Security+ Chapters 15 quiz – Flashcards

At what point in a vulnerability assessment would an attack tree be utilized? a. vulnerability appraisal b. risk assessment c. risk mitigation d. threat evaluation

In the software development process, when should a design review be conducted? a. at the completion of the project b. at the same time as the code review c. as the functional and design specifications are being developed based on the requirements d. during verification

A(n) ___________ attempts to penetrate a system in order to perform a simulated attack. a. intrusive vulnerability scan b. vulnerability risk scan c. PACK scan d. master level scan

A(n) ___________ is an agreement between two parties that is not legally enforceable. a. Service Level Agreement (SLA) b. Blanket Purchase Agreement (BPA) c. Memorandum of Understanding (MOU) d. Interconnection Security Agreement (ISA)

A ___________ is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, and any other entity that could cause potential harm. a. penetration test b. vulnerability scan c. vulnerability assessment d. risk appraisal (RAP)

Each of these can be classified as an asset EXCEPT __________. a. business partners b. buildings c. employee databases d. accounts payable

Each of these is a step in risk management EXCEPT _________. a. attack assessment b. vulnerability appraisal c. threat evaluation d. risk mitigation

Which statement regarding vulnerability appraisal is NOT true? a. Vulnerability appraisal is always the easiest and quickest step b. Every asset must be viewed in light of each threat c. Each threat could reveal multiple vulnerabilities d. Each vulnerability should be cataloged.

__________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur. a. Vulnerability prototyping b. Risk assessment c. Attack assessment d. Threat modeling

What is a current snapshot of the security of an organization? a. vulnerability appraisal b. risk evaluation c. threat mitigation d. liability reporting

__________ is a comparison of the present security state of a system to a standard established by the organization. a. Risk mitigation b. Baseline reporting c. Comparative Resource Appraisal (CRA) d. Horizontal comparables

Which of these is NOT a state of a port that can be returned by a port scanner? a. open b. busy c. blocked d. closed

Which statement regarding TCP SYN port scanning is NOT true? a. It uses FIN messages that can pass through firewalls and avoid detection b. Instead of using the operating system's network functions, the port scanner generates IP packets itself and monitors for responses. c. The scanner host closes the connection before the handshake is completed. d. This scan type is also known as 'half-open scanning" because it never actually opens a full TCP connection.

The protocol File Transfer Protocol (FTP) uses which two ports? a. 19 and 20 b. 20 and 21 c. 21 and 22 d. 22 and 23

Each of these is a function of a vulnerability scanner EXCEPT ___. a. detects which ports are served and which ports are browsed for each individual system. b. alerts users when a new patch cannot be found c. maintains a log of all interactive network sessions. d. detects when an application is compromised.

Which statement about the Open Vulnerability and Assessment Language (OVAL) is true? a. It only funtions on Linux-based computers b. It attempts to standardize vulnerability assessment c. It has been replaced by XML. d. It is a European standard and is not used in the Americas.

Which statement regarding a honeypot is NOT true? a. It is typically located in an area with limited security b. It is intentionally configured with security vulnerabilities. c. It cannot be part of a honeynet. d. It can direct an attacker's attention away from legitimate servers.

Which statement about vulnerability scanning is true? a. It uses automated software to scan for vulnerabilities b. The testers are always outside of the security perimeter c. It may disrupt the operation of the network or systems d. It produces a short report of the attack methods and value of the exploited data.

If a tester is given the IP addresses, network diagrams, and source code of customer applications, the tester is using which technique? a. black box b. white box c. gray box d. blue box

If a software application aborts and leaves the program open, which control structure is it using? a. fail-safe b. fail-secure c. fail-open d. fail-right