A network-based vulnerability assessment is a type of test also referred to as:

Which of the following is a not a preventative control?

Which of the following is the act of performing tests and evaluations to test a system’s security level to see if it
complies with the design specifications and security requirements?

Which of the following would be the best reason for separating the test and development environments?

What is the most effective means of determining that controls are functioning properly within an operating
system?

Which of the following are required for Life-Cycle Assurance?

Which of the following would provide the BEST stress testing environment taking under consideration and
avoiding possible data exposure and leaks of sensitive data?

You are a security consultant who is required to perform penetration testing on a client’s network. During
penetration testing, you are required to use a compromised system to attack other systems on the network to
avoid network restrictions like firewalls.
Which method would you use in this scenario:

Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation
process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to
certify a product or system.

Which of the following statements pertaining to ethical hacking is NOT true?