A ________ is a systematic and methodical evaluation of the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm.
Each of the following can be classified as an asset except ________.
Note: Assets include People (Employees, Business Partners), Buildings, and Data (databases)
Each of the following is a step in risk management except ________.
Which of the following is true regarding vulnerability appraisal? p28
Every asset must be viewed in light of each threat.
A Threat agent ________.
Is a person or entity with the power to carry out a threat against an asset.
________ constructs scenarios of the types of threats that assets can face in order to learn who the attackers are, why they attack, and what types of attacks may occur.
What is a current snapshot of the security of an organization?
The ________ is the proportion of an asset’s value that is likely to be destroyed by a particular risk.
Exposure Factor (EF)
Which of the following is NOT an option for dealing with risk.
Eliminate the risk
________ is a comparison of the present security state of a system compared to a standard established by the organization.
Each of the following is a state of a port that can be returned by a port scanner except ________.
Each of the following is true regarding TCP SYN port scanning except _________.
It uses FIN messages that can pass through firewalls and avoid detection.
The protocol File Transfer Protocol (FTP) uses which two ports?
20 (data) and 21 (control)
A protocol analyzer places the computer’s network interface card (NIC) adapter into ________ mode.
Each of the following is a function of a vulnerability scanner except ________.
Alert users when a new patch cannot be found
Which of the following is true of the Open Vulnerability and Assessment Language (OVAL)?
It attempts to standardize vulnerability assessments.
Which of the following is NOT true regarding a honeypot? p139
* It cannot be part of a Honeynet.
* It contains real data files because attackers can easily identify fake files.
Which of the following is true of vulnerability scanning?
It uses automated software to scan for vulnerabilities
If a tester is given the IP addresses, network diagrams, and source code of customer applications, then she is using which technique?
If a software applications aborts and leaves the program open, which control structure is it using?
What are the five parts of Vulnerability Assessment.
visual image of the attacks that may occur.
Understand who the attackers are and why they attack, and what types of attacks they may use.
Need essay sample on "Security+ Ch4"? We will write a custom essay sample specifically for you for only $ 13.90/page