Feedback
Home
You may like this!
36.
Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded their point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?
  • A.
    Immediately
  • B.
    June
  • C.
    December
  • D.
    No scans are required
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
PCI DSS requires that organizations conduct vulnerability scans quarterly, which would have Bethany’s next regularly scheduled scan scheduled for June. However, the standard also requires scanning after any significant change in the payment card environment. This would include an upgrade to the pointof- sale system, so Bethany must complete a new compliance scan immediately.
Report
Name Email  
37.
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?
  • A.
    Domain administrator
  • B.
    Local administrator/li>
  • C.
    Local administrator
  • D.
    Read-only
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
Credentialed scans only require read-only access to target servers. Renee should follow the principle of least privilege and limit the access available to the scanner.
Report
Name Email  
38.
Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?
  • A.
    CVSS
  • B.
    CVE
  • C.
    CPE
  • D.
    OVAL
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
Common Product Enumeration (CPE) is an SCAP component that provides standardized nomenclature for product names and versions.
Report
Name Email  
39.
Bill would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?
  • A.
    Any employee of the organization
  • B.
    An approved scanning vendor
  • C.
    A PCI DSS service provider
  • D.
    Any qualified individual
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
Internal scans completed for PCI DSS compliance purposes may be conducted by any qualified individual.
Report
Name Email  
40.
Which type of organization is the most likely to face a regulatory requirement to conduct vulnerability scans?
  • A.
    Bank
  • B.
    Hospital
  • C.
    Government agency
  • D.
    Doctor’s office
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
The Federal Information Security Management Act (FISMA) requires that government agencies conduct vulnerability scans. HIPAA, which governs hospitals and doctors’ offices, does not include a vulnerability scanning requirement, nor does GLBA, which covers financial institutions.
Report
Name Email  
 
  © 2024 infibee.com. All Rights Reserved.   Copyright | Privacy Policy | Sitemap  
Contact us on : info@infibee.com  
 
 
Share   Facebook   Twitter   Google +   Digg