1. You know that your network has a web server that has missing patches; however, the vulnerability...
Question:
1. You know that your network has a web server that has missing patches; however, the vulnerability scanner says the webserver is not missing any patches. What is this called?
A. false positive
B. true negative
C. false negative
D. true positive
2. What is monitoring user behavior and comparing current behavior to a baseline?
A. Sentiment analysis
B. Log aggregation
C. Packet capture
D. User behavior analysis (UBA)
3. Your vulnerability scanner tells you that your web server is not missing any patches. Before the scan, you updated your web server with all the patches. What do we call this situation?
A. true positive
B. false positive
C. true negative
D. false negative
4. What are tools that automatically detect and respond to suspicious activity?
A. Common Vulnerabilities and Exposures (CVE)
B. Security Information and Event Management (SIEM)
C. Common Vulnerability Scoring System (CVSS)
D. Security Orchestration, Automation, and Response (SOAR)
5. Which of the following is NOT part of a vulnerability scan?
A. Identify lack of security controls
B. Passively test security controls
C. Exploit vulnerabilities
D. Identify common misconfigurations
6. Which testing is intrusive and can potentially bring down a system?
A. non-credentialed scanning
B. pen-testing
C. credentialed scanning
D. vulnerability scanning
7. What does a vulnerability scanner use to identify potential vulnerabilities?
A. hashing
B. database of known vulnerabilities
C. false positives
D. key loggers
8. _____ is an open standard that assesses the severity of vulnerabilities.
A. Common Vulnerability Scoring System (CVSS)
B. Common Vulnerabilities and Exposures (CVE)
C. Security Information and Event Management (SIEM)
D. Security Orchestration, Automation, and Response (SOAR)
9. What is putting dissimilar data into the same format for convenient searching and analyzing?
A. User behavior analysis (UBA)
B. Log aggregation
C. Packet capture
D. Sentiment analysis
10. What is analyzing text to detect an opinion or emotion?
A. Sentiment analysis
B. Packet capture
C. User behavior analysis (UBA)
D. Log aggregation
Principles of Information Security
ISBN: 978-1285448367
4th Edition
Authors: Michael E. Whitman, Herbert J. Mattord