ASYC DOM2.2 XEBYS Professional Development Quiz

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Raphael discovered during a vulnerability scan that an administrative interface to one of his

storage systems was inadvertently exposed to the Internet. He is reviewing firewall logs and

would like to determine whether any access attempts came from external sources. Which

one of the following IP addresses reflects an external source?

10.15.1.100

12.8.1.100

172.16.1.100

192.168.1.100

Answer explanation

1. B. Any addresses in the 10.x.x.x, 172.16.x.x, and 192.168.x.x ranges are private IP addresses that are not routable over the Internet. Therefore, of the addresses listed, only

12.8.1.100 could originate outside the local network.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Nick is configuring vulnerability scans for his network using a third-party

vulnerability scanning service. He is attempting to scan a web server that he knows exposes a CIFS file

share and contains several significant vulnerabilities. However, the scan results only show

ports 80 and 443 as open. What is the most likely cause of these scan results?

The CIFS file share is running on port 443.

A firewall configuration is preventing the scan from succeeding.

The scanner configuration is preventing the scan from succeeding.

The CIFS file share is running on port 80.

Answer explanation

1. B. The most likely issue here is that there is a network firewall between the server and the third-party scanning service. This firewall is blocking inbound connections to the web server and preventing the external scan from succeeding. CIFS generally runs on port 445, not port 80 or 443. Those ports are commonly associated with web services. The scanner is not likely misconfigured because it is successfully detecting other ports on the server. Nick should either alter the firewall rules to allow the scan to succeed or, preferably, place a scanner on a network in closer proximity to the web server.

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Thomas learned this morning of a critical security flaw that affects a major service used by

his organization and requires immediate patching. This flaw was the subject of news reports

and is being actively exploited. Thomas has a patch and informed stakeholders of the issue

and received permission to apply the patch during business hours. How should he handle

the change management process?

Thomas should apply the patch and then follow up with an emergency change request

after work is complete.

Thomas should initiate a standard change request but apply the patch before waiting

for approval.

Thomas should work through the standard change approval process and wait until it

is complete to apply the patch.

Thomas should file an emergency change request and wait until it is approved to apply

the patch.

Answer explanation

1. A. Change management processes should always include an emergency change procedure. This procedure should allow applying emergency security patches without working through the standard change process. Thomas has already secured stakeholder approval on an informal basis, so he should proceed with the patch and then file a change request after

the work is complete. Taking the time to file the change request before completing the work would expose the organization to a critical security flaw during the time required to complete the paperwork.

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

After running a vulnerability scan of systems in his organization’s development shop,

Mike discovers the issue shown here on several systems. What is the best solution to this

vulnerability?

Apply the required security patches to this framework.

Remove this framework from the affected systems.

Upgrade the operating system of the affected systems.

No action is necessary.

Answer explanation

1. B. The vulnerability description indicates that this software has reached its end-of-life (EOL) and, therefore, is no longer supported by Microsoft. Mike’s best solution is to remove this version of the framework from the affected systems. No patches will be avail- able for future vulnerabilities. There is no indication from this result that the systems require operating system upgrades. Mike should definitely take action because of the critical severity (5 on a five-point scale) of this vulnerability.

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Tran is preparing to conduct vulnerability scans against a set of workstations in his organization.

He is particularly concerned about system configuration settings. Which one of the

following scan types will give him the best results?

Unauthenticated scan

Credentialed scan

External scan

Internal scan

Answer explanation

1. B. Credentialed scans are able to log on to the target system and directly retrieve configu- ration information, providing the most accurate results of the scans listed. Unauthenticated scans must rely on external indications of configuration settings, which are not as accurate. The network location of the scanner (external versus internal) will not have a direct impact on the scanner’s ability to read configuration information.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Brian is configuring a vulnerability scan of all servers in his organization’s datacenter. He

is configuring the scan to detect only the highest-severity

vulnerabilities. He would like to

empower system administrators to correct issues on their servers but also have some insight

into the status of those remediations. Which approach would best serve Brian’s interests?

Give the administrators access to view the scans in the vulnerability scanning system.

Send email alerts to administrators when the scans detect a new vulnerability on their

servers.

Configure the vulnerability scanner to open a trouble ticket when they detect a new

vulnerability on a server.

Configure the scanner to send reports to Brian who can notify administrators and

track them in a spreadsheet.

Answer explanation

1. C. The best path for Brian to follow would be to leverage the organization’s existing trouble ticket system. Administrators likely already use this system on a regular basis, and it can handle reporting and escalation of issues. Brian might want to give administrators access to the scanner and/or have emailed reports sent automatically as well, but those will not pro- vide the tracking that he desires.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Xiu Ying is configuring a new vulnerability scanner for use in her organization’s datacenter.

Which one of the following values is considered a best practice for the scanner’s update

frequency?

Daily

Weekly

Monthly

Quarterly

Answer explanation

1. A. Vulnerability scanners should be updated as often as possible to allow the scanner to retrieve new vulnerability signatures as soon as they are released. Xiu Ying should choose daily updates.

8.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Ben’s manager recently assigned him to begin the remediation work on the most vulnerable

server in his organization. A portion of the scan report appears here. What remediation

action should Ben take first?

Install patches for Adobe Flash.

Install patches for Firefox.

Run Windows Update.

Remove obsolete software.

Answer explanation

1. C. Ben is facing a difficult challenge and should likely perform all of the actions described in this question. However, the best starting point would be to run Windows Update to install operating system patches. Many of the critical vulnerabilities relate to missing Win- dows patches. The other actions may also resolve critical issues, but they all involve soft- ware that a user must run on the server before they can be exploited. This makes them slightly lower priorities than the Windows flaws that may be remotely exploitable with no user action.

9.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Zhang Wei completed a vulnerability scan of his organization’s virtualization platform from

an external host and discovered the vulnerability shown here. How should he react?

This is a critical issue that requires immediate adjustment of firewall rules.

This issue has a very low severity and does not require remediation.

This issue should be corrected as time permits.

This is a critical issue, and Zhang Wei should shut down the platform until it is

corrected.

Answer explanation

1. A. Although the vulnerability scan report does indicate that this is a low-severity vulner- ability, Zhang Wei must take this information in context. The management interface of a virtualization platform should never be exposed to external hosts, and it also should not use unencrypted credentials. In that context, this is a critical vulnerability that could allow an attacker to take control of a large portion of the computing environment. He should work with security and network engineers to block this activity at the firewall as soon as possible. Shutting down the virtualization platform is not a good alternative because it would be extremely disruptive, and the firewall adjustment is equally effective from a security point of view.

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Elliott runs a vulnerability scan of one of the servers belonging to his organization and finds

the results shown here. Which one of these statements is not correct?

This server requires one or more Linux patches.

This server requires one or more Oracle database patches.

This server requires one or more Firefox patches.

This server requires one or more MySQL patches.

Answer explanation

1. A. The server described in this report requires multiple Red Hat Linux and Firefox patches to correct serious security issues. One of those Red Hat updates also affects the MySQL database service. Although there are Oracle patches listed on this report, they relate to Oracle Java, not an Oracle database.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other