Chapter 15

Question 1

The goal of what type of threat evaluation is to better understand who the attackers are, why they
attack, and what types of attacks might occur?

Answer 1

Threat modeling

Question 2

What is the name of the process that takes a snapshot of the current security of an organization?

Answer 2

vulnerability appraisal

Question 3

Which item below is an imaginary line by which an element is measured or compared, and can be seen
as the standard?

Answer 3

Baseline

Question 4

The comparison of the present state of a system to its baseline is known as what?

Answer 4

Baseline reporting

Question 5

In order to minimize vulnerabilities in software, code should be subject to and analyzed while it is
being written in what option below?

Answer 5

code review

Question 6

What is the name for the code that can be executed by unauthorized users within a software product?

Answer 6

attack surface

Question 7

During a vulnerability assessment, what type of software can be used to search a system for port
vulnerabilities?

Answer 7

Port scanner

Question 8

A port in what state below implies that an application or service assigned to that port is listening for
any instructions?

Answer 8

Open

Question 9

An administrator running a port scan wants to ensure that no processes are listening on port 23. What
state should the port be in?

Answer 9

Closed port

Question 10

An administrator needs to view packets and decode and analyze their contents. What type of
application should the administrator use?

Answer 10

protocol analyzer

Question 11

Which is the term for a computer typically located in an area with limited security and loaded with
software and data files that appear to be authentic, yet they are actually imitations of real data files?

Answer 11

Honeypot

Question 12

What is the term for a network set up with intentional vulnerabilities?

Answer 12

Honeynet

Question 13

What is another term used for a security weakness?

Answer 13

vulnerability

Question 14

Which scan examines the current security, in a passive method?

Answer 14

vulnerability scan

Question 15

What is the end result of a penetration test?

Answer 15

penetration test report

Question 16

Which tester has an in-depth knowledge of the network and systems being tested, including network
diagrams, IP addresses, and even the source code of custom applications?

Answer 16

white box

Question 17

A service contract between a vendor and a client that specifies what services will be provided, the
responsibilities of each party, and any guarantees of service, is known as a:

Answer 17

Service Level Agreement (SLA)

Question 18

What term below describes a prearranged purchase or sale agreement between a government agency
and a business?

Answer 18

Blanket Purchase Agreement (BPA)

Question 19

What security goal do the following common controls address: hashing, digital signatures,
certificates, nonrepudiation tools?

Answer 19

Integrity

Question 20

What term below describes the start-up relationship between partners?

Answer 20

On-boarding