What is a vulnerability? Correct Answer-a weakness in an information system, system security
procedures, internal controls, or implementation that could
... [Show More] be exploited or triggered by a threat
source.
What is a penetration test? Correct Answer-a simulated cyber attack against your systems or
company
What are the typical steps for a vulnerability test? Correct Answer-Identify asset classification
list, identify vulnerabilities, test assets against vulnerabilities, and recommend solutions to either
eliminate or mitigate vulnerabilities
What is the first thing an organization should do before defining security requirements? Correct
Answer-To define security requirements, first an organization must define its risk appetite.
What is defense in depth? Correct Answer-defense-in-depth principle; it is by adding relevant
layer of controls (e.g., access control, encryption, and monitoring) that the expected level of
protection is achieved.
What are COTS applications? Correct Answer-Applications developed by vendors and installed
on the organization's information systems. These applications are usually purchased outright by
organizations with usage based on licensing agreements.
What are SaaS applications? Correct Answer-Applications developed by service providers or
vendors and installed on the provider or vendor information system. Organizations typically have
an on-demand or pay-per-usage metrics.What is the goal of a security test? Correct Answer-Verify that a control is functioning properly.
What is a security assessment? Correct Answer-A comprehensive reviews of the security of a
system, application, or other tested environment
What is the NIST SP 800-53A? Correct Answer-The National Institute for Standards and
Technology (NIST) offers a special publication that describes best practices in conducting
security and privacy assessments.
What is COBIT? Correct Answer-the Control Objectives for Information and related
Technologies describes the common requirements that organizations should have in place
surrounding their information systems.
What does ISO 27001 describe? Correct Answer-A standard approach for setting up an
information security management system
What does ISO 27002 describe? Correct Answer-It details specifics of information security
controls
What does a vulnerability scan do? Correct Answer-automatically probe systems, applications,
and networks, looking for weaknesses that may be exploited by an attacker.
What are the four main categories of vulnerability scans? Correct Answer-Network discovery
scans, network vulnerability scans, web application vulnerability scans, and database
vulnerability scans
What is NMAP? Correct Answer-The most common tool used for network discovery scanning
What does a network vulnerability scanner do? Correct Answer-Probe a targeted system or
network for the presence of known vulnerabilities. [Show Less]