Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TestOut Ethical Hacker Pro > 7.3.3 Practice Questions > Flashcards

7.3.3 Practice Questions Flashcards

1
Q

Which of the following are the three metrics used to determine a CVSS score?

answer

Base, temporal, and environmental

Risk, temporal, and severity

Base, change, and environmental

Risk, change, and severity

A

Base, temporal, and environmental

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?

answer

NVD

CWE

CVE

CVSS

A

NVD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Listen to exam instructions
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?

answer

NVD

CVE

CISA

CWE

A

CWE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers?

answer

CAPEC

CVE

CISA

CWE

A

CAPEC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The list of cybersecurity resources below are provided by which of the following government sites?

Information exchange
Training and exercises
Risk and vulnerability assessments
Data synthesis and analysis
Operational planning and coordination
Watch operations
Incident response and recovery
answer

CISA

CVE

CAPEC

CWE

A

CISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?

answer

A community-developed list of common software security weaknesses.

A list of standardized identifiers for known software vulnerabilities and exposures.

A mailing list that often shows the newest vulnerabilities before other sources.

A list searchable by mechanisms of attack or domains of attack.

A

A mailing list that often shows the newest vulnerabilities before other sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Listen to exam instructions
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use?

answer

CAPEC

CVSS

CVE

CISA

A

CVSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TestOut Ethical Hacker Pro (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions