CompTIA Security+ Training Kit: Vulnerability Assessment and Management
- 9/15/2013
Chapter review
Test your knowledge of the information in Chapter 7 by answering these questions. The answers to these questions, and the explanations of why each answer choice is correct or incorrect, are located in the “Answers” section at the end of this chapter.
A security tool that is designed to allow attackers to attack a simulated system and thatgathers information about the attackers’ tools and techniques is known as what?
A vulnerability detection system
A port scanner
A darknet
A honeypot
What type of vulnerability review focuses on how systems are put together?
A penetration test
A vulnerability scan
A design or architecture review
A code review
The potential that a threat will exploit vulnerabilities is known as what?
A risk
A vulnerability
A threat
An exploit
The equation to calculate risk is:
Risk = Likelihood × Vulnerability
Risk = Impact × Vulnerability
Risk = Vulnerabilities × Threats
Risk = Likelihood × Impact
What type of penetration test provides partial visibility into the details of the environment to the testers?
Red box
White box
Gray box
Black box
What type of testing would you perform to identify services and accessible ports via a network?
A port scan
A penetration test
A vulnerability scan
A ping sweep