Q. Which one of the following is not an example of a vulnerability scanning tool?

View solution

Q. Which one of the following technologies, when used within an organization, is the least likely to interfere with vulnerability scanning results achieved by external penetration testers?

View solution

Q. Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?

View solution

Q. Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?

View solution

Q. Ken is planning to conduct a vulnerability scan of an organization as part of a penetration test. He is conducting a black-box test. When would it be appropriate to conduct an internal scan of the network?

View solution

Q. Which type of organization is the most likely to be impacted by a law requiring them to conduct vulnerability scans?

View solution

Q. Which one of the following categories of systems is most likely to be disrupted during a vulnerability scan?

View solution

Q. What term describes an organization’s willingness to tolerate risk in their computing environment?

View solution

Q. Which one of the following factors is least likely to impact vulnerability scanning schedules?

View solution

Q. Adam is conducting a penetration test of an organization and is reviewing the source code of an application for vulnerabilities. What type of code testing is Adam conducting?

View solution

Q. Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?

View solution

Q. Which one of the following activities is not part of the vulnerability management life cycle?

View solution

Q. What approach to vulnerability scanning incorporates information from agents running on the target servers?

View solution

Q. Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized?

View solution

Q. Jessica is reading reports from vulnerability scans run by different parts of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task?

View solution

Q. Sarah is conducting a penetration test and discovers a critical vulnerability in an application. What should she do next?

View solution