Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 15: Vulnerability Assessment and Third Party Integration

Full screen (f)
exit full mode
Question
​What term below describes a prearranged purchase or sale agreement between a government agency and a business?

A)​Service Level Agreement (SLA)
B)​Memorandum of Understanding (MOU)
C)​Blanket Purchase Agreement (BPA)
D)​Interconnection Security Agreement (ISA)
Use Space or
up arrow
down arrow
to flip the card.
Question
What is the name of the process that takes a snapshot of the current security of an organization?

A)threat analysis
B)vulnerability appraisal
C)risk assessment
D)threat assessment
Question
What term below describes the start-up relationship between partners?​

A)​Off-boarding
B)​Uptaking
C)​On-boarding
D)​Uploading
Question
What is the name for the code that can be executed by unauthorized users within a software product?

A)vulnerability surface
B)risk profile
C)input surface
D)attack surface
Question
A port in what state below implies that an application or service assigned to that port is listening for any instructions?

A)open port
B)empty port
C)closed port
D)interruptible system
Question
A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software.
Question
If TCP port 20 is open, then an attacker can assume that FTP is being used.
Question
An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

A)open port
B)open address
C)closed address
D)closed port
Question
Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

A)port scanner
B)write blocker
C)honeypot
D)honeycomb
Question
Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?

A)profile
B)threat
C)control
D)baseline
Question
An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

A)application analyzer
B)protocol analyzer
C)threat profiler
D)system analyzer
Question
Which scan examines the current security, in a passive method?

A)application scan
B)system scan
C)threat scan
D)vulnerability scan
Question
During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

A)threat scanner
B)vulnerability profiler
C)port scanner
D)application profiler
Question
Vulnerability scans are usually performed from outside the security perimeter.
Question
Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?

A)white box
B)black box
C)replay
D)system
Question
What is the end result of a penetration test?

A)penetration test profile
B)penetration test report
C)penetration test system
D)penetration test view
Question
The first step in a vulnerability assessment is to determine the assets that need to be protected.
Question
What is another term used for a security weakness?

A)threat
B)vulnerability
C)risk
D)opportunity
Question
What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?​

A)​Confidentiality
B)​Integrity
C)​Availability
D)​Safety
Question
A healthy security posture results from a sound and workable strategy toward managing risks.
Question
What is the term for a network set up with intentional vulnerabilities?

A)honeynet
B)honeypot
C)honeycomb
D)honey hole
Question
____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.
​Matching
a.​Architectural design
b.Attack surface​
c.​Baseline reporting
d.Code review​
e.​Gray box
Question
When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
In software development, presenting the code to multiple reviewers in order to reach agreement about its security.​
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​The termination of an agreement between parties.
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
An agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities.​
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​In software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development.
Question
A(n) ____________________ box test is one in which some limited information has been provided to the tester.
Question
Most vulnerability scanners maintain a(n) ____________________ that categorizes and describes the vulnerabilities that it can detect.
Question
The comparison of the present state of a system to its baseline is known as what?

A)Baseline reporting
B)Compliance reporting
C)Baseline assessment
D)Compliance review
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​Disabling unused application/service ports to reduce the number of threat vectors.
Question
The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

A)​threat mitigation
B)​threat profiling
C)​risk modeling
D)​threat modeling
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
A comparison of the present state of a system to its baseline.​
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
The code that can be executed by unauthorized users in a software program​
Question
​A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:

A)​Blanket Purchase Agreement (BPA)
B)​Service Level Agreement (SLA)
C)​Memorandum of Understanding (MOU)
D)​Interconnection Security Agreement (ISA)
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
A penetration test where some limited information has been provided to the tester.​
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques.
Question
In a __________ test, the tester has no prior knowledge of the network infrastructure that is being tested.
Question
In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?

A)black box
B)code review
C)white box
D)scanner
Question
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
The start-up relationship agreement between parties.​
Question
Discuss one type of asset that an organization might have.
Question
List and describe the elements that make up a security posture.
Question
List two types of hardening techniques.
Question
When a security hardware device fails or a program aborts, which state should it go into?
Question
Discuss the purpose of OVAL.
Question
List and describe the three categories that TCP/IP divides port numbers into.
Question
List and describe two common uses for a protocol analyzer.
Question
Describe a penetration testing report.
Question
List four things that a vulnerability scanner can do.
Question
Describe the purpose of a honeypot.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 15: Vulnerability Assessment and Third Party Integration
1
​What term below describes a prearranged purchase or sale agreement between a government agency and a business?

A)​Service Level Agreement (SLA)
B)​Memorandum of Understanding (MOU)
C)​Blanket Purchase Agreement (BPA)
D)​Interconnection Security Agreement (ISA)
C
2
What is the name of the process that takes a snapshot of the current security of an organization?

A)threat analysis
B)vulnerability appraisal
C)risk assessment
D)threat assessment
B
3
What term below describes the start-up relationship between partners?​

A)​Off-boarding
B)​Uptaking
C)​On-boarding
D)​Uploading
C
4
What is the name for the code that can be executed by unauthorized users within a software product?

A)vulnerability surface
B)risk profile
C)input surface
D)attack surface
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
A port in what state below implies that an application or service assigned to that port is listening for any instructions?

A)open port
B)empty port
C)closed port
D)interruptible system
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
A port scanner can be used to search a system for port vulnerabilities. The RADMIN port scanner is an example of this type of software.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
If TCP port 20 is open, then an attacker can assume that FTP is being used.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
An administrator running a port scan wants to ensure that no processes are listening on port 23. What state should the port be in?

A)open port
B)open address
C)closed address
D)closed port
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which is the term for a computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, yet they are actually imitations of real data files.

A)port scanner
B)write blocker
C)honeypot
D)honeycomb
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
Which item below is an imaginary line by which an element is measured or compared, and can be seen as the standard?

A)profile
B)threat
C)control
D)baseline
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
An administrator needs to view packets and decode and analyze their contents. What type of application should the administrator use?

A)application analyzer
B)protocol analyzer
C)threat profiler
D)system analyzer
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Which scan examines the current security, in a passive method?

A)application scan
B)system scan
C)threat scan
D)vulnerability scan
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
During a vulnerability assessment, what type of software can be used to search a system for port vulnerabilities?

A)threat scanner
B)vulnerability profiler
C)port scanner
D)application profiler
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Vulnerability scans are usually performed from outside the security perimeter.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications?

A)white box
B)black box
C)replay
D)system
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
What is the end result of a penetration test?

A)penetration test profile
B)penetration test report
C)penetration test system
D)penetration test view
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
The first step in a vulnerability assessment is to determine the assets that need to be protected.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
What is another term used for a security weakness?

A)threat
B)vulnerability
C)risk
D)opportunity
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
What security goal do the following common controls address: hashing, digital signatures, certificates, nonrepudiation tools?​

A)​Confidentiality
B)​Integrity
C)​Availability
D)​Safety
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
A healthy security posture results from a sound and workable strategy toward managing risks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
What is the term for a network set up with intentional vulnerabilities?

A)honeynet
B)honeypot
C)honeycomb
D)honey hole
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
____________________ for organizations are intended to identify vulnerabilities and alert network administrators to these problems.
​Matching
a.​Architectural design
b.Attack surface​
c.​Baseline reporting
d.Code review​
e.​Gray box
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
When using a black box test, many testers use ____________________ tricks to learn about the network infrastructure from inside employees.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
In software development, presenting the code to multiple reviewers in order to reach agreement about its security.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​The termination of an agreement between parties.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
An agreement through which parties in a relationship can reach an understanding of their relationships and responsibilities.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​In software development, the process of defining a collection of hardware and software components along with their interfaces in order to create the framework for software development.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
A(n) ____________________ box test is one in which some limited information has been provided to the tester.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Most vulnerability scanners maintain a(n) ____________________ that categorizes and describes the vulnerabilities that it can detect.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
The comparison of the present state of a system to its baseline is known as what?

A)Baseline reporting
B)Compliance reporting
C)Baseline assessment
D)Compliance review
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​Disabling unused application/service ports to reduce the number of threat vectors.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
The goal of what type of threat evaluation is to better understand who the attackers are, why they attack, and what types of attacks might occur?

A)​threat mitigation
B)​threat profiling
C)​risk modeling
D)​threat modeling
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
A comparison of the present state of a system to its baseline.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
The code that can be executed by unauthorized users in a software program​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
​A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service, is known as a:

A)​Blanket Purchase Agreement (BPA)
B)​Service Level Agreement (SLA)
C)​Memorandum of Understanding (MOU)
D)​Interconnection Security Agreement (ISA)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
A penetration test where some limited information has been provided to the tester.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
​A computer typically located in an area with limited security and loaded with software and data files that appear to be authentic, but are actually imitations of real data files, to trick attackers into revealing their attack techniques.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
In a __________ test, the tester has no prior knowledge of the network infrastructure that is being tested.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is being written in what option below?

A)black box
B)code review
C)white box
D)scanner
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Match the following terms to the appropriate definitions.
a. asset
b. cyberterrorism
c. hactivist
d. exploit kit
e. computer spy
f. risk
g. threat
h. threat agent
i. vulnerability
j. threat vector
The start-up relationship agreement between parties.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Discuss one type of asset that an organization might have.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
List and describe the elements that make up a security posture.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
List two types of hardening techniques.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
When a security hardware device fails or a program aborts, which state should it go into?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Discuss the purpose of OVAL.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
List and describe the three categories that TCP/IP divides port numbers into.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
List and describe two common uses for a protocol analyzer.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Describe a penetration testing report.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
List four things that a vulnerability scanner can do.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Describe the purpose of a honeypot.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree