifiers, and can be used as a baseline for evaluation.
Question options:
NVD
CWE
CVE
CAPEC
CVE
Which type of assessment may include:
*Inspecting physical security
*Checking open ports on network devices and router configurations
*Scanning for Trojans, spyware, viruses, and malware
*Evaluating remote management processes
*Determining flaws and patches on the internal network systems, devices, and servers
Question options:
Host-Based
External
Passive
Internal
Internal
Which mobile device assessment tool identifies outdated versions of Apple IOS?
Question options:
Nessus
SecurityMetrics Mobile
Retina CS for Mobile
Network Scanner
Nessus
Which resource for ethical hackers contains a dictionary of attack patterns?
Question options:
NVD
CVE
CWE
CAPEC
CAPEC
Which open-source vulnerability assessment tool has over 50,000 tests available?
Question options:
Qualsys
OpenVAS
Nessus
Nikto
OpenVAS
Which type of vulnerability assessment scan tries to find vulnerabilities without directly interacting with the target network?
Question options:
External Scan
Passive Scan
Internal Scan
Active Scan
Passive Scan
In which step of the Vulnerability Management Life Cycle does penetration testing begin?
Question options:
Risk assessment
Baseline creation
Vulnerability assessment
Monitoring
Vulnerability assessment
Which of the following is an “operating system flaw”?
Question options:
Trojan horse
Out of date software
Broken authentication
Cross-site scripting
Trojan horse
