Security Assessment and Testing QUESTION 6 Which of the following is true of a v

Question

Security Assessment and Testing

QUESTION 6

Which of the following is true of a vulnerability assessment?

Ideally the assessment is fully automated with no human involvement.

The aim is to identify as many vulnerabilities as possible.

It is not concerned with the effects of the assessment on other systems.

It is a predictive test aimed at assessing the future performance of a system.

3.85 points   

QUESTION 7

Security event logs can best be protected from tampering by which one of the following?

Storing the event logs on DVD-RW

Ensuring every user has administrative rights on their own workstations

Encrypting the contents using asymmetric key encryption

Using remote logging over simplex communications media

3.85 points   

QUESTION 8

Which of the following is true of management reviews?

They are focused on assessing the management of the information systems.

They happen periodically and include results of audits as a key input.

They are normally conducted by mid-level managers, but their reports are presented to the key business leaders.

They happen in an ad hoc manner as the needs of the organization dictate.

3.85 points   

QUESTION 9

Why would an organization need to periodically test disaster recovery and business continuity plans if they’ve already been shown to work?

Environmental changes may render them ineffective over time.

To appease senior leadership.

It has low confidence in the abilities of the testers.

Resources may not be available in the future to test again.

3.85 points   

QUESTION 10

Internal audits are the preferred approach when which of the following is true?

The budget for security testing is limited or nonexistent.

The organization lacks the organic expertise to conduct them.

There is concern over the spillage of proprietary or confidential information.

Regulatory requirements dictate the use of a third-party auditor.

3.85 points   

QUESTION 11

All of the following are steps in the security audit process except which one?

Determine the scope.

Document the results.

Convene a management review.

Involve the right business unit leaders.

Ideally the assessment is fully automated with no human involvement.

The aim is to identify as many vulnerabilities as possible.

It is not concerned with the effects of the assessment on other systems.

It is a predictive test aimed at assessing the future performance of a system.

Explanation / Answer

QUESTION 6 : Answer b: The aim is to identify as many vulnerabilities as possible.
QUESTION 7 : Answer c: Encrypting the contents using asymmetric key encryption.
QUESTION 8 : Answer b: They happen periodically and include results of audits as a key input.
QUESTION 9 : Answer a: Environmental changes may render them ineffective over time
QUESTION 10: Answer c: There is concern over the spillage of proprietary or confidential information.
QUESTION 11: Answer d: Involve the right business unit leaders.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.