7.2 Vulnerability Management Life Cycle
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand? -The risks associated with enforcing security procedures and what threats may have been overlooked. -Hackers have time on their side, and there will always be new threats to security. -They need a plan of action to control weaknesses and harden systems. -How to define the effectiveness of the current security policies and procedures.
Hackers have time on their side, and there will always be new threats to security.
Which of the following best describes the verification phase of the vulnerability management life cycle? -Is critical to ensure that organizations have monitoring tools in place and have regularly scheduled vulnerability maintenance testing. -Protect the organization from its most vulnerable areas first and then focus on less likely and less impactful areas. -Communicate clearly to management what your findings and recommendations are for locking down the systems and patching problems. -Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in? -Risk assessment -Create a baseline -Verification -Remediation
Risk assessment
Which of the following solutions creates the risk that a hacker might gain access to the system? -Service-based -Inference-based -Product-based -Tree-based
Service-based
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses? -The verification phase -The risk assessment phase -The remediation phase -The monitoring phase
The remediation phase
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do? -Create reports that clearly identify the problem areas to present to management. -Decide the best times to test to limit the risk of having shutdowns during peak business hours. -Define the effectiveness of the current security policies and procedures. -Choose the best security assessment tools for the systems you choose to test.
Define the effectiveness of the current security policies and procedures.
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern? -Service-based -Inference-based -Product-based -Tree-based
Inference-based
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing? -Stress -Penetration -Patch level -Baseline
Penetration
