The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?
Question 1 options:
threat mitigation
threat profiling
risk modeling
threat modeling
What is the name of the process that takes a snapshot of the current security of an organization?
Question 2 options:
threat analysis
vulnerability appraisal
risk assessment
threat assessment
Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?
Question 3 options:
profile
threat
control
baseline
The comparison of the present state of a system to its baseline is known as what?
Question 4 options:
Baseline reporting
Compliance reporting
Baseline assessment
Compliance review
In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?
Question 5 options:
black box
code review
white box
scanner
What is the name for the code that can be executed by unauthorized users within a software product?
Question 6 options:
vulnerability surface
risk profile
input surface
attack surface
During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?
Question 7 options:
threat scanner
vulnerability profiler
port scanner
application profiler
A port in what state below implies that an application or service assigned to that port is listening for any instructions?
Question 8 options:
open port
empty port
closed port
interruptible system
An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?
Question 9 options:
open port
open address
closed address
closed port
An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?
Question 10 options:
application analyzer
protocol analyzer
threat profiler
system analyzer
Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.
Question 11 options:
port scanner
write blocker
honeypot
honeycomb
What is the term for a network set up with intentional vulnerabilities?
Question 12 options:
honeynet
honeypot
honeycomb
honey hole
What is another term used for a security weakness?
Question 13 options:
threat
vulnerability
risk
opportunity
Which scan examines the current security, in a passive method?
Question 14 options:
application scan
system scan
threat scan
vulnerability scan
What is the end result of a penetration test?
Question 15 options:
penetration test profile
penetration test report
penetration test system
penetration test view
Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?
Question 16 options:
white box
black box
replay
system
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:
Question 17 options:
Blanket Purchase Agreement [BPA]
Service Level Agreement [SLA]
Memorandum of Understanding [MOU]
Interconnection Security Agreement [ISA]
Service Level Agreement [SLA]
What term below describes a prearranged purchase or sale agreement between a government agency and a business?
Question 18 options:
Service Level Agreement [SLA]
Memorandum of Understanding [MOU]
Blanket Purchase Agreement [BPA]
Interconnection Security Agreement [ISA]
Blanket Purchase Agreement [BPA]
What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?
Question 19 options:
Confidentiality
Integrity
Availability
Safety
What term below describes the start-up relationship between partners?
Question 20 options:
Off-boarding
Uptaking
On-boarding
Uploading