Which of the following risks is MOST likely to affect the business on a day-to-day basis?
A company is looking to improve their security posture by addressing risks uncovered by a recent
penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day
basis?
Which of the following is BEST utilized to identify common misconfigurations throughout the enterprise?
Which of the following is BEST utilized to identify common misconfigurations throughout the
enterprise?
Which of the following is an example of a false positive?
Which of the following is an example of a false positive?
Which of the following should Joe recommend to remediate these issues?
Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans
across the network. He notices that the scanner is returning a large amount of false positives or
failed audits. Which of the following should Joe recommend to remediate these issues?
Which of the following is the team performing?
The Quality Assurance team is testing a new third party developed application. The Quality team
does not have any experience with the application. Which of the following is the team performing?
A process in which the functionality of an application is tested without any knowledge of the internal mechani
A process in which the functionality of an application is tested without any knowledge of the
internal mechanisms of the application is known as:
which of the following types of testing?
The security consultant is assigned to test a client’s new software for security, after logs show
targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to
the application program interfaces, code, or data structures. This is an example of which of the
following types of testing?
what the security company might do during a black box test?
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security
company has been hired to perform a penetration test against his network. The security company
asks Matt which type of testing would be most beneficial for him. Which of the following BEST
describes what the security company might do during a black box test?
which of the following types of testing?
A quality assurance analyst is reviewing a new software product for security, and has complete
access to the code and data structures used by the developers. This is an example of which of the
following types of testing?
Which of the following reviews should Jane conduct?
Pete, a developer, writes an application. Jane, the security analyst, knows some things about the
overall application but does not have all the details. Jane needs to review the software before it is
released to production. Which of the following reviews should Jane conduct?