CYBERSECURITY VULNERABILITY ASSESSMENT AND
THREAT MANAGEMENT EXAM
Answers are in bold
1.Which of the following statements accurately describes characteristics
of active and passive scanning?
Passive scanning is less intrusive to parts of a network that may not always
be available. -----
Active scanning may increase the risk of endpoint malfunction.
Active scanning uses enumeration whereas passive scanning uses
mapping.
Passive scanning sends out less transmissions than active scanning.
2. Which of the following are true statements regarding vulnerability
scans and penetration testing?
, It is best if the person running a vulnerability scan has the mindset of a
threat actor.
A vulnerability scan is an offensive assessment that probes the system for
weaknesses. Incorrect Answer
Pen tests can be of the physical and integrated variety and not just of
the IT variety.
Ultimately both a vulnerability scan and a penetration test will provide
similar results.
3.A high-tech company collects data gathered from their bug bounty
initiative. The company then uses the data as input into a vulnerability
scanner. Why would they do this? Select two. This one is correct Omit
To ensure the vulnerability scanner itself does not have vulnerabilities.
Because the company has a responsible disclosure program.
To test the effectiveness of the vulnerability scanner.
To search for weaknesses in the company's defenses.
THREAT MANAGEMENT EXAM
Answers are in bold
1.Which of the following statements accurately describes characteristics
of active and passive scanning?
Passive scanning is less intrusive to parts of a network that may not always
be available. -----
Active scanning may increase the risk of endpoint malfunction.
Active scanning uses enumeration whereas passive scanning uses
mapping.
Passive scanning sends out less transmissions than active scanning.
2. Which of the following are true statements regarding vulnerability
scans and penetration testing?
, It is best if the person running a vulnerability scan has the mindset of a
threat actor.
A vulnerability scan is an offensive assessment that probes the system for
weaknesses. Incorrect Answer
Pen tests can be of the physical and integrated variety and not just of
the IT variety.
Ultimately both a vulnerability scan and a penetration test will provide
similar results.
3.A high-tech company collects data gathered from their bug bounty
initiative. The company then uses the data as input into a vulnerability
scanner. Why would they do this? Select two. This one is correct Omit
To ensure the vulnerability scanner itself does not have vulnerabilities.
Because the company has a responsible disclosure program.
To test the effectiveness of the vulnerability scanner.
To search for weaknesses in the company's defenses.
