1. "Security Updates" for software (e.g., Microsoft Windows operating systems, Adobe Flash Player, etc.) and firmware (e.g., firmware in a home use, consumer 'Wi-Fi Router') are designed to patch (fix) vulnerabilities.
a. True
b. False
2. A company is the victim of a cyber attack in which a previously unknown vulnerability in a webserver is exploited. Which statement is true?
a. The company that was attacked will immediately find information on the vulnerability in the National Vulnerability Database (NVD).
b. This attack is known as a "Zero Day Attack."
c. Previously unknown vulnerabilities always have high CVSS scores.
d. All of the above.
3. A systems administrator installs a software update that removes a vulnerability in a database server. This is known as vulnerability _______________.
a. Repudiation
b. Elevation
c. Propagation
d. Mitigation
4. The Common Vulnerability Scoring System version 3 (CVSS v.3) is composed of the following group(s) of metrics:
a. Base Metric Group
b. Temporal Metric Group
c. Environmental Metric Group
d. All of the above
5. The __________ group represents the intrinsic characteristics of a vulnerability that are constant over time and across user environments.
a. Base Metric
b. Environmental Metric
c. Temporal Metric
d. User Metric
1) a. True
Explanation: Yes, if these vulnerablity gets exposed they
are patched.
2) d. All of the above.
It is ZERO DAY because the admin does not have any previous history
or days . Its a new vulnerablity that is exposed
Previously unknown means it will be sever so it has high CVSS
score
3)
d. Mitigation
Explanation: Mitigation means removal and
providing a workaround to solve a problem
4) d. All of the above
Explanation: Yes, if these vulnerablity gets exposed they
are patched.
5(a) a. Base Metric
Explanation: Yes, if these vulnerablity gets exposed they
are patched.
Thanks, PLEASE COMMENT if there is any concern.
Get Answers For Free
Most questions answered within 1 hours.