Vulnerability Management and Disaster Recovery

Questions and Answers

What does the Principle of Easiest Penetration imply for computer security specialists?

• All potential means of penetration must be considered (correct)
• The attacker will always choose the least secure path
• Solid defense in one area eliminates the need for others
• Only the most apparent vulnerabilities need to be secured

What is an important objective of infrastructure security?

• To fortify user interfaces against vulnerabilities
• To guarantee no connectivity between components
• To minimize dependencies while enabling communication (correct)
• To ensure only physical devices used are secure

Which component is a focus of infrastructure security?

• User profiles
• Application interfaces
• Source code
• Data centers (correct)

Why is it critical to secure application programming interfaces (APIs) in application security?

Vulnerable APIs can expose larger systems to risks (A)

What should be expected of an intruder according to the Principle of Easiest Penetration?

They will use the least protected means available (B)

In the context of infrastructure security, what is the significance of isolating components?

It reduces the risk associated with interdependencies (C)

Which strategy is not a typical focus of application security?

Securing physical servers (C)

What happens if one aspect of a system is overly fortified according to the Principle of Easiest Penetration?

Other aspects may become more enticing to intruders (D)

What does application security aim to protect?

Both applications in use and those in development (C)

What must a computer security specialist consider according to the Principle of Easiest Penetration?

All potential attack methods (C)