Q. What advantage do credentialed scans have over noncredentialed alternatives in vulnerability management programs?

View solution

Q. In which type of penetration test is it generally appropriate to use credentialed vulnerability scans?

View solution

Q. What should penetration testers consider when choosing the appropriate scan perspectives for a penetration test?

View solution

Q. What does an external scan in vulnerability management provide?

View solution

Q. Why is regular maintenance of a vulnerability scanner important?

View solution

Q. What does regular patching of scanner software help protect against?

View solution

Q. How often should administrators configure their scanners to retrieve new plug-ins?

View solution

Q. What is the purpose of the Security Content Automation Protocol (SCAP)?

View solution

Q. Which SCAP component provides a standardized approach for measuring and describing the severity of security-related software flaws?

View solution

Q. According to Veracode's 2020 metrics, what percentage of scanned applications did not pass their OWASP Top 10 security issues testing process?

View solution

Q. What type of testing is static code analysis often considered?

View solution

Q. What does static code analysis focus on?

View solution

Q. Which tool is a static code analysis tool for Ruby on Rails applications?

View solution

Q. What does dynamic code analysis rely on?

View solution

Q. Why is there a strong preference for automated testing in dynamic code analysis?

View solution

Q. What is fuzz testing (fuzzing)?

View solution

Q. What is a characteristic of fuzz testing?

View solution

Q. Why might fuzz testing attract attention from cybersecurity teams?

View solution

Q. Which of the following is an open source web application scanning tool?

View solution

Q. What is the primary interface used by Nikto for displaying results?

View solution