Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
A. Design reviews
B. Baseline reporting
C. Vulnerability scan
D. Code review
CompTIA exam questions
Which of the following would a security administrator implement in order to discover comprehensive security threats on a network?
A. Design reviews
B. Baseline reporting
C. Vulnerability scan
D. Code review
Which of the following BEST represents the goal of a vulnerability assessment?
A. To test how a system reacts to known threats
B. To reduce the likelihood of exploitation
C. To determine the system’s security posture
D. To analyze risk mitigation strategies
Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?
A. Vulnerability scanning
B. SQL injection
C. Penetration testing
D. Antivirus update
Peter, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations?
A. Vulnerabilities
B. Risk
C. Likelihood
D. Threats
Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?
A. Protocol analyzer
B. Baseline report
C. Risk assessment
D. Vulnerability scan
An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?
A. Vulnerability scan
B. Risk assessment
C. Virus scan
D. Network sniffer
A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place?
A. NIDS
B. CCTV
C. Firewall
D. NIPS
One of the findings of risk assessment is that many of the servers on the data center subnet contain data that is in scope for PCI compliance, Everyone in the company has access to these servers, regardless of their job function. Which of the following should the administrator do?
A. Segment the network
B. Use 802.1X
C. Deploy a proxy sever
D. Configure ACLs
E. Write an acceptable use policy
A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people. Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?
A. Penetration test
B. Vulnerability scan
C. Load testing
D. Port scanner