Recent

  • Show all results for ""
CS 205 Final Exam 2024 - Types of Security Testing and VM Lifecycle Steps

CS 205 Final Exam 2024 - Types of Security Testing and VM Lifecycle Steps

Created by
@AmbitiousDouglasFir
Study Flashcards Play Quiz
Study Flashcards Play Quiz

Questions and Answers

What is the main purpose of vulnerability assessment (VA) in security testing?

To identify weaknesses and security holes in IT assets

Which step in the VM lifecycle involves analyzing assets, examining IP subnets, and looking at potential network traffic issues?

Analyze assets

What is the main goal of running a vulnerability scan in the VM lifecycle?

Generating a report for asset owners

Which activity is NOT part of verifying (re-scanning) in the VM lifecycle?

<p>Evaluating the effectiveness of patches and fixes</p> Signup and view all the answers

What is a common feature of vulnerability scanners like Open VAS, Nessus, Qualys, and Rapid7?

<p>They offer free tools for security testing</p> Signup and view all the answers

In security testing, what distinguishes penetration testing (PT) from vulnerability assessment (VA)?

<p>PT focuses on identifying weaknesses, while VA simulates malicious attacks</p> Signup and view all the answers

According to the given text, which team has primary ownership?

<p>Information Security team</p> Signup and view all the answers

Who is responsible for testing patches in the environment based on the information provided?

<p>IT Ops team</p> Signup and view all the answers

In the context of the provided information, what does 'SCAP-validated vulnerability scanner' primarily scan for?

<p>Code-based vulnerabilities</p> Signup and view all the answers

Which of the following is NOT a stage of Info sec Governance Block as outlined in the text?

<p>Monitoring Intermediate</p> Signup and view all the answers

From the details provided, which type of IT assets do not have a CIS/DISA STIG?

<p>Virtual servers</p> Signup and view all the answers

What activity will be required if 'Recourse and priority' falls under 'Mature' according to the text?

<p>Incident management</p> Signup and view all the answers

What is the purpose of checking the completeness and correctness of controls in the context of cyber security?

<p>To enhance the organization's security posture</p> Signup and view all the answers

In the Cyber Security Maturity Matrix discussed, which level focuses on having Active Directory, Enterprise AV, and Windows OS licensed?

<p>Foundation</p> Signup and view all the answers

What is the difference between a remote exploit and a local exploit?

<p>Remote exploit works over a network without any prior access, while local exploit requires prior access to the vulnerable system.</p> Signup and view all the answers

Why is it important to use only fully supported web browsers & email clients in an organization?

<p>To reduce security vulnerabilities</p> Signup and view all the answers

Which section of the Cyber Security Maturity Matrix focuses on having systems that are monitored regularly for threats?

<p>Monitored</p> Signup and view all the answers

What is the primary reason for ensuring the use of only fully supported browser & email clients according to the text?

<p>To maintain a secure IT environment by reducing vulnerabilities</p> Signup and view all the answers

More Quizzes Like This

CS-123 Introductory Programming Quiz
5 questions

EIE3320 General Programming Quiz and Flashcards

FineLookingWetland avatar
FineLookingWetland
CS-123 Introductory Programming Quiz
5 questions

CS-123 Introductory Programming Quiz

FineLookingWetland avatar
FineLookingWetland
CS Executive Quiz
5 questions

CS Executive Quiz

DelicateAbundance avatar
DelicateAbundance
CS 4440 Introduction to Computer Security Practice Quiz
5 questions

CS 4440 Introduction to Computer Security Practice Quiz

SucceedingPerception avatar
SucceedingPerception
Use Quizgecko on...
Browser
Open
Browser
Browser