Security+ Ch4 – Flashcards
Unlock all answers in this set
Unlock answersquestion
A ________ is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm.
answer
Vulnerability Assessment
question
Each of the following can be classified as an asset except ________.
answer
Accounts Payable Note: Assets include People (Employees, Business Partners), Buildings, and Data (databases)
question
Each of the following is a step in risk management except ________.
answer
Attack Assessment
question
Which of the following is true regarding vulnerability appraisal? p28
answer
Every asset must be viewed in light of each threat.
question
A Threat agent ________.
answer
Is a person or entity with the power to carry out a threat against an asset.
question
________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur.
answer
Threat Modeling
question
What is a current snapshot of the security of an organization?
answer
Vulnerability Appraisal
question
The ________ is the proportion of an asset's value that is likely to be destroyed by a particular risk.
answer
Exposure Factor (EF)
question
Which of the following is NOT an option for dealing with risk.
answer
Eliminate the risk
question
________ is a comparison of the present security state of a system compared to a standard established by the organization.
answer
Baseline Reporting
question
Each of the following is a state of a port that can be returned by a port scanner except ________.
answer
Busy
question
Each of the following is true regarding TCP SYN port scanning except _________.
answer
It uses FIN messages that can pass through firewalls and avoid detection.
question
The protocol File Transfer Protocol (FTP) uses which two ports?
answer
20 (data) and 21 (control)
question
A protocol analyzer places the computer's network interface card (NIC) adapter into ________ mode.
answer
Promiscuous
question
Each of the following is a function of a vulnerability scanner except ________.
answer
Alert users when a new patch cannot be found
question
Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
answer
It attempts to standardize vulnerability assessments.
question
Which of the following is NOT true regarding a honeypot? p139
answer
* It cannot be part of a Honeynet. * It contains real data files because attackers can easily identify fake files.
question
Which of the following is true of vulnerability scanning?
answer
It uses automated software to scan for vulnerabilities
question
If a tester is given the IP addresses, network diagrams, and source code of customer applications, then she is using which technique?
answer
White Box
question
If a software applications aborts and leaves the program open, which control structure is it using?
answer
Fail Open
question
What are the five parts of Vulnerability Assessment.
answer
Asset Identification Threat Evaluation Vulnerability Appraisal Risk Assessment Risk Mitigation
question
Attack Tree
answer
visual image of the attacks that may occur.
question
Threat Modeling
answer
Understand who the attackers are and why they attack, and what types of attacks they may use.