Exam 5: Scanning for Vulnerabilities

Jim wants to implement an active vulnerability scanner within his company. He is trying to determine the scope of systems to be scanned. Which of the following might he choose to exempt from active vulnerability scanning?

Isla is an executive at a large corporation that is currently working on merging with another corporation. Final regulatory approval is still needed, but could be more than a year away. In the meantime, the two companies have created a business partnership agreement to start working on certain projects together. They have also created an agreement that is not legally binding to define each of their roles in a new project. Which of the following is most likely the agreement they created?

Sakura, a cybersecurity analyst, is implementing SCAP for her organization. She wants to implement best practices for the configuration of settings on various computer systems. Which of the following might she use to meet her goal?

Nikola is meeting with the executives of a large stock brokerage company. He knows that they have had a data breach recently and are extremely concerned about any further intrusions. This organization could be described as having an extremely low ________.

Ramon has been hired as a consultant for a large corporation to validate its existing security controls. Which of the following would most likely be one of the first pieces of data he requests?

A group of doctor's offices have decided to merge into one organization. As part of the migration, the cybersecurity team is responsible for determining how systems from the different offices will be able to share information with each other until they can be formally combined into a single system. Which of the following does the cybersecurity team need to keep in mind throughout the merger as they perform the necessary tasks of combining systems that are specific to the medical field?

Clifford, a cybersecurity analyst, has been tasked with implementing a method of automating vulnerability management at his organization. Which of the following is the most likely solution that Clifford would choose to implement?

Cece, a penetration tester, has been hired by a company to attempt to breach the company's systems and gain access to whatever she can, just as if she were a real threat actor. Which of the following might be one of the initial tests that she performs?

Nadia, a cybersecurity analyst, has installed a vulnerability scanning application called Nessus that uses modular updates she can download and install as needed. Which of the following terms may be used to describe these updates?

Victoria, a cybersecurity analyst, has discovered a vulnerability within several servers that requires a configuration modification. However, company policies dictate that she needs to get approval first to make this modification. Which of the following processes does the company most likely have in place?

Tyrese, a system administrator, is responsible for the Windows Server infrastructure at his organization. He has discovered that when it comes time to upgrade some of the servers from Windows Server 2012 R2, they will no longer be able to use the built-in vulnerability scanner. Which of the following is the vulnerability scanner that Tyrese had read about?

Loide is a cybersecurity analyst and is looking for a vulnerability scanner that will pull updates from a web-based feed so that it constantly has the latest information about new vulnerabilities as they're discovered. Which of the following might be a good source of data for the scanner?

Tamara is a systems administrator for a company that wants to move some of their applications to a cloud service provider. Tamara needs to ensure that data won't be lost and that the systems will maintain 99.999% uptime. Which of the following should Tamara review from the CSPs her company is considering?

Alois, a cybersecurity manager,has purchased a new vulnerability scanning tool on a trial basisto determine whether it would work for the organization's systems. She meets with her team to make the announcement and get input on which systems should be part of the first phase of the trial. Which of the following is she trying to determine?

Kiah, a cybersecurity analyst for the government, is setting up a new Linux server and needs to configure the data classification labels to be used for the new application. Which of the following are valid labels for U.S. government systems?

The CISO of a large organization, Mikael, has just returned from a security conference. At the conference, he learned about a vulnerability scanner that he would like to implement at his company. He likes the fact that the software published under the GNU GPL. Which of the following vulnerability scanners is he most likely considering?

David, an IT manager, has just returned from a security conference where he was discussing the capabilities of a vendor's products. The vendor explained that their system relied on an agent that is installed on systems within an organization in order for it to work. Which of the following is most likely the type of product offered by this vendor?