Q. What should penetration testers carefully define in penetration test SOWs regarding vulnerabilities detected during tests?

View solution

Q. What is a common objection to vulnerability scanning from other members of the IT team?

View solution

Q. Ryan is conducting a penetration test and is targeting a database server. Which one of the following tools would best assist him in detecting vulnerabilities on that server?

View solution

Q. Gary is conducting a black-box penetration test against an organization and is being provided with the results of vulnerability scans that the organization already ran for use in his tests. Which one of the following scans is most likely to provide him with helpful information within the bounds of his test?

View solution

Q. What tool can white-box penetration testers use to help identify the systems present on a network prior to conducting vulnerability scans?

View solution

Q. Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?

View solution

Q. Which one of the following is not an example of a vulnerability scanning tool?

View solution

Q. Which one of the following technologies, when used within an organization, is the least likely to interfere with vulnerability scanning results achieved by external penetration testers?

View solution

Q. Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?

View solution

Q. Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?

View solution

Q. Ken is planning to conduct a vulnerability scan of an organization as part of a penetration test. He is conducting a black-box test. When would it be appropriate to conduct an internal scan of the network?

View solution

Q. Which type of organization is the most likely to be impacted by a law requiring them to conduct vulnerability scans?

View solution

Q. Which one of the following categories of systems is most likely to be disrupted during a vulnerability scan?

View solution

Q. What term describes an organization’s willingness to tolerate risk in their computing environment?

View solution

Q. Which one of the following factors is least likely to impact vulnerability scanning schedules?

View solution

Q. Adam is conducting a penetration test of an organization and is reviewing the source code of an application for vulnerabilities. What type of code testing is Adam conducting?

View solution

Q. Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?

View solution

Q. Which one of the following activities is not part of the vulnerability management life cycle?

View solution

Q. What approach to vulnerability scanning incorporates information from agents running on the target servers?

View solution

Q. Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized?

View solution