weak encryption.Nessus and Retina are vulnerability scanners. While vulnerability scanners check for default userNessus and Retina are vulnerability scanners. While vulnerability scanners check for default useraccounts and often check for accounts with blank passwords, they typically do not includeaccounts and often check for accounts with blank passwords, they typically do not includepassword cracking features to test for weak passwords. The Open Vulnerability and Assessmentpassword cracking features to test for weak passwords. The Open Vulnerability and AssessmentLanguage (OVAL) is an international standard for testing, analyzing, and reporting the securityLanguage (OVAL) is an international standard for testing, analyzing, and reporting the securityvulnerabilities of a system.vulnerabilities of a system.[All Questions SecPro2017_v6.exm VULN_ASSESS_07][All Questions SecPro2017_v6.exm VULN_ASSESS_07]Question 8:Question 8:IncorrectIncorrectWhich of the following is the single greatest threat to network security?Which of the following is the single greatest threat to network security?
Weak passwordsWeak passwordsEmployeesEmployeesInsecure physical access to network resourcesInsecure physical access to network resourcesEmail phishingEmail phishingExplanationExplanationEmployees are the single greatest threat to network security. Therefore, user education is veryEmployees are the single greatest threat to network security. Therefore, user education is veryimportant.important.••Employees need to be aware that they are the primary targets in most attacks.Employees need to be aware that they are the primary targets in most attacks.••Phishing attacks are one of the most common attacks directed toward employees.Phishing attacks are one of the most common attacks directed toward employees.••Employees should be able to identify attacks by email, instant messages, downloads, andEmployees should be able to identify attacks by email, instant messages, downloads, andwebsites.websites.••Effective password policies should be enforced, and passwords should not be written down.Effective password policies should be enforced, and passwords should not be written down.••Employees should be able to identify both internal and external threats.Employees should be able to identify both internal and external threats.••Employees need to be aware of the company's security policies.Employees need to be aware of the company's security policies.[All Questions SecPro2017_v6.exm DEF_PLAN_02][All Questions SecPro2017_v6.exm DEF_PLAN_02]Question 9:Question 9:IncorrectIncorrectAs a security professional, you need to understand your network on multiple levels. You shouldAs a security professional, you need to understand your network on multiple levels. You shouldfocus on the following areas:focus on the following areas:••Entry pointsEntry points••Inherent vulnerabilitiesInherent vulnerabilities••DocumentationDocumentation••Network baselineNetwork baselineDrag the area of focus on the left to the appropriate example on the right. (Areas of focus mayDrag the area of focus on the left to the appropriate example on the right. (Areas of focus maybe used once, more than once, or not at all.)be used once, more than once, or not at all.)IoT and SCADA devices.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 381 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Spring
Professor
N/A
Tags
Questions SecPro2017 v6 exm
