Which of the following assigns a number indicating the severity of a discovered software vulnerability?
Which type of scan is best able to determine if user workstations are missing any important patches?
What could a security team use the command line tool Nmap for when implementing the Inventory and Control of Hardware Assets Control?
What type of Unified Modelling Language (UML) diagram is used to show dependencies between logical groupings in a system?
A breach was discovered after several customers reported fraudulent charges on their accounts. The attacker had exported customer logins and cracked passwords that were hashed but not salted. Customers were made to reset their passwords.
Shortly after the systems were cleaned and restored to service, it was discovered that a compromised system administrator’s account was being used to give the attacker continued access to the network. Which CIS Control failed in the continued access to the network?
An organization has failed a test for compliance with a policy of continual detection and removal of malicious software on its network. Which of the following errors is the root cause?
A global corporation has major data centers in Seattle, New York, London and Tokyo. Which of the following is the correct approach from an intrusion detection and event correlation perspective?
Which approach is recommended by the CIS Controls for performing penetration tests?
Which of the following actions would best mitigate against phishing attempts such as the example below?