Q. Which one of the following activities is not part of the vulnerability management life cycle?

View solution

Q. Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?

View solution

Q. Adam is conducting a penetration test of an organization and is reviewing the source code of an application for vulnerabilities. What type of code testing is Adam conducting?

View solution

Q. Which one of the following factors is least likely to impact vulnerability scanning schedules?

View solution

Q. What term describes an organization’s willingness to tolerate risk in their computing environment?

View solution

Q. Which one of the following categories of systems is most likely to be disrupted during a vulnerability scan?

View solution

Q. Which type of organization is the most likely to be impacted by a law requiring them to conduct vulnerability scans?

View solution

Q. Ken is planning to conduct a vulnerability scan of an organization as part of a penetration test. He is conducting a black-box test. When would it be appropriate to conduct an internal scan of the network?

View solution

Q. Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?

View solution

Q. Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?

View solution

Q. Which one of the following technologies, when used within an organization, is the least likely to interfere with vulnerability scanning results achieved by external penetration testers?

View solution

Q. Which one of the following is not an example of a vulnerability scanning tool?

View solution

Q. Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?

View solution

Q. What tool can white-box penetration testers use to help identify the systems present on a network prior to conducting vulnerability scans?

View solution

Q. Gary is conducting a black-box penetration test against an organization and is being provided with the results of vulnerability scans that the organization already ran for use in his tests. Which one of the following scans is most likely to provide him with helpful information within the bounds of his test?

View solution

Q. Ryan is conducting a penetration test and is targeting a database server. Which one of the following tools would best assist him in detecting vulnerabilities on that server?

View solution

Q. What is a common objection to vulnerability scanning from other members of the IT team?

View solution

Q. What should penetration testers carefully define in penetration test SOWs regarding vulnerabilities detected during tests?

View solution

Q. How should remediation workflows be in relation to other workflow technology used by the IT organization?

View solution

Q. What should organizations use to identify, remediate, and test vulnerabilities consistently?

View solution