Q. What is a false positive in the context of vulnerability scanning?

View solution

Q. Why might an organization decide not to remediate a vulnerability?

View solution

Q. What is the purpose of documenting exceptions in the vulnerability management system?

View solution

Q. How can informational results from a vulnerability scan be categorized?

View solution

Q. Why might organizations adopt a formal policy for handling informational messages from a remediation perspective?

View solution

Q. Why should penetration testers turn to other sources of security information when interpreting vulnerability reports?

View solution

Q. What are some examples of information sources that penetration testers should consider in addition to vulnerability scans?

View solution

Q. Why is trend analysis important in a vulnerability scanning program?

View solution

Q. In the context of vulnerability scans, what is one of the most common alerts indicating a potential security issue?

View solution

Q. How can administrators of mobile devices enhance security?

View solution

Q. Why may mobile devices not typically show up on vulnerability scans?

View solution

Q. What is the risk associated with running unsupported software?

View solution

Q. Why are reports of unsupported software considered a treasure trove of information for penetration testers?

View solution

Q. What major operating system had its support discontinued by Microsoft in July 2015?

View solution

Q. What is the recommended solution for organizations running unsupported operating systems?

View solution

Q. What is a buffer overflow attack?

View solution

Q. What is the primary goal of privilege escalation attacks?

View solution

Q. What is Dirty COW?

View solution

Q. What is a rootkit?

View solution

Q. What do arbitrary code execution vulnerabilities allow an attacker to do?

View solution