CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. On a public network, which one of the following protocols should never be used?
A) SFTP
B) HTTPS
C) SSH
D) Telnet
2. After an attack, Alan is reviewing web server logs and finds many records that contain semicolons and apostrophes from the end user in query What type of attack should he suspect?
A) SQL Injection
B) LDAP Injection
C) Buffer Overflow
D) Cross-site Scripting
3. Select the term that describes an organization-s willingness to tolerate risk in their computing environment?
A) Risk Adaptation
B) Risk Level
C) Risk Appetite
D) Risk Landscape
4. Which one of the following activities is not a part of the vulnerability management life cycle?
A) Testing
B) Reporting
C) Remediation
D) Detection
5. Which one of the following is not an example of a vulnerability scanning tool?
A) Nessus
B) OpenVAS
C) QualysGuard
D) Snort
A) SFTP
B) HTTPS
C) SSH
D) Telnet
2. After an attack, Alan is reviewing web server logs and finds many records that contain semicolons and apostrophes from the end user in query What type of attack should he suspect?
A) SQL Injection
B) LDAP Injection
C) Buffer Overflow
D) Cross-site Scripting
3. Select the term that describes an organization-s willingness to tolerate risk in their computing environment?
A) Risk Adaptation
B) Risk Level
C) Risk Appetite
D) Risk Landscape
4. Which one of the following activities is not a part of the vulnerability management life cycle?
A) Testing
B) Reporting
C) Remediation
D) Detection
5. Which one of the following is not an example of a vulnerability scanning tool?
A) Nessus
B) OpenVAS
C) QualysGuard
D) Snort
1. Right Answer: D
Explanation: Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are considered secure.
2. Right Answer: A
Explanation: A web application to gain access is used by the attacker in an SQL Injection attack to an underlying database. The characteristic of these attacks is the use of semicolons and apostrophes.
3. Right Answer: C
Explanation: The organization-s risk appetite is its willingness to tolerate risk within the environment. If an organization is extremely risk averse, it may choose to conduct scans more frequently to minimize the amount of time between when a vulnerability comes into existence and when it is detected by a scan.
4. Right Answer: B
Explanation: While reporting and communication are important parts of vulnerability management, they are not included in the life cycle. The three life-cycle phases are detection, remediation, and testing.
5. Right Answer: D
Explanation: QualysGuard, Nessus, and OpenVAS are all examples of vulnerability scanning tools. Snort is an intrusion detection system.
Explanation: Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are considered secure.
2. Right Answer: A
Explanation: A web application to gain access is used by the attacker in an SQL Injection attack to an underlying database. The characteristic of these attacks is the use of semicolons and apostrophes.
3. Right Answer: C
Explanation: The organization-s risk appetite is its willingness to tolerate risk within the environment. If an organization is extremely risk averse, it may choose to conduct scans more frequently to minimize the amount of time between when a vulnerability comes into existence and when it is detected by a scan.
4. Right Answer: B
Explanation: While reporting and communication are important parts of vulnerability management, they are not included in the life cycle. The three life-cycle phases are detection, remediation, and testing.
5. Right Answer: D
Explanation: QualysGuard, Nessus, and OpenVAS are all examples of vulnerability scanning tools. Snort is an intrusion detection system.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
