Chapter 12 Quiz
All of these
Common vulnerability assessment processes include:
True
For configuration management (CM) and control, it is important to document the proposed or actual changes in the system security plan. _________________________
True
Inventory characteristics for hardware and software assets that record the manufacturer and versions are related to technical functionality, and should be highly accurate and updated each time there is a change.
difference analysis
One approach that can improve the situational awareness of the information security function is to use a process known as __________ to quickly identify changes to the internal environment.
True
Rehearsal adds value by exercising the procedures, identifying shortcomings, and providing security personnel the opportunity to improve the security plan before it is needed.
Packet Storm
The __________ commercial site focuses on current security tool resources.
scope
The __________ is a statement of the boundaries of the RA.
IRP
The optimum approach for escalation is based on a thorough integration of the monitoring process into the __________.
False
Threats cannot be removed without requiring a repair of the vulnerability.
Network connectivity RA
__________ is used to respond to network change requests and network architectural design proposals.
False
A management model such as ISO 27000 deals with methods to maintain systems.
Bugtraq
A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
traffic analysis
A process called __________ examines the traffic that flows through a system and its associated devices to identify the most frequently used devices.
scanning
A step commonly used for Internet vulnerability assessment includes __________, which occurs when the penetration test engine is unleashed at the scheduled time using the planned target list and test selection.
configuration
A(n) __________ item is a hardware or software item that is to be modified and revised throughout its life cycle.