chap 12 quiz.docx - Question 1 1 out of 1 points Remediation of vulnerabilities can be accomplished by accepting or transferring the risk removing the

chap 12 quiz.docx - Question 1 1 out of 1 points...

This preview shows page 1 - 4 out of 29 pages.

Question 1 1 out of 1 points Remediation of vulnerabilities can be accomplished by accepting or transferring the risk, removing the threat, or repairing the vulnerability. Selected Answer: True Answers: True Fals e Question 2 1 out of 1 points To evaluate the performance of a security system, administrators must establish system performance __________. Selected Answer: b. baselines Answers: a. means b. baselines c. maxima d. profiles Question 3 1 out of 1 points The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed. Selected Answer: Fals e Answers: True Fals e Question 4 0 out of 1 points Tracking compliance involves assessing the status of the program as indicated by the database information and mapping it to goals established by the agency. _________________________ Selected Answer: True Answers: True Fals e Question 5 1 out of 1 points The internal vulnerability assessment is usually performed against every device that is exposed to the Internet, using every possible penetration testing approach.
Image of page 1
_________________________ Selected Answer: Fals e Answers: True Fals e Question 6 1 out of 1 points __________ are a component of the security triple. Selected Answer: d. All of the above Answers: a. Threats b. Assets c. Vulnerabilities d. All of the above Question 7 1 out of 1 points Threats cannot be removed without requiring a repair of the vulnerability. Selected Answer: Fals e Answers: True Fals e Question 8 1 out of 1 points Specific routine bulletins are issued when developing threats and specific attacks pose a measurable risk to the organization. _________________________ Selected Answer: Fals e Answers: True Fals e Question 9 1 out of 1 points In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process? Selected Answer: d. Determine whether to "apprehend and prosecute." Answers: a.
Image of page 2
Analyze the data without risking modification or unauthorized access. b. Report the findings to the proper authority. c. Identify relevant EM. d. Determine whether to "apprehend and prosecute." Question 10 1 out of 1 points An effective information security governance program requires constant change . _________________________ Selected Answer: Fals e Answers: True Fals e Question 1 1 out of 1 points The NIST SP 800-100 Information Security Handbook provides technical guidance for the establishment and implementation of an information security program. _________________________ Selected Answer: Fals e Answers: True Fals e Question 2 1 out of 1 points Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed.
Image of page 3
Image of page 4

You've reached the end of your free preview.

Want to read all 29 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes