100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
C795- Cybersecurity Management II (Tactical) Exam Practice Questions and Answers $12.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. Prep Tests
  4.  
  5. Prep Tests

Exam (elaborations)

C795- Cybersecurity Management II (Tactical) Exam Practice Questions and Answers
 1 view  0 purchase
  • Course
  • Prep Tests
  • Institution
  • Prep Tests

C795- Cybersecurity Management II (Tactical) Exam Practice Questions and Answers What is a vulnerability? - ANSWER-a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. What is a penetratio...

[Show more]

Preview 3 out of 18  pages

Document information

  • November 3, 2024
  • 18
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • c795 cybersecurity management ii tactical exam

Written for

  • Prep Tests
  • Prep Tests

Seller

avatar-seller
KaylinHoffman

Content preview

Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024




C795- Cybersecurity Management II

(Tactical) Exam Practice Questions and

Answers


What is a vulnerability? - ANSWER✔✔-a weakness in an information system, system security procedures,

internal controls, or implementation that could be exploited or triggered by a threat source.


What is a penetration test? - ANSWER✔✔-a simulated cyber attack against your systems or company


What are the typical steps for a vulnerability test? - ANSWER✔✔-Identify asset classification list, identify

vulnerabilities, test assets against vulnerabilities, and recommend solutions to either eliminate or

mitigate vulnerabilities


What is the first thing an organization should do before defining security requirements? - ANSWER✔✔-

To define security requirements, first an organization must define its risk appetite.


What is defense in depth? - ANSWER✔✔-defense-in-depth principle; it is by adding relevant layer of

controls (e.g., access control, encryption, and monitoring) that the expected level of protection is

achieved.


What are COTS applications? - ANSWER✔✔-Applications developed by vendors and installed on the

organization's information systems. These applications are usually purchased outright by organizations

with usage based on licensing agreements.




Copyright ©Stuvia International BV 2010-2024 Page 1/18

,Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024


What are SaaS applications? - ANSWER✔✔-Applications developed by service providers or vendors and

installed on the provider or vendor information system. Organizations typically have an on-demand or

pay-per-usage metrics.


What is the goal of a security test? - ANSWER✔✔-Verify that a control is functioning properly.


What is a security assessment? - ANSWER✔✔-A comprehensive reviews of the security of a system,

application, or other tested environment


What is the NIST SP 800-53A? - ANSWER✔✔-The National Institute for Standards and Technology (NIST)

offers a special publication that describes best practices in conducting security and privacy assessments.


What is COBIT? - ANSWER✔✔-the Control Objectives for Information and related Technologies describes

the common requirements that organizations should have in place surrounding their information

systems.


What does ISO 27001 describe? - ANSWER✔✔-A standard approach for setting up an information

security management system


What does ISO 27002 describe? - ANSWER✔✔-It details specifics of information security controls


What does a vulnerability scan do? - ANSWER✔✔-automatically probe systems, applications, and

networks, looking for weaknesses that may be exploited by an attacker.


What are the four main categories of vulnerability scans? - ANSWER✔✔-Network discovery scans,

network vulnerability scans, web application vulnerability scans, and database vulnerability scans


What is NMAP? - ANSWER✔✔-The most common tool used for network discovery scanning




Copyright ©Stuvia International BV 2010-2024 Page 2/18

, Copyright © KAYLIN 2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED FIRST PUBLISH NOVEMBER, 2024


What does a network vulnerability scanner do? - ANSWER✔✔-Probe a targeted system or network for

the presence of known vulnerabilities.


What is a false positive? - ANSWER✔✔-The scanner may not have enough information to conclusively

determine that a vulnerability exists and it reports a vulnerability when there really is no problem.


What is a false negative? - ANSWER✔✔-When the vulnerability scanner misses a vulnerability and fails to

alert the administrator to the presence of it


T/F - By default, network vulnerability scanners run unauthenticated scans. - ANSWER✔✔-True


One way to improve the accuracy of the scanning and reduce false positive and false negative reports is

to perform what kind of scans? - ANSWER✔✔-authenticated scans


What is sqlmap? - ANSWER✔✔-A commonly used open-source database vulnerability scanner that

allows security administrators to probe web applications for database vulnerabilities


What is Metasploit? - ANSWER✔✔-a tool to automatically execute exploits against targeted systems


What is a white box penetration test? - ANSWER✔✔-Provides the attackers with detailed information

about the systems they target. This bypasses many of the reconnaissance steps that normally precede

attacks, shortening the time of the attack and increasing the likelihood that it will find security flaws.


What is a gray box penetration test? - ANSWER✔✔-Also known as partial knowledge tests, these are

sometimes chosen to balance the advantages and disadvantages of white and black box penetration

tests.




Copyright ©Stuvia International BV 2010-2024 Page 3/18

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller KaylinHoffman. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

83100 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart