Vulnerability Management Chapter 7 Questions with 100% Correct Answers

Charles, a security analyst, needs to check his network for vulnerabilities. He wants a scan that interacts with network nodes and repairs security issues found. Which kind of scanning BEST describes Charles' requirements? Active scanning Internal assessment Host-based assessment Passive scanning Correct Answer Active scanning An active scanner transmits packets to network nodes to determine exposed ports and independently repair security flaws. A company is considering the purchase of a new application. During the evaluation period, a security analyst wants to make sure that all areas of the app are secure, especially input controls. Which assessment BEST meets these requirements? Application-level assessment Passive assessment Host-based assessment Wireless network assessment Correct Answer Application-level assessment Application-level assessments allow you to scrutinize completed applications when the source code is unknown. Every application area can be examined for input controls and data processing. John's company just purchased a new application for which they do not have the source code. Which of the following BEST describes the type of assessment John should use on this application? Application-level assessment Host-based assessment Passive assessment Wireless network assessment Correct Answer Application-level assessment Application-level assessments scrutinize completed applications when the source code is unknown. Mary, a security analyst, is tasked with vulnerability research as part of her company's vulnerability assessment. She discovered that their website is vulnerable to cross-site scripting. Which vulnerability type BEST describes what Mary has found? Design flaw Misconfigurations Buffer overflow