uestion $1($Mandatory$)(1$ point$)$

Saved

Continuous Diagnosis and Mitigation $($CDM$)$ relates to

Question $1$ options:

security incident response.

vulnerability management.

privacy provisioning.

checking US$-$CERT advisory.

Question $2($Mandatory$)(1$ point$)$

National Vulnerability Database $($NVD$)$ lists

Question $2$ options:

all attacks on computer systems.

all exploits for vulnerabilities.

zero$-$day vulnerabilities.

all known vulnerabilities.

Question $3($Mandatory$)(1$ point$)$

Patch management tools

Question $3$ options:

do not necessarily correlate what they detect on your systems to known vulnerabilities.

correlate what they detect on your systems to known vulnerabilities.

are based on known vulnerabilities.

correlate what they detect on your systems to unknown vulnerabilities.

Question $4($Mandatory$)(1$ point$)$

Software assessment management $($SWAM$)$ is a capability

Question $4$ options:

to fix vulnerabilities in the software being used by an organization.

of checking if there are new vulnerabilities reported on NVD for the software being used by your organization.

patch management by automatically fixing vulnerabilities.

for replacing vulnerable software with alternatives.

Question $5($Mandatory$)(1$ point$)$

For vulnerability management the desired state of a software is

Question $5$ options:

that the software should be of a known version with known vulnerabilities.

that the software should be of an unknown version with known vulnerabilities.

that the software should be of a unknown version with unknown vulnerabilities.

that the software should be of a known version with unknown vulnerabilities.

Question $6($Mandatory$)(1$ point$)$

A typical way for a vulnerability scanner to identify vulnerabilities in your system is

Question $6$ options:

by checking for missing patches.

by installing a vulnerability recognition system.

by checking your system against its database of vulnerabilities.

by checking your system against national vulnerability database $($NVD$).$

Question $7($Mandatory$)(1$ point$)$

A surface vulnerability is a weakness that

Question $7$ options:

is not dangerous.

corresponds to attack surface.

is related to other vulnerabilities.

is not related to other vulnerabilities.

Question $8($Mandatory$)(1$ point$)$

Like other pattern matching and signature$-$based tools, vulnerability scanners have

Question $8$ options:

low false positive rates.

high false positive rates.

low false negative rates.

high false negative rates.

Question $9($Mandatory$)(1$ point$)$

Setting up the rules, getting management approval, documenting the approval and setting testing goals are

Question $9$ options:

the four phases of penetration testing.

vulnerability management steps.

patch management system.

the planning phase of penetration testing.

Question $10($Mandatory$)(1$ point$)$

This phase of the penetration testing occurs simultaneously with other three phases.

Question $10$ options:

the planning phase.

the discovery phase.

the attack phase.

the reporting phase.

Question $11($Mandatory$)(1$ point$)$

The activities during the vulnerability window should include

Question $11$ options:

things like penetration testing to discover vulnerabilities.

risk assessment, available patches, and read advisories about the vulnerability

reporting the vulnerability to US$-$CERT and NVD$.$

sending out your IT staff for training to learn more about the vulnerability found.

Question $12($Mandatory$)(1$ point$)$

User training, policy enforcement, and incident response are part of

Question $12$ options:

vulnerability assessment.

exploit discovery.

penetration testing.

countermeasures.

Question $13($Mandatory$)(1$ point$)$

CAIN, John the Ripper, L$0$phcrack, Ophcrack, Hashcat and Aircracking$-$ng are

Question $13$ options:

password cracking tools.

vulnerability scanners.

penetration testing tools.

patch management tools.

Question $14($Mandatory$)(1$ point$)$

The rainbow crack tool is password cracking tool that works by

Question $14$ options:

brute force attack method.

dictionary attack method.

comparing the password hash with rainbow table hashes.

guess work.

Question $15($Mandatory$)(1$ point$)$

Use of CAPTCHA and recognition of images are protections against

Question $15$ options:

password cracking tools.

bot attacks.

vulnerabilities.

weak passwords.

Question $16($Mandatory$)(1$ point$)$

Authentication $($such as $2$FA$)$ is a password attack countermeasure whose target is the

Question $16$ options:

adversary.

user.

admin.

vendor.

Question $17($Mandatory$)(1$ point$)$

Access control, consisting of authentication and authorization should be applied

Question $17$ options:

neither internally, not externally.

not internally, but externally.

internally but not externally.

internally and externally.

Question $18($Mandatory$)(1$ point$)$

Rule$-$based access control is the same thing as

Question $18$ options:

role$-$based access control.

mandatory access control.

discretionary access control.