logo image

Security+ Ch4

A ________ is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm.
Vulnerability Assessment
Each of the following can be classified as an asset except ________.
Accounts Payable
Note: Assets include People (Employees, Business Partners), Buildings, and Data (databases)
Each of the following is a step in risk management except ________.
Attack Assessment
Which of the following is true regarding vulnerability appraisal? p28
Every asset must be viewed in light of each threat.
A Threat agent ________.
Is a person or entity with the power to carry out a threat against an asset.
________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur.
Threat Modeling
What is a current snapshot of the security of an organization?
Vulnerability Appraisal
The ________ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
Exposure Factor (EF)
Which of the following is NOT an option for dealing with risk.
Eliminate the risk
________ is a comparison of the present security state of a system compared to a standard established by the organization.
Baseline Reporting
Each of the following is a state of a port that can be returned by a port scanner except ________.
Busy
Each of the following is true regarding TCP SYN port scanning except _________.
It uses FIN messages that can pass through firewalls and avoid detection.
The protocol File Transfer Protocol (FTP) uses which two ports?
20 (data) and 21 (control)
A protocol analyzer places the computer’s network interface card (NIC) adapter into ________ mode.
Promiscuous
Each of the following is a function of a vulnerability scanner except ________.
Alert users when a new patch cannot be found
Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
It attempts to standardize vulnerability assessments.
Which of the following is NOT true regarding a honeypot? p139
* It cannot be part of a Honeynet.
* It contains real data files because attackers can easily identify fake files.
Which of the following is true of vulnerability scanning?
It uses automated software to scan for vulnerabilities
If a tester is given the IP addresses, network diagrams, and source code of customer applications, then she is using which technique?
White Box
If a software applications aborts and leaves the program open, which control structure is it using?
Fail Open
What are the five parts of Vulnerability Assessment.
Asset Identification
Threat Evaluation
Vulnerability Appraisal
Risk Assessment
Risk Mitigation
Attack Tree
visual image of the attacks that may occur.
Threat Modeling
Understand who the attackers are and why they attack, and what types of attacks they may use.

Need essay sample on "Security+ Ch4"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy