C795- Cybersecurity Management II (Tactical) Questions and Answers Already Passed

Document Content and Description Below

C795- Cybersecurity Management II (Tactical) Questions and Answers Already Passed What is a vulnerability? Correct Answer-a weakness in an information system, system security procedures, internal ... controls, or implementation that could be exploited or triggered by a threat source. What is a penetration test? Correct Answer-a simulated cyber attack against your systems or company What are the typical steps for a vulnerability test? Correct Answer-Identify asset classification list, identify vulnerabilities, test assets against vulnerabilities, and recommend solutions to either eliminate or mitigate vulnerabilities What is the first thing an organization should do before defining security requirements? Correct Answer-To define security requirements, first an organization must define its risk appetite. What is defense in depth? Correct Answer-defense-in-depth principle; it is by adding relevant layer of controls (e.g., access control, encryption, and monitoring) that the expected level of protection is achieved. What are COTS applications? Correct Answer-Applications developed by vendors and installed on the organization's information systems. These applications are usually purchased outright by organizations with usage based on licensing agreements. What are SaaS applications? Correct Answer-Applications developed by service providers or vendors and installed on the provider or vendor information system. Organizations typically have an on-demand or pay-per-usage metrics. What is the goal of a security test? Correct Answer-Verify that a control is functioning properly. What is a security assessment? Correct Answer-A comprehensive reviews of the security of a system, application, or other tested environment What is the NIST SP 800-53A? Correct Answer-The National Institute for Standards and Technology (NIST) offers a special publication that describes best practices in conducting security and privacy assessments. What is COBIT? Correct Answer-the Control Objectives for Information and related Technologies describes the common requirements that organizations should have in place surrounding their information systems. What does ISO 27001 describe? Correct Answer-A standard approach for setting up an information security management system What does ISO 27002 describe? Correct Answer-It details specifics of information security controls What does a vulnerability scan do? Correct Answer-automatically probe systems, applications, and networks, looking for weaknesses that may be exploited by an attacker. What are the four main categories of vulnerability scans? Correct Answer-Network discovery scans, network vulnerability scans, web application vulnerability scans, and database vulnerability scans What is NMAP? Correct Answer-The most common tool used for network discovery scanning What does a network vulnerability scanner do? Correct Answer-Probe a targeted system or network for the presence of known vulnerabilities. What is a false positive? Correct Answer-The scanner may not have enough information to conclusively determine that a vulnerability exists and it reports a vulnerability when there really is no problem. What is a false negative? Correct Answer-When the vulnerability scanner misses a vulnerability and fails to alert the administrator to the presence of it T/F - By default, network vulnerability scanners run unauthenticated scans. Correct Answer-True One way to improve the accuracy of the scanning and reduce false positive and false negative reports is to perform what kind of scans? Correct A [Show More]

Last updated: 1 year ago

Preview 1 out of 18 pages