FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 12: Information Security Maintenance

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 51

True/False

Review LaterAdd Note

Review Later

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. _________________________

Correct Answer

verified

Show Answer

Question 52

Short Answer

Review LaterAdd Note

Review Later

The ____________________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's public network.

Correct Answer

verified

Show Answer

Question 53

True/False

Review LaterAdd Note

The process of identifying and documenting specific and provable flaws in the organization's information asset environment is called vulnerability assessment (VA). _________________________

The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed.

An affidavit is sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place.

A chain of custody is the detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court. ___________

Digital forensics helps an organization understand what happened, and how, after an incident.

A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.

Why should agencies monitor the status of their programs

The best method of remediation in most cases is to repair a vulnerability. _________________________

Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites.

The internal vulnerability assessment is usually performed against every device that is exposed to the Internet, using every possible penetration testing approach. _________________________

A(n) war game puts a subset of plans in place to create a realistic test environment. _________________________

The __________ mailing list includes announcements and discussion of a leading open-source IDPS.

The final process in the vulnerability assessment and remediation domain is the exit phase. _________________________

The primary objective of the planning and ____________________ domain is to keep a lookout over the entire information security program.

CM assists in streamlining change management processes and prevents changes that could detrimentally affect the security posture of a system before they happen. _________________________

In digital forensics, all investigations follow the same basic methodology once permission for search and seizure has been obtained. Which of the following is NOT one of the elements of that process  

A performance ____________________ is an expected level of performance against which all subsequent levels of performance are compared.

__________ is used to respond to network change requests and network architectural design proposals.