Purpose of Vulnerability Assessment with Nessus Quiz

Questions and Answers

What is the main purpose of Address Space Layout Randomization (ASLR)?

• To encrypt web application traffic
• To prevent buffer overflow attacks at the operating system level (correct)
• To identify security vulnerabilities in a web application
• To prioritize security vulnerabilities in a web application

Which of the following is NOT a vulnerability assessment tool?

• Wireshark (correct)
• Nessus
• CANVAS
• Metasploit

What does Burp Suite primarily aim to do in a web application?

• Prevent unauthorized access to a web application
• Monitor web application traffic for security threats
• Identify and prioritize security vulnerabilities (correct)
• Encrypt web application traffic

Which of the following IS a type of fuzzer?

Regex Fuzzer (C)

Which security principle involves maintaining the accuracy and completeness of information?

Integrity (B)

Which security principle focuses on keeping sensitive information private?

Confidentiality (C)

Which type of cryptographic algorithm involves using a single key for both encryption and decryption?

Symmetric (A)

Which of the following is not a commonly used cryptographic algorithm?

SHA-512 (B)

Which type of cryptographic algorithm involves using a public key for encryption and a private key for decryption?

Asymmetric (A)

Which type of cryptographic algorithm involves generating a fixed-length output from a variable-length input?

Hash (A)

Which cryptographic algorithm is used for digital signatures?

RSA (D)

Which cryptographic algorithm is commonly used for encrypting sensitive data?

AES (C)

What is the primary purpose of the FISMA framework?

To establish information security policies and procedures for federal agencies (A)

Which act regulates the use and protection of personal health information?

HIPAA (A)

What is the primary purpose of the FERPA Act?

To protect student educational records (D)

Which of the following is NOT a requirement of the Gramm-Leach-Bliley Act (GLBA)?

Protecting customer health information (D)

What is a requirement of the Payment Card Industry Data Security Standard (PCI DSS)?

Encrypting customer financial information during transmission (B)

Which act is primarily focused on ensuring the accuracy and reliability of financial reporting?

SOX (D)

Which component of symmetric cryptography uses the same key for both encryption and decryption?

Decryption (A)

What is a disadvantage of using symmetric cryptography?

Lower security compared to asymmetric cryptography (B)

Which component generates a shared key for encryption and decryption in symmetric cryptography?

Key generation (A)

What benefit do digital signatures NOT provide in symmetric cryptography?

Ability to establish secure communication without key exchange (A)

Which statement about symmetric cryptography is true?

The same key is used for both encryption and decryption (B)

What is NOT a component of symmetric cryptography?

Public key infrastructure (C)

What is the main purpose of using a vulnerability assessment tool like Nessus?

To identify and prioritize security vulnerabilities in a network (D)

Which Rapid7 product is considered a vulnerability assessment tool?

Metasploit (A)

What is the primary function of a web server analysis tool like Nikto?

To identify and prioritize security vulnerabilities in a web server (A)

What does the FISMA framework primarily aim to do?

To establish information security policies and procedures for federal agencies (C)

Which of the following is NOT a vulnerability assessment tool?

Wireshark (B)

What distinguishes a vulnerability assessment tool from an intrusion detection system?

Vulnerability assessment tools identify weaknesses; intrusion detection systems detect unauthorized access. (B)