Exam 4: Vulnerability Assessment and Mitigating Attacks

When performing a vulnerability assessment, many organizations use ____ software to search a system for any port vulnerabilities.

A ____ outlines the major security considerations for a system and becomes the starting point for solid security.

____ is the proportion of an asset's value that is likely to be destroyed by a particular risk.

When a security hardware device fails or a program aborts, which state should it go into?

The ____ is the expected monetary loss every time a risk occurs.

A security weakness is known as a(n) ____.

Most vulnerability scanners maintain a(n) ____________________ that categorizes and describes the vulnerabilities that it can detect.

In an empty box test, the tester has no prior knowledge of the network infrastructure that is being tested.

Discuss one type of asset that an organization might have.

List and describe two common uses for a protocol analyzer.

____ is the probability that a risk will occur in a particular year.

When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.

____ is a comparison of the present state of a system compared to its baseline.

List and describe the elements that make up a security posture.

Vulnerability scans are usually performed from outside the security perimeter.

The goal of ____ is to better understand who the attackers are, why they attack, and what types of attacks might occur.

List four things that a vulnerability scanner can do.

A healthy security posture results from a sound and workable strategy toward managing risks.

A ____ is a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

A ____ in effect takes a snapshot of the current security of the organization.