21 ) SY EX. 5 | COMPLETE | 暗記メーカー

21 ) SY EX. 5 | COMPLETE

91問 • 5ヶ月前

問題一覧

//////////// Landon is preparing to run a vulnerability scan of a dedicated Apache server that his organization is planning to move into a screened subnet (DMZ). Which one of the following vulnerability scans is least likely to provide informative results?

- Database vulnerability scan

Ken recently received the vulnerability report shown here that affects a file server used by his organization. What is the primary nature of the risk introduced by this vulnerability?

- Availability

Aadesh is creating a vulnerability management program for his company. He has limited scanning resources and would like to apply them to different systems based on the sensitivity and criticality of the information that they handle. What criteria should Aadesh use to determine the vulnerability scanning frequency?

- Data classification

Tom recently read a media report about a ransomware outbreak that was spreading rapidly across the Internet by exploiting a zero-day vulnerability in Microsoft Windows. As part of a comprehensive response, he would like to include a control that would allow his organization to effectively recover from a ransomware infection. Which one of the following controls would best achieve Tom's objective?

- Backups

Kaitlyn discovered the vulnerability shown here on a workstation in her organization. Which one of the following is not an acceptable method for remediating this vulnerability?

- Upgrade Windows.

Brent ran a vulnerability scan of several network infrastructure devices on his network and obtained the result shown here. What is the extent of the impact that an attacker could have by exploiting this vulnerability directly?

- Reconnaissance

Yashvir runs the cybersecurity vulnerability management program for his organization. He sends a database administrator a report of a missing database patch that corrects a high severitv security issue. The DBA writes back to Yashvir that he has applied the patch. Yashvir reruns the scan, and it still reports the same vulnerability. What should he do next?

- Ask the DBA to recheck the database server.

Manya is reviewing the results of a vulnerability scan and identifies the issue shown here in one of her systems. She consults with developers who check the code and assure her that it is not vulnerable to SQL injection attacks. An independent auditor confirms this for Manya. What is the most likely scenario?

- This is a false positive report.

Erik is reviewing the results of a vulnerability scan and comes across the vulnerability report shown here. Which one of the following services is least likely to be affected by this vulnerability?

- HTTP

Larry recently discovered a critical vulnerability in one of his organization's database servers during a routine vulnerability scan. When he showed the report to a database administrator, the administrator responded that they had corrected the vulnerability by using a vendor-supplied workaround because upgrading the database would disrupt an important process. Larry verified that the workaround is in place and corrects the vulnerability. How should Larry respond to this situation?

- Mark the report as a false positive.

- The vulnerability scanner depends on version detection.

Mila ran a vulnerability scan of a server in her organization and found the vulnerability shown here. What is the use of the service affected by this vulnerability?

- Email server

Margot discovered that a server in her organization has a SQL iniection vulnerability. She would like to investigate whether attackers have attempted to exploit this vulnerability. Which one of the following data sources is least likely to provide helpful information?

- NetFlow logs

Krista is reviewing a vulnerability scan report and comes across the vulnerability shown here. She comes from a Linux background and is not as familiar with Windows administration. She is not familiar with the runas command mentioned in this vulnerability. What is the closest Linux equivalent command?

- sudo

After scanning a web application for possible vulnerabilities, Barry received the result shown here. Which one of the following best describes the threat posed by this vulnerability?

- An attacker can eavesdrop on authentication exchanges.

Javier ran a vulnerability scan of a network device used by his organization and discovered the vulnerability shown here. What type of attack would this vulnerability enable?

- Reconnaissance

Akari scans a Windows server in her organization and finds that it has multiple critical vulnerabilities, detailed in the report shown here. What action can Akari take that will have the most significant impact on these issues without creating a long-term outage?

- Apply security patches.

During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability?

- Block inbound connections on port 80 using the host firewall.

Doug is preparing an RFP for a vulnerability scanner for his organization. He needs to know the number of systems on his network to help determine the scanner requirements. Which one of the following would not be an easy way to obtain this information?

- ARP tables

Mary runs a vulnerability scan of her entire organization and shares the report with another analyst on her team. An excerpt from that report appears here. Her colleague points out that the report contains only vulnerabilities with severities of 3, 4, or 5. What is the most likely cause of this result?

- The scan sensitivity is set to exclude low-importance vulnerabilities.

Mikhail is reviewing the vulnerability shown here, which was detected on several servers in his environment. What action should Mikhail take?

- No action is necessary.

Which one of the following approaches provides the most current and accurate information about vulnerabilities present on a system because of the misconfiguration of operating system settings?

- Agent-based monitoring

Use the following scenario to answer questions 132-134. Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks: Screened subnet (DMZ) network that contains servers with public exposure • Workstation network that contains workstations that are allowed outbound access only • Internal server network that contains servers exposed only to internal systems He detected the following vulnerabilities: • Vulnerability 1: A SQL injection vulnerability on a screened subnet (DMZ) server that would grant access to a database server on the internal network (severity 5/5) • Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5) • Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5) • Vulnerability 4: A denial-of-service vulnerability on a screened subnet (DMZ) server that would allow an attacker to disrupt a public-facing website (severity 2/5) • Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5) Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete. Absent any other information, which one of the vulnerabilities in the report should Pete remediate first?

- Vulnerability 1

Use the following scenario to answer questions 132-134. Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks: Screened subnet (DMZ) network that contains servers with public exposure • Workstation network that contains workstations that are allowed outbound access only • Internal server network that contains servers exposed only to internal systems He detected the following vulnerabilities: • Vulnerability 1: A SQL injection vulnerability on a screened subnet (DMZ) server that would grant access to a database server on the internal network (severity 5/5) • Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5) • Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5) • Vulnerability 4: A denial-of-service vulnerability on a screened subnet (DMZ) server that would allow an attacker to disrupt a public-facing website (severity 2/5) • Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5) Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete. Pete is working with the desktop support manager to remediate vulnerability 3. What would be the most efficient way to correct this issue?

- Apply the patch using a GPO.

Use the following scenario to answer questions 132-134. Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks: Screened subnet (DMZ) network that contains servers with public exposure • Workstation network that contains workstations that are allowed outbound access only • Internal server network that contains servers exposed only to internal systems He detected the following vulnerabilities: • Vulnerability 1: A SQL injection vulnerability on a screened subnet (DMZ) server that would grant access to a database server on the internal network (severity 5/5) • Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5) • Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5) • Vulnerability 4: A denial-of-service vulnerability on a screened subnet (DMZ) server that would allow an attacker to disrupt a public-facing website (severity 2/5) • Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5) Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete. Pete recently conferred with the organization's CISO, and the team is launching an initiative designed to combat the insider threat. They are particularly concerned about the theft of information by employees seeking to exceed their authorized access. Which one of the vulnerabilities in this report is of greatest concern given this priority?

- Vulnerability 2

Wanda recently discovered the vulnerability shown here on a Windows server in her organization. She is unable to apply the patch to the server for six weeks because of operational issues. What workaround would be most effective in limiting the likelihood that this vulnerability would be exploited?

- Restrict interactive logins to the system.

Garrett is configuring vulnerability scanning for a new web server that his organization is deploying on its screened subnet (DMZ) network. The server hosts the company's public website. What type of scanning should Garrett configure for best results?

- Garrett should perform both internal and external scanning.

Frank recently ran a vulnerability scan and identified a POS terminal that contains an unpatchable vulnerability because of running an unsupported operating system. Frank consults with his manager and is told that the POS is being used with full knowledge of management and, as a compensating control, it has been placed on an isolated network with no access to other systems. Frank's manager tells him that the merchant bank is aware of the issue. How should Frank handle this situation?

- Document the vulnerability as an approved exception.

James is configuring vulnerability scans of a dedicated network that his organization uses for processing credit card transactions. What types of scans are least important for James to include in his scanning program?

- All three types of scans are equally important.

Helen performs a vulnerability scan of one of the internal LANs within her organization and finds a report of a web application vulnerability on a device. Upon investigation, she discovers that the device in question is a printer. What is the most likely scenario in this case?

- The printer is running an embedded web server.

Julian recently detected the vulnerability shown here on several servers in his environment. Because of the critical nature of the vulnerability, he would like to block all access to the affected service until it is resolved using a firewall rule. He verifies that the following TCP ports are open on the host firewall. Which one of the following does Julian not need to block to restrict access to this service?

- 389

Ted recently ran a vulnerability scan of his network and was overwhelmed with results. He would like to focus on the most important vulnerabilities. How should Ted reconfigure his vulnerability scanner?

- Decrease the scan sensitivity.

Sunitha discovered the vulnerability shown here in an application developed by her organization. What application security technique is most likely to resolve this issue?

- Input validation

Sherry runs a vulnerability scan and receives the high-level results shown here. Her priority is to remediate the most important vulnerabilities first. Which system should be her highest priority?

- D

Victor is configuring a new vulnerability scanner. He set the scanner to run scans of his entire datacenter each evening. When he went to check the scan reports at the end of the week, he found that they were all incomplete. The scan reports noted the error "Scan terminated due to start of preempting job." Victor has no funds remaining to invest in the vulnerability scanning system. He does want to cover the entire datacenter. What should he do to ensure that scans complete?

- Reduce the scanning frequency.

Vanessa ran a vulnerability scan of a server and received the results shown here. Her boss instructed her to prioritize remediation based on criticality. Which issue should she address first?

- Upgrade the web server.

Terry is reviewing a vulnerability scan of a Windows server and came across the vulnerability shown here. What is the risk presented by this vulnerability?

- There is no direct vulnerability, but this information points to other possible vulnerabilities on the server.

Andrea recently discovered the vulnerability shown here on the workstation belonging to a system administrator in her organization. What is the major likely threat that should concern Andrea?

- An attacker could exploit this vulnerability to gain access to servers managed by the administrator.

Avik recently conducted a PCI DSS vulnerability scan of a web server and noted a critical PHP vulnerability that required an upgrade to correct. She applied the update. How soon must Avik repeat the scan?

- Immediately

Chandra's organization recently upgraded the firewall protecting the network where they process credit card information. This network is subject to the provisions of PCI DSS. When is Chandra required to schedule the next vulnerability scan of this network?

- Immediately

Fahad is concerned about the security of an industrial control system (ICS) that his organization uses to monitor and manage systems in their factories. He would like to reduce the risk of an attacker penetrating this system. Which one of the following security controls would best mitigate the vulnerabilities in this type of system?

- Network segmentation

Raphael discovered during a vulnerability scan that an administrative interface to one of his storage systems was inadvertently exposed to the Internet. He is reviewing firewall logs and would like to determine whether any access attempts came from external sources. Which one of the following IP addresses reflects an external source?

- 12.8.1.100

Nick is configuring vulnerability scans for his network using a third-party vulnerability scanning service. He is attempting to scan a web server that he knows exposes a IFS file share and contains several significant vulnerabilities. However, the scan results only show ports 80 and 443 as open. What is the most likely cause of these scan results?

- A firewall configuration is preventing the scan from succeeding.

Thomas learned this morning of a critical security flaw that affects a major service used by his organization and requires immediate patching. This flaw was the subject of news reports and is being actively exploited. Thomas has a patch and informed stakeholders of the issue and received permission to apply the patch during business hours. How should he handle the change management process?

- Thomas should apply the patch and then follow up with an emergency change request after work is complete.

After running a vulnerability scan of systems in his organization's development shop, Mike discovers the issue shown here on several systems. What is the best solution to this vulnerabilitv?

- Remove this framework from the affected systems.

Tran is preparing to conduct vulnerability scans against a set of workstations in his organization. He is particularly concerned about system configuration settings. Which one of the following scan types will give him the best results?

- Credentialed scan

Brian is configuring a vulnerability scan of all servers in his organization's datacenter. He is configuring the scan to detect only the highest-severity vulnerabilities. He would like to empower system administrators to correct issues on their servers but also have some insight into the status of those remediations. Which approach would best serve Brian's interests?

- Configure the vulnerability scanner to open a trouble ticket when they detect a new vulnerability on a server.

Xiu Ying is configuring a new vulnerability scanner for use in her organization's datacenter. Which one of the following values is considered a best practice for the scanner's update frequency?

- Daily

Ben's manager recently assigned him to begin the remediation work on the most vulnerable server in his organization. A portion of the scan report appears here. What remediation action should Ben take first?

- Run Windows Update.

Zhang Wei completed a vulnerability scan of his organization's virtualization platform from an external host and discovered the vulnerability shown here. How should he react?

- This is a critical issue that requires immediate adjustment of firewall rules.

Elliott runs a vulnerability scan of one of the servers belonging to his organization and finds the results shown here. Which one of these statements is not correct?

- This server requires one or more Linux patches.

Tom runs a vulnerability scan of the file server shown here. He receives the vulnerability report shown next. Assuming that the firewall is configured properly, what action should Tom take immediately?

- Review and secure server accounts.

Dave is running a vulnerability scan of a client's network for the first time. The client has never run such a scan and expects to find many results. What security control is likely to remediate the largest portion of the vulnerabilities discovered in Dave's scan?

- Encryption

Kai is planning to patch a production system to correct a vulnerability detected during a scan. What process should she follow to correct the vulnerability but minimize the risk of a svstem failure?

- Kai should deploy the patch in a sandbox environment to test it prior to applying it in production.

Given no other information, which one of the following vulnerabilities would you consider the greatest threat to information confidentiality?

- Web application SQL injection vulnerability

Ling recently completed the security analysis of a web browser deployed on systems in her organization and discovered that it is susceptible to a zero-day integer overflow attack. Who is in the best position to remediate this vulnerability in a manner that allows continued use of the browser?

- The browser developer

Jeff's team is preparing to deploy a new database service, and he runs a vulnerability scan of the test environment. This scan results in the four vulnerability reports shown here. Jeff is primarily concerned with correcting issues that may lead to a confidentiality breach. Which vulnerability should Jeff remediate first?

- Oracle Database TNS Listener Poison Attack vulnerability

Eric is a security consultant and is trying to sell his services to a new client. He would like to run a vulnerability scan of their network prior to their initial meeting to show the client the need for added security. What is the most significant problem with this approach?

- Eric does not have permission to perform the scan.

Renee is assessing the exposure of her organization to the denial-of-service vulnerability in the scan report shown here. She is specifically interested in determining whether an external attacker would be able to exploit the denial-of-service vulnerability. Which one of the following sources of information would provide her with the best information to complete this assessment?

- Firewall rules

Mary is trying to determine what systems in her organization should be subject to vulnerability scanning. She would like to base this decision on the criticality of the system to business operations. Where should Mary turn to best find this information?

- Asset inventory

Paul ran a vulnerability scan of his vulnerability scanner and received the result shown here. What is the simplest fix to this issue?

- Upgrade Nessus.

Kamea is designing a vulnerability management system for her organization. Her highest priority is conserving network bandwidth. She does not have the ability to alter the configuration or applications installed on target systems. What solution would work best in Kamea's environment to provide vulnerability reports?

- Passive network monitoring

Aki is conducting a vulnerability scan when he receives a report that the scan is slowing down the network for other users. He looks at the performance configuration settings shown here. Which setting would be most likely to correct the issue?

- Max simultaneous hosts per scan.

Laura received a vendor security bulletin that describes a zero-day vulnerability in her organization's main database server. This server is on a private network but is used by publicly accessible web applications. The vulnerability allows the decryption of administrative connections to the server. What reasonable action can Laura take to address this issue as quickly as possible?

- Require VPN access for remote connections to the database server.

Emily discovered the vulnerability shown here on a server running in her organization. What is the most likely underlying cause for this vulnerability?

- Failure to perform input validation

Rex recently ran a vulnerability scan of his organization's network and received the results shown here. He would like to remediate the server with the highest number of the most serious vulnerabilities first. Which one of the following servers should be on his highest priority list?

- 10.0.102.58

Abella is configuring a vulnerability scanning tool. She recently learned about a privilege escalation vulnerability that requires the user already have local access to the system. She would like to ensure that her scanners are able to detect this vulnerability as well as future similar vulnerabilities. What action can she take that would best improve the scanner's ability to detect this type of issue?

- Enable credentialed scanning.

Kylie reviewed the vulnerability scan report for a web server and found that it has multiple SQL iniection and cross-site scripting vulnerabilities. What would be the least difficult way for Kylie to address these issues?

- Install a web application firewall.

Karen ran a vulnerability scan of a web server used on her organization's internal network. She received the report shown here. What circumstances would lead Karen to dismiss this vulnerability as a false positive?

- The server is for internal use only.

Which one of the following vulnerabilities is the most difficult to confirm with an external vulnerability scan?

- Blind SQL iniection

Holly ran a scan of a server in her datacenter, and the most serious result was the vulnerability shown here. What action is most commonly taken to remediate this vulnerability?

- Remove the file from the server.

During a recent vulnerability scan, Mark discovered a flaw in an internal web application that allows cross-site scripting attacks. He spoke with the manager of the team responsible for that application and was informed that he discovered a known vulnerability and the manager worked with other leaders and determined that the risk is acceptable and does not require remediation. What should Mark do?

- Mark the vulnerability as an exception.

Jacquelyn recently read about a new vulnerability in Apache web servers that allows attackers to execute arbitrary code from a remote location. She verified that her servers have this vulnerability, but this morning's OpenVAS vulnerability scan report shows that the servers are secure. She contacted the vendor and determined that they have released a signature for this vulnerability and it is working properly at other clients. What action can Jacquelyn take that will most likely address the problem efficiently?

- Update the vulnerability feed.

Sharon is designing a new vulnerability scanning system for her organization. She must scan a network that contains hundreds of unmanaged hosts. Which of the following techniques would be most effective at detecting system configuration issues in her environment?

- Server-based scanning

Use the following scenario to answer questions 184-186. Arlene ran a vulnerability scan of a VPN server used by contractors and employees to gain access to her organization's network. An external scan of the server found the vulnerability shown here. Which one of the following hash algorithms would not trigger this vulnerability?

- SHA-256

Use the following scenario to answer questions 184-186. Arlene ran a vulnerability scan of a VPN server used by contractors and employees to gain access to her organization's network. An external scan of the server found the vulnerability shown here. What is the most likely result of failing to correct this vulnerability?

- All users will be able to access the site, but some may see an error message.

- Request a new certificate.

After reviewing the results of a vulnerability scan, Bruce discovered that many of the servers in his organization are susceptible to a brute-force SSH attack. He would like to determine what external hosts attempted SSH connections to his servers and is reviewing firewall logs. What TCP port would relevant traffic most likely use?

- 22

Joaquin runs a vulnerability scan of the network devices in his organization and sees the vulnerability report shown here for one of those devices. What action should he take?

- Replace the certificate.

Lori is studying vulnerability scanning as she prepares for the CySA+ exam. Which of the following is not one of the principles she should observe when preparing for the exam to avoid causing issues for her organization?

- Run scans in a quiet manner without alerting other IT staff to the scans or their results to minimize the impact of false information.

Meredith is configuring a vulnerability scan and would like to configure the scanner to perform credentialed scans. Of the menu options shown here, which will allow her to directly configure this capability?

- Set Up Host Authentication

Norman is working with his manager to implement a vulnerability management program for his company. His manager tells him that he should focus on remediating critical and high-severity risks and that the organization does not want to spend time worrying about risks rated medium or lower. What type of criteria is Norman's manager using to make this decision?

- Risk appetite

Sara's organization has a well-managed test environment. What is the most likely issue that Sara will face when attempting to evaluate the impact of a vulnerability remediation by first deploying it in the test environment?

- Test systems are not available for all production systems.

How many vulnerabilities listed in the report shown here are significant enough to warrant immediate remediation in a typical operating environment?

- O

Which one of the following types of data is subject to regulations in the United States that specify the minimum frequency of vulnerability scanning?

- Credit card data

Chang is responsible for managing his organization's vulnerability scanning program. He is experiencing issues with scans aborting because the previous dav's scans are still running when the scanner attempts to start the current day's scans. Which one of the following solutions is least likely to resolve Chang's issue?

- Reduce the sensitivity of the scans.

Bhanu is scheduling vulnerability scans for her organization's datacenter. Which one of the following is a best practice that Bhanu should follow when scheduling scans?

- Schedule scans so that they run during periods of low activity.

Alan recently reviewed a vulnerability report and determined that an insecure direct obiect reference vulnerability existed on the system. He implemented a remediation to correct the vulnerability. After doing so, he verifies that his actions correctly mitigated the vulnerability. What term best describes the initial vulnerability report?

- True positive

Gwen is reviewing a vulnerability report and discovers that an internal system contains a serious flaw. After reviewing the issue with her manager, they decide that the system is sufficiently isolated and they will take no further action. What risk management strategy are they adopting?

- Risk acceptance

Use the following scenario for questions 199-201. Mike is in charge of the software testing process for his company. They perform a complete set of tests for each product throughout its life span. Use your knowledge of software assessment methods to answer the following questions. A new web application has been written by the development team in Mike's company. They used an Agile process and built a tool that fits all of the user stories that the participants from the division that asked for the application outlined. If they want to ensure that the functionality is appropriate for all users in the division, what type of testing should Mike perform?

- User acceptance testing

//////////////////////Use the following scenario for questions 199-201. Mike is in charge of the software testing process for his company. They perform a complete set of tests for each product throughout its life span. Use your knowledge of software assessment methods to answer the following questions. Mike's development team wants to expand the use of the software to the whole company, but they are concerned about its performance. What type of testing should they conduct to ensure that the software will not fail under load?

- Stress testing

competence 4

ユーザ名非公開 · 100問 · 1ヶ月前

competence 4

100問 • 1ヶ月前

ユーザ名非公開

(Finals) Professional issues in Information Technology Mocktest BSIT 505

Xai Alexandrei Delos Reyes · 27問 · 1ヶ月前

(Finals) Professional issues in Information Technology Mocktest BSIT 505

27問 • 1ヶ月前

Xai Alexandrei Delos Reyes

Competence 9

Competence 9

competence 7

competence 7

Competence 6

Competence 6

COMPETENCE 5

COMPETENCE 5

Competence 3

Competence 3

Competence 3

Competence 3

M11c19⚡️

مقطع من الاغاني عراقيه قصيره · 20問 · 2ヶ月前

M11c19⚡️

20問 • 2ヶ月前

مقطع من الاغاني عراقيه قصيره

cyber crime ict

Desa Mae Santiago · 12問 · 3ヶ月前

cyber crime ict

12問 • 3ヶ月前

Desa Mae Santiago

COMPUTER 2ND QUARTER

Karla Marie Ybañez · 38問 · 4ヶ月前

COMPUTER 2ND QUARTER

セキュリティ

セキュリティ

セキュリティ

セキュリティ

L.O. | The Threat Intelligence Cycle

The R.S.S.H Delivery Company · 40問 · 4ヶ月前

L.O. | The Threat Intelligence Cycle

40問 • 4ヶ月前

The R.S.S.H Delivery Company

Introduction to Computing

ユーザ名非公開 · 19問 · 4ヶ月前

Introduction to Computing

19問 • 4ヶ月前

ユーザ名非公開

Data and Digital Communication Mocktest (Prelim) BSIT 505

Xai Alexandrei Delos Reyes · 60問 · 4ヶ月前

Data and Digital Communication Mocktest (Prelim) BSIT 505

60問 • 4ヶ月前

Xai Alexandrei Delos Reyes

✅ SY EX | 1 MASTER

The R.S.S.H Delivery Company · 250問 · 5ヶ月前

✅ SY EX | 1 MASTER

250問 • 5ヶ月前

The R.S.S.H Delivery Company

css

css

Css 3 quiz

Css 3 quiz

25 ) SY EX. 9 | COMPLETE

The R.S.S.H Delivery Company · 15問 · 5ヶ月前

25 ) SY EX. 9 | COMPLETE

15問 • 5ヶ月前

The R.S.S.H Delivery Company

問題一覧

- Database vulnerability scan

Ken recently received the vulnerability report shown here that affects a file server used by his organization. What is the primary nature of the risk introduced by this vulnerability?

- Availability

- Data classification

- Backups

Kaitlyn discovered the vulnerability shown here on a workstation in her organization. Which one of the following is not an acceptable method for remediating this vulnerability?

- Upgrade Windows.

- Reconnaissance

- Ask the DBA to recheck the database server.

- This is a false positive report.

Erik is reviewing the results of a vulnerability scan and comes across the vulnerability report shown here. Which one of the following services is least likely to be affected by this vulnerability?

- HTTP

- Mark the report as a false positive.

- The vulnerability scanner depends on version detection.

Mila ran a vulnerability scan of a server in her organization and found the vulnerability shown here. What is the use of the service affected by this vulnerability?

- Email server

- NetFlow logs

- sudo

After scanning a web application for possible vulnerabilities, Barry received the result shown here. Which one of the following best describes the threat posed by this vulnerability?

- An attacker can eavesdrop on authentication exchanges.

Javier ran a vulnerability scan of a network device used by his organization and discovered the vulnerability shown here. What type of attack would this vulnerability enable?

- Reconnaissance

- Apply security patches.

During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability?

- Block inbound connections on port 80 using the host firewall.

- ARP tables

- The scan sensitivity is set to exclude low-importance vulnerabilities.

Mikhail is reviewing the vulnerability shown here, which was detected on several servers in his environment. What action should Mikhail take?

- No action is necessary.

Which one of the following approaches provides the most current and accurate information about vulnerabilities present on a system because of the misconfiguration of operating system settings?

- Agent-based monitoring

- Vulnerability 1

Use the following scenario to answer questions 132-134. Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks: Screened subnet (DMZ) network that contains servers with public exposure • Workstation network that contains workstations that are allowed outbound access only • Internal server network that contains servers exposed only to internal systems He detected the following vulnerabilities: • Vulnerability 1: A SQL injection vulnerability on a screened subnet (DMZ) server that would grant access to a database server on the internal network (severity 5/5) • Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5) • Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5) • Vulnerability 4: A denial-of-service vulnerability on a screened subnet (DMZ) server that would allow an attacker to disrupt a public-facing website (severity 2/5) • Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5) Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete. Pete is working with the desktop support manager to remediate vulnerability 3. What would be the most efficient way to correct this issue?

- Apply the patch using a GPO.

Use the following scenario to answer questions 132-134. Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks: Screened subnet (DMZ) network that contains servers with public exposure • Workstation network that contains workstations that are allowed outbound access only • Internal server network that contains servers exposed only to internal systems He detected the following vulnerabilities: • Vulnerability 1: A SQL injection vulnerability on a screened subnet (DMZ) server that would grant access to a database server on the internal network (severity 5/5) • Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5) • Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5) • Vulnerability 4: A denial-of-service vulnerability on a screened subnet (DMZ) server that would allow an attacker to disrupt a public-facing website (severity 2/5) • Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5) Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete. Pete recently conferred with the organization's CISO, and the team is launching an initiative designed to combat the insider threat. They are particularly concerned about the theft of information by employees seeking to exceed their authorized access. Which one of the vulnerabilities in this report is of greatest concern given this priority?

- Vulnerability 2

- Restrict interactive logins to the system.

- Garrett should perform both internal and external scanning.

- Document the vulnerability as an approved exception.

- All three types of scans are equally important.

- The printer is running an embedded web server.

- 389

- Decrease the scan sensitivity.

Sunitha discovered the vulnerability shown here in an application developed by her organization. What application security technique is most likely to resolve this issue?

- Input validation

Sherry runs a vulnerability scan and receives the high-level results shown here. Her priority is to remediate the most important vulnerabilities first. Which system should be her highest priority?

- D

- Reduce the scanning frequency.

Vanessa ran a vulnerability scan of a server and received the results shown here. Her boss instructed her to prioritize remediation based on criticality. Which issue should she address first?

- Upgrade the web server.

Terry is reviewing a vulnerability scan of a Windows server and came across the vulnerability shown here. What is the risk presented by this vulnerability?

- There is no direct vulnerability, but this information points to other possible vulnerabilities on the server.

Andrea recently discovered the vulnerability shown here on the workstation belonging to a system administrator in her organization. What is the major likely threat that should concern Andrea?

- An attacker could exploit this vulnerability to gain access to servers managed by the administrator.

- Immediately

- Network segmentation

- 12.8.1.100

- A firewall configuration is preventing the scan from succeeding.

- Thomas should apply the patch and then follow up with an emergency change request after work is complete.

After running a vulnerability scan of systems in his organization's development shop, Mike discovers the issue shown here on several systems. What is the best solution to this vulnerabilitv?

- Remove this framework from the affected systems.

- Credentialed scan

- Configure the vulnerability scanner to open a trouble ticket when they detect a new vulnerability on a server.

Xiu Ying is configuring a new vulnerability scanner for use in her organization's datacenter. Which one of the following values is considered a best practice for the scanner's update frequency?

- Daily

- Run Windows Update.

Zhang Wei completed a vulnerability scan of his organization's virtualization platform from an external host and discovered the vulnerability shown here. How should he react?

- This is a critical issue that requires immediate adjustment of firewall rules.

Elliott runs a vulnerability scan of one of the servers belonging to his organization and finds the results shown here. Which one of these statements is not correct?

- This server requires one or more Linux patches.

- Review and secure server accounts.

- Encryption

Kai is planning to patch a production system to correct a vulnerability detected during a scan. What process should she follow to correct the vulnerability but minimize the risk of a svstem failure?

- Kai should deploy the patch in a sandbox environment to test it prior to applying it in production.

Given no other information, which one of the following vulnerabilities would you consider the greatest threat to information confidentiality?

- Web application SQL injection vulnerability

- The browser developer

- Oracle Database TNS Listener Poison Attack vulnerability

- Eric does not have permission to perform the scan.

- Firewall rules

- Asset inventory

Paul ran a vulnerability scan of his vulnerability scanner and received the result shown here. What is the simplest fix to this issue?

- Upgrade Nessus.

- Passive network monitoring

- Max simultaneous hosts per scan.

- Require VPN access for remote connections to the database server.

Emily discovered the vulnerability shown here on a server running in her organization. What is the most likely underlying cause for this vulnerability?

- Failure to perform input validation

- 10.0.102.58

- Enable credentialed scanning.

- Install a web application firewall.

- The server is for internal use only.

Which one of the following vulnerabilities is the most difficult to confirm with an external vulnerability scan?

- Blind SQL iniection

Holly ran a scan of a server in her datacenter, and the most serious result was the vulnerability shown here. What action is most commonly taken to remediate this vulnerability?

- Remove the file from the server.

- Mark the vulnerability as an exception.

- Update the vulnerability feed.

- Server-based scanning

- SHA-256

Use the following scenario to answer questions 184-186. Arlene ran a vulnerability scan of a VPN server used by contractors and employees to gain access to her organization's network. An external scan of the server found the vulnerability shown here. What is the most likely result of failing to correct this vulnerability?

- All users will be able to access the site, but some may see an error message.

- Request a new certificate.

- 22

Joaquin runs a vulnerability scan of the network devices in his organization and sees the vulnerability report shown here for one of those devices. What action should he take?

- Replace the certificate.

- Run scans in a quiet manner without alerting other IT staff to the scans or their results to minimize the impact of false information.

- Set Up Host Authentication

- Risk appetite

- Test systems are not available for all production systems.

How many vulnerabilities listed in the report shown here are significant enough to warrant immediate remediation in a typical operating environment?

- O

Which one of the following types of data is subject to regulations in the United States that specify the minimum frequency of vulnerability scanning?

- Credit card data

- Reduce the sensitivity of the scans.

Bhanu is scheduling vulnerability scans for her organization's datacenter. Which one of the following is a best practice that Bhanu should follow when scheduling scans?

- Schedule scans so that they run during periods of low activity.

- True positive

- Risk acceptance

- User acceptance testing

- Stress testing