Chapter 6: Designing a Vulnerability Management Program
Professional Development
•20 Qs
Similar activities
Andres Weekly 0412
Professional Development
•18 Qs
คอมเทีย เพนเทสพลัส บทที่ 2
Professional Development
•20 Qs
Cybersecurity and IT Infrastructure Quiz
Professional Development
•20 Qs
Chapter 5: Reconnaissance and Intelligence Gathering
Professional Development
•20 Qs
CompTIA CySA+ Flash Cards (OpenVAS-ZTNA)
Professional Development
•20 Qs
2Week VirtualTraining on Cyber Security for Women Govt Officials
Professional Development
•20 Qs
Junior Cyber Security - Keamanan Informasi
Professional Development
•20 Qs
Quizz JPT
Professional Development
•15 Qs
Chapter 6: Designing a Vulnerability Management Program
Quiz
•
Information Technology (IT)
•
Professional Development
•
Practice Problem
•
Medium
Adrian Velazquez
Used 1+ times
FREE Resource
Enhance your content in a minute
20 questions
Show all answers
1.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
What federal law requires the use of vulnerability scanning on information systems operated by federal government agencies?
HIPAA
GLBA
FISMA
FERPA
Answer explanation
The Federal Information Security Management Act (FISMA) requires that federal agencies implement vulnerability management programs for federal information systems. The Health Insurance Portability and Accountability Act (HIPAA) regulates the ways that healthcare providers, insurance companies, and their business associates handle protected health (PHI) information. Similarly, the Gramm–Leach–Bliley Act (GLBA) governs how financial institutions handle customer financial records. The Family Educational Rights and Privacy Act (FERPA), which is not covered in this chapter or on the CySA+ exam, allows parents to access their children's educational records.
2.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Which one of the following industry standards describes a standard approach for setting up an information security management system?
OWASP
CIS
ISO 27002
ISO 27001
Answer explanation
ISO 27001 describes a standard approach for setting up an information security management system, while ISO 27002 goes into more detail on the specifics of information security controls. The Open Web Application Security Project (OWASP) provides advice and tools focused on web application security. The Center for Internet Security (CIS) produces a set of configuration benchmarks used to securely configure operating systems, applications, and devices.
3.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
What tool can administrators use to help identify the systems present on a network prior to conducting vulnerability scans?
Asset inventory
Web application assessment
Router
DLP
Answer explanation
An asset inventory supplements automated tools with other information to detect systems present on a network. The asset inventory provides critical information for vulnerability scans.
4.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?
Daily
Weekly
Monthly
Quarterly
Answer explanation
D. PCI DSS requires that organizations conduct vulnerability scans on at least a quarterly basis, although many organizations choose to conduct scans on a much more frequent basis.
D. PCI DSS requires that organizations conduct vulnerability scans on at least a quarterly basis, although many organizations choose to conduct scans on a much more frequent basis.
5.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Which one of the following is not an example of a vulnerability scanning tool?
Nikto
Snort
Nessus
OpenVAS
Answer explanation
Nessus and OpenVAS are network vulnerability scanning tools, while Nikto is a web application vulnerability scanner. Snort is an intrusion detection system.
6.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded their point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?
Immediately.
June.
December.
No scans are required.
Answer explanation
PCI DSS requires that organizations conduct vulnerability scans quarterly, which would have Bethany's next regularly scheduled scan scheduled for June. However, the standard also requires scanning after any significant change in the payment card environment. This would include an upgrade to the point-of-sale system, so Bethany must complete a new compliance scan immediately.
7.
MULTIPLE CHOICE QUESTION
1 min • 1 pt
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?
Domain administrator
Local administrator
Root
Read-only
Answer explanation
Credentialed scans only require read-only access to target servers. Renee should follow the principle of least privilege and limit the access available to the scanner.
Create a free account and access millions of resources
Create resources
Host any resource
Get auto-graded reports
Continue with Google
Continue with Email
Continue with Classlink
Continue with Clever
or continue with
Microsoft
%20(1).png)
Apple
Others
Already have an account?
Similar Resources on Wayground
Popular Resources on Wayground
5 questions
This is not a...winter edition (Drawing game)
Quiz
•
1st - 5th Grade
15 questions
4:3 Model Multiplication of Decimals by Whole Numbers
Quiz
•
5th Grade
25 questions
Multiplication Facts
Quiz
•
5th Grade
10 questions
The Best Christmas Pageant Ever Chapters 1 & 2
Quiz
•
4th Grade
12 questions
Unit 4 Review Day
Quiz
•
3rd Grade
10 questions
Identify Iconic Christmas Movie Scenes
Interactive video
•
6th - 10th Grade
20 questions
Christmas Trivia
Quiz
•
6th - 8th Grade
18 questions
Kids Christmas Trivia
Quiz
•
KG - 5th Grade
