into a DMZ. Which one of the following vulnerability scans is least likely to provide informative results?Web application vulnerability scanDatabase vulnerability scanPort scanNetwork vulnerability scan187 Ken recently received the vulnerability report shown here that affects a file server used by his organization. What is the primary nature of the risk introduced by this vulnerability?ConfidentialityIntegrityAvailabilityNonrepudiation
188 Aadesh is creating a vulnerability management program for his company. He has limited scanning resources and would like to apply them to different systems based on the sensitivity and criticality of the information that they handle. What criteria should Aadesh use to determine the vulnerability scanning frequency?Data remanenceData privacyData classificationData privacy
189 Tom recently read a media report about a ransomware outbreak that was spreading rapidly across the Internet by exploiting a zero-day vulnerability in Microsoft Windows. As part of a comprehensive response, he would like to include a control that would allow his organization to effectively recover from a ransomware infection. Which one of the following controls would best achieve Tom's objective?Security patchingHost firewallsBackupsIntrusion prevention systems
190 Kaitlyn discovered the vulnerability shown here on a workstation in her organization. Which one of the following is not an acceptable method for remediating this vulnerability?Upgrade WinRARUpgrade WindowsRemove WinRARReplace WinRAR with an alternate compression utility
191 Brent ran a vulnerability scan of several network infrastructure devices on his network and obtained the result shown here. What is the extent of the impact that an attacker could have by exploiting this vulnerability directly?Denial of serviceTheft of sensitive informationNetwork eavesdroppingReconnaissance
192 Yashvir runs the cybersecurity vulnerability management program for his organization. He sends a database administrator a report of a missing database patch that corrects a high severity security issue. The DBA writes back to Yashvir that he has applied the patch. Yashvir reruns the scan, and it still reports the same vulnerability. What should he do next?Mark the vulnerability as a false positive.Ask the DBA to recheck the database.Mark the vulnerability as an exception.Escalate the issue to the DBA's manager.
193 Manya is reviewing the results of a vulnerability scan and identifies the issue shown here in one of her systems. She consults with developers who check the code and assure her that it is not vulnerable to SQL injection attacks. An independent auditor confirms this for Manya. What is the most likely scenario?This is a false positive report.The developers are wrong, and the vulnerability exists.The scanner is malfunctioning.The database server is misconfigured.
194 Erik is reviewing the results of a vulnerability scan and comes across the vulnerability report shown here. Which one of the following services is least likely to be affected by this vulnerability?HTTPSHTTPSSHVPNUse the following scenario to answer questions 195–196.Larry recently discovered a critical vulnerability in one of his organization's database servers during a routine vulnerability scan. When he showed the report to a database administrator, the administrator responded that they had corrected the vulnerability by using a vendor-supplied workaround because upgrading the database would disrupt an important process. Larry verified that the workaround is in place and corrects the vulnerability.
195 How should Larry respond to this situation?Mark the report as a false positive.Insist that the administrator apply the vendor patch.Mark the report as an exception.Require that the administrator submit a report describing the workaround after each vulnerability scan.
196 What is the most likely cause of this report?The vulnerability scanner requires an update.The vulnerability scanner depends on version detection.The database administrator incorrectly applied the workaround.Larry misconfigured the scan.
197 Mila ran a vulnerability scan of a server in her organization and found the vulnerability shown here. What is the use of the service affected by this vulnerability?Web serverDatabase serverEmail serverDirectory server
198 Margot discovered that a server in her organization has a SQL injection vulnerability. She would like to investigate whether attackers have attempted to exploit this vulnerability. Which one of the following data sources is least likely to provide helpful information? NetFlow logsWeb server logsDatabase logsIDS logs
199 Krista is reviewing a vulnerability scan report and comes across the vulnerability shown here. She comes from a Linux background and is not as familiar with Windows administration. She is not familiar with the runas command mentioned in this vulnerability. What is the closest Linux equivalent command?sudogrepsups
200 After scanning a web application for possible vulnerabilities, Barry received the result shown here. Which one of the following best describes the threat posed by this vulnerability?An attacker can eavesdrop on authentication exchanges.An attacker can cause a denial-of-service attack on the web application.An attacker can disrupt the encryption mechanism used by this server.An attacker can edit the application code running on this server.
201 Javier ran a vulnerability scan of a network device used by his organization and discovered the vulnerability shown here. What type of attack would this vulnerability enable?Denial of serviceInformation theftInformation alterationReconnaissance
202 Akari scans a Windows server in her organization and finds that it has multiple critical vulnerabilities, detailed in the report shown here. What action can Akari take that will have the most significant impact on these issues without creating a long-term outage?Configure the host firewall to block inbound connections.Apply security patches.Disable the guest account on the server.Configure the server to only use secure ciphers.
203 Ben is preparing to conduct a vulnerability scan for a new client of his security consulting organization. Which one of the following steps should Ben perform first?Conduct penetration testing.Run a vulnerability evaluation scan.Run a discovery scan.Obtain permission for the scans.
204 Katherine coordinates the remediation of security vulnerabilities in her organization and is attempting to work with a system engineer on the patching of a server to correct a moderate impact vulnerability. The engineer is refusing to patch the server because of the potential interruption to a critical business process that runs on the server. What would be the most reasonable course of action for Katherine to take?Schedule the patching to occur during a regular maintenance cycle.Exempt the server from patching because of the critical business impact.Demand that the server be patched immediately to correct the vulnerability.Inform the engineer that if he does not apply the patch within a week that Katherine will file a complaint with his manager.
205 During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability?Remove JRE from workstations.Upgrade JRE to the most recent version.Block inbound connections on port 80 using the host firewall.Use a web content filtering system to scan for malicious traffic.
206 Grace ran a vulnerability scan and detected an urgent vulnerability in a public-facing web server. This vulnerability is easily exploitable and could result in the complete compromise of the server. Grace wants to follow best practices regarding change control while also mitigating this threat as quickly as possible. What would be Grace's best course of action?Initiate a high-priority change through her organization's change management process and wait for the change to be approved.Implement a fix immediately and document the change after the fact.Schedule a change for the next quarterly patch cycle.Initiate a standard change through her organization's change management process.
207 Doug is preparing an RFP for a vulnerability scanner for his organization. He needs to know the number of systems on his network to help determine the scanner requirements. Which one of the following would not be an easy way to obtain this information?ARP tablesAsset management toolDiscovery scanResults of scans recently run by a consultant
