Interested to Buy Any Domain ? << Click Here >> for more details...
The difference between a vulnerability assessment and a
penetration test is that a vulnerability assessment:
A. searches and checks the infrastructure to detect
vulnerabilities, whereas penetration testing intends to
exploit the vulnerabilities to probe the damage that could
result from the vulnerabilities.
B. and penetration tests are different names for the same
activity.
C. is executed by automated tools, whereas penetration
testing is a totally manual process.
D. is executed by commercial tools, whereas penetration
testing is executed by public processes.
- 1 Answers
- 10934 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
"The objective of a vulnerability assessment is to find the
security holds in the computers and elements analyzed and
its intent is not to damage the infrastructure. The intent
of penetration testing is to imitate a hacker's activities
and determine how far they could go into the network. They
are not the same
they have different approaches. Vulnerability assessments
and penetration testing can be executed both by automated or
manual tools or processes and can be executed by commercial
or free tools."
| Is This Answer Correct ? | 14 Yes | 1 No |
Confidential data stored on a laptop is BEST protected by: A. storage on optical disks. B. logon ID and password. C. data encryption. D. physical locks.
Requiring passwords to be changed on a regular basis, assigning a new one-time password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of: A. audit objectives. B. audit procedures. C. controls objectives. D. control procedures.
To identify the value of inventory that has been kept for more than eight weeks, an IS auditor would MOST likely use: A. test data. B. statistical sampling. C. an integrated test facility. D. generalized audit software.
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.
An organization's disaster recovery plan should address early recovery of: A. all information systems processes. B. all financial processing applications. C. only those applications designated by the IS manager. D. processing in priority order, as defined by business management.
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies? A. Developments may result in hardware and software incompatibility. B. Resources may not be available when needed. C. The recovery plan cannot be tested. D. The security infrastructures in each company may be different.
What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, through card keys, locks, etc.? A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. B. The contingency plan for the organization cannot effectively test controlled access practices. C. Access cards, keys, and pads can be easily duplicated allowing easy compromise of the control. D. Removing access for people no longer authorized is complex.
During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be delayed.
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Maintenance of program change logs B. Development of a project plan identifying all development activities C. Release of application changes at specific times of the year D. User involvement in system specification and acceptance
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power? A. Power line conditioners B. A surge protective device C. An alternative power supply D. An interruptible power supply
The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the): A. enterprise. B. IT. C. audit. D. finance.
The MOST important responsibility of a data security officer in an organization is: A. recommending and monitoring data security policies. B. promoting security awareness within the organization. C. establishing procedures for IT security policies. D. administering physical and logical access controls.
Cisco Certifications 
