Ramon should first ask for an asset inventory. Which of the following statements is correct?

An asset inventory will allow Ramon to ensure that all of the systems within the company's infrastructure have been sufficiently secured.

A service-level agreement defines the amount of time that a service should be available to users.

An operational-level agreement defines how an application or service will be supported.

The scope of a vulnerability scanner is a list of the target devices to be included in a vulnerability scan. Which of the following options correctly defines this scope?

Scope of a vulnerability scanner

Gerard is responsible for managing a web server that hosts his company's e-commerce site. It has recently been targeted in an attack, but the forensic process has turned up very little information as to the method used by the attacker or even where the attack might have been coming from. Which of the following might be the reason why?

Insufficient monitoring and logging practices

A race condition currently exists on the web server.

An insecure object reference was used as part of the web application URL.

The web server software had a bug that caused it to dereference the pointer for data stored in memory.

Tiger has been tasked with modifying the httpd.conf file on one of the web servers his company uses. He connects via Telnet and successfully modifies the file and then restarts the web service. Which of the following could be a concern in the described scenario?

The server has a weak configuration for remote connections.

The web application on the server may be vulnerable to XSS attacks.

The server may be vulnerable to XML injection attacks.

The server may be vulnerable to SQL injection attacks.

Which statement is correct regarding the root user on a Linux server?

Correct. The root user is the highest level account on a Linux server and should be secured with extremely strong passwords and prevented from establishing remote connections via SSH. It is preferred for administrators to connect with their user accounts and then use the su or sudo commands to gain root access only when necessary.

Incorrect. The root user should be allowed to establish remote connections directly.

Incorrect. Users should be connecting to the server with remote connections over SSH using strong passwords. If they need root access they should then use su or sudo to accomplish whatever task necessary.

Incorrect. On a Linux server, there may be an account for Administrator, but the scenario does not give us this information. The user with unlimited permissions is the root account, which should be protected as best as possible and disallowed from establishing remote connections directly.

CySA Module 3 - Vulnerability Management

Authored by Jose Manuel Rios

Information Technology (IT)

9th Grade

CySA Module 3 - Vulnerability Management

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

18 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Kendra has a very limited budget but has three critical servers that she needs to secure against data breaches within her company's infrastructure. She knows that she won't be able to protect the entire network, but she has started searching for a solution to secure the most critical assets. Which of the following options would she most likely choose?

UTM appliance

NIPS

Proxy server

HIPS

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Talia has just been hired as the first security employee at an organization. Until this point, security has been everyone's responsibility, but she knows that the IT staff have different skill sets and may not be aware of certain weaknesses within various platforms. Which of the following tools might Talia use to help her determine the state of the existing infrastructure?

NIDS

Vulnerability scanner

OS fingerprinting

Syslog

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Cheyenne is concerned about a recent news story that global data breaches are on the rise. She believes that she has installed the latest detection software on all of the servers she is responsible for, but she knows that security requires a layered approach. Which of the following might she also decide to implement?

Proxy server

Spam filter

HIPS

NIPS

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A network intrusion prevention system provides protection from data breaches at the network level. A NIPS looks at traffic before it gets to the hosts rather than examining it once the data arrives.

Incorrect

Correct

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A group of doctor's offices have decided to merge into one organization. As part of the migration, the cybersecurity team is responsible for determining how systems from the different offices will be able to share information with each other until they can be formally combined into a single system. Which of the following does the cybersecurity team need to keep in mind throughout the merger as they perform the necessary tasks of combining systems that are specific to the medical field?

FISMA

PCI DSS

MOMA

HIPAA

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Kiah, a cybersecurity analyst for the government, is setting up a new Linux server and needs to configure the data classification labels to be used for the new application. Which of the following are valid labels for U.S. government systems?

Public, secret, top secret

Sensitive but unclassified, classified, secret

Confidential, secret, top secret

Classified, secret, top secret

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Ramon has been hired as a consultant for a large corporation to validate its existing security controls. Which of the following would most likely be one of the first pieces of data he requests?

Risk matrix

Asset inventory

Service-level agreement

Operational-level agreement

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

Ulangan Harian 1

Quiz

•

9th Grade - University

20 questions

Quiz Sistem Komputer

Quiz

•

9th Grade

15 questions

Recap Handout 3 & 4

Quiz

•

6th Grade - University

15 questions

KEAMANAN DATA

Quiz

•

9th - 12th Grade

20 questions

Quiz Roblox Studio 2

Quiz

•

4th Grade - University

15 questions

Table,Image formatting

Quiz

•

5th Grade - University

15 questions

✅ True or False Quiz: Logic Gates

Quiz

•

9th Grade

20 questions

ARDU TEST

Quiz

•

9th Grade - University

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

10 questions

Exploring Valentine's Day with Charlie Brown

Interactive video

•

6th - 10th Grade

18 questions

Valentines Day Trivia

Quiz

•

3rd Grade - University

20 questions

El Verbo IR Practice

Quiz

•

9th Grade

10 questions

Valentine's Day History and Traditions

Interactive video

•

6th - 10th Grade

20 questions

Graphing Inequalities on a Number Line

Quiz

•

6th - 9th Grade

20 questions

Exponent Properties

Quiz

•

9th Grade

21 questions

Presidents Day Trivia

Quiz

•

6th - 12th Grade

10 questions

Valentine's Day: History and Modern Celebration

Interactive video

•

9th - 12th Grade

CySA Module 3 - Vulnerability Management

A network intrusion prevention system provides protection from data breaches at the network level. A NIPS looks at traffic before it gets to the hosts rather than examining it once the data arrives.

Kiah, a cybersecurity analyst for the government, is setting up a new Linux server and needs to configure the data classification labels to be used for the new application. Which of the following are valid labels for U.S. government systems?

Ramon has been hired as a consultant for a large corporation to validate its existing security controls. Which of the following would most likely be one of the first pieces of data he requests?

Ramon should first ask for an asset inventory. Which of the following statements is correct?

Nadia, a cybersecurity analyst, has installed a vulnerability scanning application called Nessus that uses modular updates she can download and install as needed. Which of the following terms may be used to describe these updates?

Loide is a cybersecurity analyst and is looking for a vulnerability scanner that will pull updates from a web-based feed so that it constantly has the latest information about new vulnerabilities as they're discovered. Which of the following might be a good source of data for the scanner?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)