Security+ Network Security Fundamentals Chapter 15

True

The first step in a vulnerability assessment is to determine the assets that need to be protected.

True

If TCP port 20 is open, then an attacker can assume that FTP is being used.

False

Vulnerability scans are usually performed from outside the security perimeter.

True

A healthy security posture results from a sound and workable strategy toward managing risks.

True

A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software.

threat modeling

The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

vulnerability appraisal

What is the name of the process that takes a snapshot of the current security of an organization?

baseline

Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?

Baseline reporting

The comparison of the present state of a system to its baseline is known as what?

code review

In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?

attack surface

What is the name for the code that can be executed by unauthorized users within a software product?

port scanner

During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

open port

A port in what state below implies that an application or service assigned to that port is listening for any instructions?

closed port

An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

protocol analyzer

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

honeypot

Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

honeynet

What is the term for a network set up with intentional vulnerabilities?

vulnerability

What is another term used for a security weakness?

vulnerability scan

Which scan examines the current security, in a passive method?

penetration test report

What is the end result of a penetration test?

white box

Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?

​Service Level Agreement (SLA)

​A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:

​Blanket Purchase Agreement (BPA)

​What term below describes a prearranged purchase or sale agreement between a government agency and a business?

​Integrity

What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?​

​On-boarding

What term below describes the start-up relationship between partners?​

Vulnerability scanners

____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.

database

Most vulnerability scanners maintain a(n) ____________________ that categorizes and describes the vulnerabilities that it can detect.

social engineering

When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.

gray

A(n) ____________________ box test is one in which some limited information has been provided to the tester.

black box

In a __________ test, the tester has no prior knowledge of the network infrastructure that is being tested.

​Architectural design

​In software development, the process of defining a collection of hardware and sfotware components along with their interfaces in order to create the framework for software development.

Attack surface​

The code that can be executed by unauthorized users in a software program​

​Interoperability agreement

An agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities.​

​Gray box

A penetration test where some limited information has been provided to the tester.​

​On-boarding

The start-up relationship agreement between parties.​

Honeypot​

​A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques.

​Baseline reporting

A comparison of the present state of a system to its baseline.​

Port security

​Disabling unused application/service ports to reduce the number of threat vectors.

Code review​

In software development, presenting the code to multiple reviewers in order to reach agreement about its security.​

​Off-boarding

​The termination of an agreement between parties.

End chapter 15

...

Security+ Network Security Fundamentals Chapter 15 - Subjecto.com

Security+ Network Security Fundamentals Chapter 15

Your page rank:

Total word count: 775
Pages: 3

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

True

The first step in a vulnerability assessment is to determine the assets that need to be protected.

True

If TCP port 20 is open, then an attacker can assume that FTP is being used.

False

Vulnerability scans are usually performed from outside the security perimeter.

True

A healthy security posture results from a sound and workable strategy toward managing risks.

True

A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software.

threat modeling

The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

vulnerability appraisal

What is the name of the process that takes a snapshot of the current security of an organization?

baseline

Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?

Baseline reporting

The comparison of the present state of a system to its baseline is known as what?

code review

In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?

attack surface

What is the name for the code that can be executed by unauthorized users within a software product?

port scanner

During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

open port

A port in what state below implies that an application or service assigned to that port is listening for any instructions?

closed port

An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

protocol analyzer

An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

honeypot

Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

honeynet

What is the term for a network set up with intentional vulnerabilities?

vulnerability

What is another term used for a security weakness?

vulnerability scan

Which scan examines the current security, in a passive method?

penetration test report

What is the end result of a penetration test?

white box

Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?

​Service Level Agreement (SLA)

​A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:

​Blanket Purchase Agreement (BPA)

​What term below describes a prearranged purchase or sale agreement between a government agency and a business?

​Integrity

What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?​

​On-boarding

What term below describes the start-up relationship between partners?​

Vulnerability scanners

____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.

database

Most vulnerability scanners maintain a(n) ____________________ that categorizes and describes the vulnerabilities that it can detect.

social engineering

When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.

gray

A(n) ____________________ box test is one in which some limited information has been provided to the tester.

black box

In a __________ test, the tester has no prior knowledge of the network infrastructure that is being tested.

​Architectural design

​In software development, the process of defining a collection of hardware and sfotware components along with their interfaces in order to create the framework for software development.

Attack surface​

The code that can be executed by unauthorized users in a software program​

​Interoperability agreement

An agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities.​

​Gray box

A penetration test where some limited information has been provided to the tester.​

​On-boarding

The start-up relationship agreement between parties.​

Honeypot​

​A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques.

​Baseline reporting

A comparison of the present state of a system to its baseline.​

Port security

​Disabling unused application/service ports to reduce the number of threat vectors.

Code review​

In software development, presenting the code to multiple reviewers in order to reach agreement about its security.​

​Off-boarding

​The termination of an agreement between parties.

End chapter 15

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending