Question
Security Assessment and Testing QUESTION 6 Which of the following is true of a vulnerability assessment? a. Ideally the assessment is fully automated with no
Security Assessment and Testing
QUESTION 6
Which of the following is true of a vulnerability assessment?
a. | Ideally the assessment is fully automated with no human involvement. | |
b. | The aim is to identify as many vulnerabilities as possible. | |
c. | It is not concerned with the effects of the assessment on other systems. | |
d. | It is a predictive test aimed at assessing the future performance of a system. |
3.85 points
QUESTION 7
Security event logs can best be protected from tampering by which one of the following?
a. | Storing the event logs on DVD-RW | |
b. | Ensuring every user has administrative rights on their own workstations | |
c. | Encrypting the contents using asymmetric key encryption | |
d. | Using remote logging over simplex communications media |
3.85 points
QUESTION 8
Which of the following is true of management reviews?
a. | They are focused on assessing the management of the information systems. | |
b. | They happen periodically and include results of audits as a key input. | |
c. | They are normally conducted by mid-level managers, but their reports are presented to the key business leaders. | |
d. | They happen in an ad hoc manner as the needs of the organization dictate. |
3.85 points
QUESTION 9
Why would an organization need to periodically test disaster recovery and business continuity plans if theyve already been shown to work?
a. | Environmental changes may render them ineffective over time. | |
b. | To appease senior leadership. | |
c. | It has low confidence in the abilities of the testers. | |
d. | Resources may not be available in the future to test again. |
3.85 points
QUESTION 10
Internal audits are the preferred approach when which of the following is true?
a. | The budget for security testing is limited or nonexistent. | |
b. | The organization lacks the organic expertise to conduct them. | |
c. | There is concern over the spillage of proprietary or confidential information. | |
d. | Regulatory requirements dictate the use of a third-party auditor. |
3.85 points
QUESTION 11
All of the following are steps in the security audit process except which one?
a. | Determine the scope. | |
b. | Document the results. | |
c. | Convene a management review. | |
d. | Involve the right business unit leaders. |
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started