Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 13: Vulnerability Assessment and Data Security

Full screen (f)
exit full mode
Question
Each packet/datagram contains a source port and destination port.
Use Space or
up arrow
down arrow
to flip the card.
Question
What is the name of the process that basically takes a snapshot of the current security of an organization?

A)threat analysis
B)vulnerability appraisal
C)risk assessment
D)threat assessment
Question
A port in what state below implies that an application or service assigned to that port is listening for any instructions?

A)open port
B)empty port
C)closed port
D)interruptible system
Question
Realistically,risks can never be entirely eliminated.
Question
What is another term used for a security weakness?

A)threat
B)vulnerability
C)risk
D)opportunity
Question
Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed.
Question
An administrator running a port scan wants to ensure that no processes are listening on port 23.What state should the port be in?

A)open port
B)secure port
C)hardened port
D)closed port
Question
The second step in a vulnerability assessment is to determine the assets that need to be protected.
Question
An administrator needs to view packets and decode and analyze their contents.What type of application should the administrator use?

A)application analyzer
B)protocol analyzer
C)threat profiler
D)system analyzer
Question
A risk management assessment is a systematic and methodical evaluation of the security posture of the enterprise.
Question
During a vulnerability assessment,what type of software can be used to search a system for port vulnerabilities?

A)threat scanner
B)vulnerability profiler
C)port scanner
D)application profiler
Question
Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic,yet they are imitations of real data files?

A)port scanner
B)honeynet
C)honeypot
D)honeycomb
Question
TCP/IP uses a numeric value as an identifier to the applications and services on these systems.
Question
What is the term for a network set up with intentional vulnerabilities?

A)honeynet
B)honeypot
C)honeycomb
D)honey hole
Question
Which item below is the standard security checklist against which systems are evaluated for a security posture?

A)profile
B)threat
C)control
D)baseline
Question
Determining vulnerabilities often depends on the background and experience of the assessor.
Question
The goal of what type of threat evaluation is to better understand who the attackers are,why they attack,and what types of attacks might occur?

A)threat mitigation
B)threat profiling
C)risk modeling
D)threat modeling
Question
Netstat displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP)and DNS settings.
Question
Nslookup displays detailed information about how a device is communicating with other network devices.
Question
In white box and gray box testing,the first task of the tester is to perform preliminary information gathering on their own from outside the organization,sometimes called open source intelligence (OSINT).
Question
What type of reconnaissance is a penetration tester performing if they are using tools that do not raise any alarms?

A)active
B)passive
C)invasive
D)evasive
Question
If a user uses the operating system's "delete" command to erase data,what type of data removal procedure was used?

A)wiping
B)purging
C)degaussing
D)data sanitation
Question
Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools?

A)replication image
B)assessment image
C)penetration framework
D)exploitation framework
Question
Which scan examines the current security,using a passive method?

A)application scan
B)system scan
C)threat scan
D)vulnerability scan
Question
Which security procedure is being demonstrated if an administrator is using Wireshark to watch for specific inbound and outbound traffic?

A)application search
B)application control
C)firewall monitoring
D)virus control
Question
Which of the following is the goal of a vulnerability scan? (Choose all that apply. )

A)identify vulnerabilities
B)identify common misconfigurations
C)identify threat actors
D)identify a lack of security controls
Question
What type of scanner sends "probes" to network devices and examine the responses received back to evaluate whether a specific device needs remediation?

A)active
B)non-intrusive
C)passive
D)intrusive
Question
What term is defined as the state or condition of being free from public attention to the degree that you determine?

A)freedom
B)secure
C)privacy
D)contentment
Question
What security goal do the following common controls address: hashing,digital signatures,certificates,nonrepudiation tools?

A)confidentiality
B)integrity
C)availability
D)safety
Question
If a penetration tester has gained access to a network and then tries to move around inside the network to other resources,what procedure is the tester performing?

A)pivot
B)spinning
C)persistence
D)secondary exploitation
Question
What type of penetration testing technique is used if the tester has no prior knowledge of the network infrastructure that is being tested?

A)white box
B)gray box
C)black box
D)sealed box
Question
Which of the following is a valid data sensitivity labeling and handling category? (Choose all that apply. )

A)high-risk
B)confidential
C)personal health information
D)proprietary
Question
Select the vulnerability scan type that will use only the available information to hypothesize the status of the vulnerability.

A)active
B)non-intrusive
C)passive
D)intrusive
Question
Which of the following groups categorize the risks associated with the use of private data? (Choose all that apply. )

A)Statistical inferences.
B)Associations with groups.
C)Private and consumer data
D)Individual inconveniences and identity theft.
Question
Which tester has an in-depth knowledge of the network and systems being tested,including network diagrams,IP addresses,and even the source code of custom applications?

A)white box
B)black box
C)replay
D)system
Question
What is the end result of a penetration test?

A)penetration test profile
B)penetration test report
C)penetration test system
D)penetration test view
Question
What security goal do the following common controls address: Redundancy,fault tolerance,and patching.?

A)confidentiality
B)integrity
C)availability
D)safety
Question
Which data erasing method will permanently destroy a magnetic-based hard disk by reducing or eliminating the magnetic field?

A)wiping
B)purging
C)degaussing
D)data sanitation
Question
What process does a penetration tester rely on to access an ever higher level of resources?

A)pivot
B)spinning
C)persistence
D)continuous exploitation
Question
What process addresses how long data must be kept and how it is to be secured?

A)legal retention
B)data retention
C)legal and compliance
D)data methodology
Question
Explain the concepts of personal data theft and identity theft.
Question
List and describe the elements that make up a security posture.
Question
List and describe two common uses for a protocol analyzer.
Question
List and describe the three categories that TCP/IP divides port numbers into.
Question
List two types of hardening techniques.
Question
List at least four things that a vulnerability scanner can do.
Question
Describe a penetration testing report.
Question
Describe the purpose of a honeypot.
Question
When a security hardware device fails or a program aborts,which state should it go into?
Question
Discuss one type of asset that an organization might have.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 13: Vulnerability Assessment and Data Security
1
Each packet/datagram contains a source port and destination port.
True
2
What is the name of the process that basically takes a snapshot of the current security of an organization?

A)threat analysis
B)vulnerability appraisal
C)risk assessment
D)threat assessment
B
3
A port in what state below implies that an application or service assigned to that port is listening for any instructions?

A)open port
B)empty port
C)closed port
D)interruptible system
A
4
Realistically,risks can never be entirely eliminated.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
What is another term used for a security weakness?

A)threat
B)vulnerability
C)risk
D)opportunity
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Vulnerability scanning should be conducted on existing systems and particularly as new technology equipment is deployed.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
An administrator running a port scan wants to ensure that no processes are listening on port 23.What state should the port be in?

A)open port
B)secure port
C)hardened port
D)closed port
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
The second step in a vulnerability assessment is to determine the assets that need to be protected.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
An administrator needs to view packets and decode and analyze their contents.What type of application should the administrator use?

A)application analyzer
B)protocol analyzer
C)threat profiler
D)system analyzer
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
A risk management assessment is a systematic and methodical evaluation of the security posture of the enterprise.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
During a vulnerability assessment,what type of software can be used to search a system for port vulnerabilities?

A)threat scanner
B)vulnerability profiler
C)port scanner
D)application profiler
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic,yet they are imitations of real data files?

A)port scanner
B)honeynet
C)honeypot
D)honeycomb
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
TCP/IP uses a numeric value as an identifier to the applications and services on these systems.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
What is the term for a network set up with intentional vulnerabilities?

A)honeynet
B)honeypot
C)honeycomb
D)honey hole
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which item below is the standard security checklist against which systems are evaluated for a security posture?

A)profile
B)threat
C)control
D)baseline
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Determining vulnerabilities often depends on the background and experience of the assessor.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
The goal of what type of threat evaluation is to better understand who the attackers are,why they attack,and what types of attacks might occur?

A)threat mitigation
B)threat profiling
C)risk modeling
D)threat modeling
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Netstat displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP)and DNS settings.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Nslookup displays detailed information about how a device is communicating with other network devices.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
In white box and gray box testing,the first task of the tester is to perform preliminary information gathering on their own from outside the organization,sometimes called open source intelligence (OSINT).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
What type of reconnaissance is a penetration tester performing if they are using tools that do not raise any alarms?

A)active
B)passive
C)invasive
D)evasive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
If a user uses the operating system's "delete" command to erase data,what type of data removal procedure was used?

A)wiping
B)purging
C)degaussing
D)data sanitation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Which of the following is used to replicate attacks during a vulnerability assessment by providing a structure of exploits and monitoring tools?

A)replication image
B)assessment image
C)penetration framework
D)exploitation framework
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Which scan examines the current security,using a passive method?

A)application scan
B)system scan
C)threat scan
D)vulnerability scan
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Which security procedure is being demonstrated if an administrator is using Wireshark to watch for specific inbound and outbound traffic?

A)application search
B)application control
C)firewall monitoring
D)virus control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Which of the following is the goal of a vulnerability scan? (Choose all that apply. )

A)identify vulnerabilities
B)identify common misconfigurations
C)identify threat actors
D)identify a lack of security controls
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
What type of scanner sends "probes" to network devices and examine the responses received back to evaluate whether a specific device needs remediation?

A)active
B)non-intrusive
C)passive
D)intrusive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
What term is defined as the state or condition of being free from public attention to the degree that you determine?

A)freedom
B)secure
C)privacy
D)contentment
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
What security goal do the following common controls address: hashing,digital signatures,certificates,nonrepudiation tools?

A)confidentiality
B)integrity
C)availability
D)safety
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
If a penetration tester has gained access to a network and then tries to move around inside the network to other resources,what procedure is the tester performing?

A)pivot
B)spinning
C)persistence
D)secondary exploitation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
What type of penetration testing technique is used if the tester has no prior knowledge of the network infrastructure that is being tested?

A)white box
B)gray box
C)black box
D)sealed box
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is a valid data sensitivity labeling and handling category? (Choose all that apply. )

A)high-risk
B)confidential
C)personal health information
D)proprietary
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Select the vulnerability scan type that will use only the available information to hypothesize the status of the vulnerability.

A)active
B)non-intrusive
C)passive
D)intrusive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following groups categorize the risks associated with the use of private data? (Choose all that apply. )

A)Statistical inferences.
B)Associations with groups.
C)Private and consumer data
D)Individual inconveniences and identity theft.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Which tester has an in-depth knowledge of the network and systems being tested,including network diagrams,IP addresses,and even the source code of custom applications?

A)white box
B)black box
C)replay
D)system
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
What is the end result of a penetration test?

A)penetration test profile
B)penetration test report
C)penetration test system
D)penetration test view
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
What security goal do the following common controls address: Redundancy,fault tolerance,and patching.?

A)confidentiality
B)integrity
C)availability
D)safety
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Which data erasing method will permanently destroy a magnetic-based hard disk by reducing or eliminating the magnetic field?

A)wiping
B)purging
C)degaussing
D)data sanitation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
What process does a penetration tester rely on to access an ever higher level of resources?

A)pivot
B)spinning
C)persistence
D)continuous exploitation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
What process addresses how long data must be kept and how it is to be secured?

A)legal retention
B)data retention
C)legal and compliance
D)data methodology
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Explain the concepts of personal data theft and identity theft.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
List and describe the elements that make up a security posture.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
List and describe two common uses for a protocol analyzer.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
List and describe the three categories that TCP/IP divides port numbers into.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
List two types of hardening techniques.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
List at least four things that a vulnerability scanner can do.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Describe a penetration testing report.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Describe the purpose of a honeypot.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
When a security hardware device fails or a program aborts,which state should it go into?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Discuss one type of asset that an organization might have.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree