Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Answer Review Questions

  1. For which of the following penetration tests does the testing team know an attack is coming but have limited knowledge of the network systems and devices and only publicly available information?

    1. Target test

    2. Physical test

    3. Blind test

    4. Double-blind test

  2. Which of the following is NOT a guideline according to NIST SP 800-92?

    1. Organizations should establish policies and procedures for log management.

    2. Organizations should create and maintain a log management infrastructure.

    3. Organizations should prioritize log management appropriately throughout the organization.

    4. Choose auditors with security experience.

  3. According to NIST SP 800-92, which of the following are facets of log management infrastructure? (Choose all that apply.)

    1. General functions (log parsing, event filtering, and event aggregation)

    2. Storage (log rotation, log archival, log reduction, log conversion, log normalization, log file integrity checking)

    3. Log analysis (event correlation, log viewing, log reporting)

    4. Log disposal (log clearing)

  4. What are the two ways of collecting logs using security information and event management (SIEM) products, according to NIST SP 800-92?

    1. Passive and active

    2. Agentless and agent-based

    3. Push and pull

    4. Throughput and rate

  5. Which monitoring method captures and analyzes every transaction of every application or website user?

    1. RUM

    2. Synthetic transaction monitoring

    3. Code review and testing

    4. Misuse case testing

  6. Which type of testing is also known as negative testing?

    1. RUM

    2. Synthetic transaction monitoring

    3. Code review and testing

    4. Misuse case testing

  7. What is the first step of the information security continuous monitoring (ISCM) plan, according to NIST SP 800-137?

    1. Establish an ISCM program.

    2. Define the ISCM strategy.

    3. Implement an ISCM program.

    4. Analyze the data collected.

  8. What is the second step of the information security continuous monitoring (ISCM) plan, according to NIST SP 800-137?

    1. Establish an ISCM program.

    2. Define the ISCM strategy.

    3. Implement an ISCM program.

    4. Analyze the data collected.

  9. Which of the following is NOT a guideline for internal, external, and third-party audits?

    1. Choose auditors with security experience.

    2. Involve business unit managers early in the process.

    3. At minimum, perform bi-annual audits to establish a security baseline.

    4. Ensure that the audit covers all systems and all policies and procedures.

  10. Which SOC report should be shared with the general public?

    1. SOC 1, Type 1

    2. SOC 1, Type 2

    3. SOC 2

    4. SOC 3

  11. Which of the following is the last step in performing a penetration test?

    1. Document the results of the penetration test and report the findings to management, with suggestions for remedial action.

    2. Gather information about attack methods against the target system or device.

    3. Document information about the target system or device.

    4. Execute attacks against the target system or device to gain user and privileged access.

  12. In which of the following does the testing team have zero knowledge of the organization’s network?

    1. Gray-box testing

    2. Black-box testing

    3. White-box testing

    4. Physical testing

  13. Which of the following is defined as a dynamic testing tool that provides input to the software to test the software’s limits and discover flaws?

    1. Interface testing

    2. Static testing

    3. Test coverage analysis

    4. Fuzz testing

  14. Which factors should security professionals follow when performing security testing? (Choose all that apply.)

    1. Changes that could affect the performance

    2. System risk

    3. Information sensitivity level

    4. Likelihood of technical failure or misconfiguration

  15. Which of the following can a hacker use to identify common vulnerabilities in an operating system running on a host or server?

    1. Operating system fingerprinting

    2. Network discovery scan

    3. Key performance and risk indicators

    4. Third-party audits

  • + Share This
  • 🔖 Save To Your Account