7.2.5 - Vulnerability Management Life Cycle (Practice Questions)
Penetration
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing?
Hackers have time on their side, and there will always be new threats to security.
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand?
Risk assessment
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in?
Inference-based
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern?
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Which of the following best describes the verification phase of the vulnerability management life cycle?
The remediation phase
Which of the following phases of the vulnerability management life cycle implements patches, hardening, and correction of weaknesses?
Service-based
Which of the following solutions creates the risk that a hacker might gain access to the system?
Define the effectiveness of the current security policies and procedures.
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do?