During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities? |
port scanner |
A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software. |
True |
What is another term used for a security weakness? |
vulnerability |
An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in? |
closed port |
What is the name for the code that can be executed by unauthorized users within a software product? |
attack surface |
What is the term for a network set up with intentional vulnerabilities? |
honeynet |
The comparison of the present state of a system to its baseline is known as what? |
Baseline reporting |
The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur? |
threat modeling |
What is the name of the process that takes a snapshot of the current security of an organization? |
vulnerability appraisal |
What term below describes a prearranged purchase or sale agreement between a government agency and a business? |
Blanket Purchase Agreement (BPA) |
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a: |
Service Level Agreement (SLA) |
What term below describes the start-up relationship between partners? |
On-boarding |
Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard? |
baseline |
Vulnerability scans are usually performed from outside the security perimeter. |
False |
What is the end result of a penetration test? |
penetration test report |
A healthy security posture results from a sound and workable strategy toward managing risks. |
True |
An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use? |
protocol analyzer |
Which scan examines the current security, in a passive method? |
vulnerability scan |
A port in what state below implies that an application or service assigned to that port is listening for any instructions? |
open port |
If TCP port 20 is open, then an attacker can assume that FTP is being used. |
true |
In software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development. |
Architectural design |
The code that can be executed by unauthorized users in a software program. |
Attach surface |
A comparison of the present state of a system to its baseline |
Baseline reporting |
An agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities.. |
interoperability agreement |
A penetration test where some limited information has been provided to the tester |
Gray box |
Disabling unused application/service ports to reduce the number of threat vectors. |
Port security |
In software development, presenting the code to multiple reviewers in order to reach agreement about its security |
Code review |
A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques. |
Honeypot |
The start-up relationship agreement between parties |
On-boarding business partners |
The termination of an agreement between parties. |
Off-boarding business partners |
security chapter 15
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price