Feedback
Home
You may like this!
41.
What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries?
  • A.
    Low
  • B.
    Moderate
  • C.
    High
  • D.
    Severe
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
Control enhancement number 4 requires that an organization determine what information about the system is discoverable by adversaries. This enhancement only applies to FISMA high systems.
Report
Name Email  
42.
What term describes an organization’s willingness to tolerate risk in their computing environment?
  • A.
    Risk landscape
  • B.
    Risk appetite
  • C.
    Risk level
  • D.
    Risk adaptation
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
The organization’s risk appetite is its willingness to tolerate risk within the environment. If an organization is extremely risk averse, it may choose to conduct scans more frequently to minimize the amount of time between when a vulnerability comes into existence and when it is detected by a scan.
Report
Name Email  
43.
Which one of the following factors is least likely to impact vulnerability scanning schedules?
  • A.
    Regulatory requirements
  • B.
    Technical constraints
  • C.
    Business constraints
  • D.
    Staff availability
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
Scan schedules are most often determined by the organization’s risk appetite, regulatory requirements, technical constraints, business constraints, and licensing limitations. Most scans are automated and do not require staff availability.
Report
Name Email  
44.
Barry placed all of his organization’s credit card processing systems on an isolated network dedicated to card processing. He has implemented appropriate segmentation controls to limit the scope of PCI DSS to those systems through the use of VLANs and firewalls. When Barry goes to conduct vulnerability scans for PCI DSS compliance purposes, what systems must he scan?
  • A.
    Customer systems
  • B.
    Systems on the isolated network
  • C.
    Systems on the general enterprise network
  • D.
    Both B and C
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
If Barry is able to limit the scope of his PCI DSS compliance efforts to the isolated network, then that is the only network that must be scanned for PCI DSS compliance purposes.
Report
Name Email  
45.
Ryan is planning to conduct a vulnerability scan of a business critical system using dangerous plug-ins. What would be the best approach for the initial scan?
  • A.
    Run the scan against production systems to achieve the most realistic results possible.
  • B.
    Run the scan during business hours.
  • C.
    Run the scan in a test environment.
  • D.
    Do not run the scan to avoid disrupting the business.
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
Ryan should first run his scan against a test environment to identify likely vulnerabilities and assess whether the scan itself might disrupt business activities.
Report
Name Email  
 
  © 2024 infibee.com. All Rights Reserved.   Copyright | Privacy Policy | Sitemap  
Contact us on : info@infibee.com  
 
 
Share   Facebook   Twitter   Google +   Digg