The Quality Assurance team is testing a new third party developed application. The Quality team does not have any experience with the application. Which of the
following is the team performing?

Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a
large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?

Which of the following is an example of a false positive?

Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?

A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to
affect the business on a day-to-day basis?

Which of the following tests a number of security controls in the least invasive manner?

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to
crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the
company want performed?

Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the
following should Jane perform?

A security administrator wants to perform routine tests on the network during working hours when certain applications are being accessed by the most people.
Which of the following would allow the security administrator to test the lack of security controls for those applications with the least impact to the system?

Which of the following BEST represents the goal of a vulnerability assessment?