The __________ window is the gap between when a new vulnerability is discovered and when software developers write a patch

threat

risk

vulnerability

impact

Microsoft offers automated tools that can be used to verify compliance. Once such tool is __________, which queries systems for vulnerabilities, deploys updates, and deploys operating system images to clients.

System Center Configuration Manager (SCCM)

Systems Management Server (SMS)

Nmap

Nessus

A security baseline is deployed in your organization. You discover that one system is regularly being reconfigured. The security tool fixes it, and then the next scan shows it has changed again. You want to know who or what is making this change. Which is the best first step to resolve the issue?

Redeploy the original security baseline.

Enable auditing and then view the audit trail.

Reinstall the system.

Perform a random audit for compliance.

There are several different best practices for IT security policy monitoring. One such practice is to create a baseline based on a security policy, which entails:

using a security policy document as a road map.

using images whenever possible to deploy new operating systems.

routinely tracking rule and regulatory changes.

regularly auditing systems after the baseline has been deployed.

A configuration management database (CMDB) holds the configuration information for systems throughout a system's life cycle.

True

False