Vulnerability Management and Disaster Recovery

Questions and Answers

What does the Principle of Easiest Penetration imply for computer security specialists?

All potential means of penetration must be considered (correct)

The attacker will always choose the least secure path

Solid defense in one area eliminates the need for others

Only the most apparent vulnerabilities need to be secured

What is an important objective of infrastructure security?

To fortify user interfaces against vulnerabilities

To guarantee no connectivity between components

To minimize dependencies while enabling communication (correct)

To ensure only physical devices used are secure

Which component is a focus of infrastructure security?

User profiles

Application interfaces

Source code

Data centers (correct)

Why is it critical to secure application programming interfaces (APIs) in application security?

Vulnerable APIs can expose larger systems to risks

What should be expected of an intruder according to the Principle of Easiest Penetration?

They will use the least protected means available

In the context of infrastructure security, what is the significance of isolating components?

It reduces the risk associated with interdependencies

Which strategy is not a typical focus of application security?

Securing physical servers

What happens if one aspect of a system is overly fortified according to the Principle of Easiest Penetration?

Other aspects may become more enticing to intruders

What does application security aim to protect?

Both applications in use and those in development

What must a computer security specialist consider according to the Principle of Easiest Penetration?

All potential attack methods