Question 14

www.exploit-db.com is "the ultimate archive of exploits andvulnerable software. A great resource for penetration testers,vulnerability researchers, and security addicts alike."

What category of security relevant data would you categorizethis resource as and why? What value does it provide to a networkdefender?

Question 15

Successfully defending or attacking a target network,application, or device can often require a good deal of technicalskill and experience. Why and how does malware and tools such asMetasploit upset this balance? Consider both please.

Question 16

"Flow-down" of security requirements to subcontractors orthird-parties is often considered an important part of a reasonableand appropriate information security program.

Question 17

Which type of document sets overall direction for an informationsecurity program? (Actively manage risk, consider compliance andregulatory requirements, layered compensating controls, etc.)

Policy

Process

Strategy

Guideline