Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 6: Analyzing Vulnerability Scans and Identifying Common Vulnerabilities

Full screen (f)
exit full mode
Question
Carl is a new cybersecurity analyst. His manager has just asked him to implement a vulnerability scanner that uses the CVSS. Which of the following best describes why he would want to use it?

A) The cybersecurity virtual scanning software will help protect the company's virtual machine infrastructure from attacks specific to virtualized and hypervisor-based technologies.
B) The computerized vector scanning system will determine which attack vectors are most vulnerable to the threat of malicious threat actors who can exploit weaknesses in the company's infrastructure.
C) The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for.
D) The central vulnerability scanning service will allow the company to easily automate scans from a centralized system rather than have to install components on individual servers and systems.
Use Space or
up arrow
down arrow
to flip the card.
Question
Simone, a cybersecurity researcher, has just finished the analysis and documentation of a new vulnerability she discovered in a widely used product. In addition to contacting the manufacturer of the software, she also believes it is necessary to make a plug-in available so common vulnerability scanners can pick up the vulnerability in their scans. Which of the following would be helpful for her to know in order to meet this goal?

A) NASL
B) ACL
C) TLS
D) NIDS
Question
Piet is analyzing the report generated by a Nessus scan and sees two types of scores in the Risk Information section. One of the scores represents the intrinsic qualities of the vulnerability when it was first discovered. Which of the following scores represents these intrinsic qualities?

A) CVSS original score
B) CVSS base score
C) CVSS temporal score
D) CVSS environmental score
Question
Faranoush is examining the CVSS Base Score Exploitability Metrics to better understand the information she sees in her report. Which of the following reflects the ability of a vulnerability in one software component to impact other resources?

A) Scope
B) Attack vector
C) User interaction
D) Attack complexity
Question
Cosmo is reviewing a recent Nessus scan report and sees a number of items that have recently had compensating controls implemented for them. Which of the following terms might describe these items in the report?

A) Unvoided transaction
B) Uncaught exception
C) Error handling
D) False positive
Question
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following?

A) VPR
B) VPC
C) VSP
D) VCR
Question
Ramon, a cybersecurity analyst, is aware of the regulatory requirements that his organization must meet. He needs to make sure that best practices are meeting the goals of these regulatory requirements. Which of the following might he decide to employ as part of a vulnerability scan?

A) Plug-ins
B) CVSS temporal scoring
C) CVSS base scoring
D) Scanning template
Question
Kallie, a cybersecurity analyst, has just returned from a cybersecurity conference where she learned about the Nessus vulnerability scanner. She wants to try it at her company, but her software budget has already been spent for the fiscal year. Which of the following versions should she consider installing?

A) Nessus Basic
B) Nessus Manager
C) Nessus Essentials
D) Nessus Agent
Question
Alaa wants to update her Nessus installation to ensure that she is scanning for all recently discovered vulnerabilities. Which of the following does she need to download?

A) Modules
B) Plug-ins
C) Service packs
D) Hotfixes
Question
Darien last ran a vulnerability scan a year ago. Which of the following could he expect to have changed if he ran the scan again today?

A) Vulnerability ID of previously found items
B) CVSS base score
C) CVSS temporal score
D) Published date
Question
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information?

A) Scope
B) Attack vector
C) Attack complexity
D) User interaction
Question
Morwenna wants to install Nessus for a trial run on her company's infrastructure. Which of the following is the default method of installation?

A) HTTPS
B) FTPS
C) SFTP
D) SCP
Question
Dimitri wants to install Nessus on the systems within his network, but is concerned that Nessus may not be compatible with certain types of devices in his company. Which of the following is Nessus not compatible with?

A) Linux
B) UNIX
C) Windows
D) macOS
E) None of the above. It is compatible with all of these options.
Question
Valeria, a cybersecurity manager, wants to start using a vulnerability scanner at the large global organization where she works. Which of the following might be the best fit for this organization?

A) Nessus Essentials
B) Nessus Manager
C) Nessus Professional
D) Nessus Global
Question
Gabriel is trying to understand the metrics behind the scores that Nessus uses. He asks you which of the metrics is based on the attacker having to gather more information about the target before the vulnerability can be exploited. Which of the following identifies the metric he described?

A) Scope
B) Privileges required
C) Attack vector
D) Attack complexity
Question
Franco, a cybersecurity analyst, has just received a report that a piece of malware has been detected on a user's system. The user downloaded a solitaire game that had pictures of cats on the back of the cards, and he just couldn't resist. After examining the computer and network traffic, Franco finds that the game has been allowing an intruder to connect to the computer and execute commands on the system as well as send files to a remote server. Which of the following has Franco found?

A) Worm
B) Trojan
C) RAT
D) Ransomware
Question
Petronilla, a cybersecurity researcher, has just received a call from a client who reports that someone has redirected multiple A record entries on their recursive server to an incorrect IP address. Which of the following has occurred?

A) DNS poisoning
B) DNS manipulation
C) Authoritative DNS modification
D) ARP manipulation
Question
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone?

A) Rooting
B) Jailbreaking
C) Clapping
D) Raking
Question
Suki wants to analyze all of the traffic being sent to and from a group of 10 computers that are all connected to the same networking device. He decides to install a sniffing device that will capture packets and then enable port mirroring on the networking device to send copies of the traffic to the sniffing device. Which of the following networking devices is he most likely using?

A) Bridge
B) Switch
C) Router
D) Load balancer
Question
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server?

A) Bridge
B) Switch
C) Router
D) Load balancer
Question
Sarita is a network engineer for a growing organization. Her company plans to open branch offices and connect them in a secure manner to the headquarters building via the Internet. Which of the following should Sarita implement?

A) Load balancer
B) SCADA
C) VPN
D) ICS
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/21
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 6: Analyzing Vulnerability Scans and Identifying Common Vulnerabilities
1
Carl is a new cybersecurity analyst. His manager has just asked him to implement a vulnerability scanner that uses the CVSS. Which of the following best describes why he would want to use it?

A) The cybersecurity virtual scanning software will help protect the company's virtual machine infrastructure from attacks specific to virtualized and hypervisor-based technologies.
B) The computerized vector scanning system will determine which attack vectors are most vulnerable to the threat of malicious threat actors who can exploit weaknesses in the company's infrastructure.
C) The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for.
D) The central vulnerability scanning service will allow the company to easily automate scans from a centralized system rather than have to install components on individual servers and systems.
The Common Vulnerability Scoring System will allow the organization to prioritize which vulnerabilities it should mitigate first or implement compensating controls for.
2
Simone, a cybersecurity researcher, has just finished the analysis and documentation of a new vulnerability she discovered in a widely used product. In addition to contacting the manufacturer of the software, she also believes it is necessary to make a plug-in available so common vulnerability scanners can pick up the vulnerability in their scans. Which of the following would be helpful for her to know in order to meet this goal?

A) NASL
B) ACL
C) TLS
D) NIDS
NASL
3
Piet is analyzing the report generated by a Nessus scan and sees two types of scores in the Risk Information section. One of the scores represents the intrinsic qualities of the vulnerability when it was first discovered. Which of the following scores represents these intrinsic qualities?

A) CVSS original score
B) CVSS base score
C) CVSS temporal score
D) CVSS environmental score
CVSS base score
4
Faranoush is examining the CVSS Base Score Exploitability Metrics to better understand the information she sees in her report. Which of the following reflects the ability of a vulnerability in one software component to impact other resources?

A) Scope
B) Attack vector
C) User interaction
D) Attack complexity
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
5
Cosmo is reviewing a recent Nessus scan report and sees a number of items that have recently had compensating controls implemented for them. Which of the following terms might describe these items in the report?

A) Unvoided transaction
B) Uncaught exception
C) Error handling
D) False positive
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
6
Phillida, a cybersecurity analyst, is comparing vulnerability scanning products for potential use in her organization. She reads that Nessus uses a combination of machine learning and threat intelligence to produce which of the following?

A) VPR
B) VPC
C) VSP
D) VCR
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
7
Ramon, a cybersecurity analyst, is aware of the regulatory requirements that his organization must meet. He needs to make sure that best practices are meeting the goals of these regulatory requirements. Which of the following might he decide to employ as part of a vulnerability scan?

A) Plug-ins
B) CVSS temporal scoring
C) CVSS base scoring
D) Scanning template
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
8
Kallie, a cybersecurity analyst, has just returned from a cybersecurity conference where she learned about the Nessus vulnerability scanner. She wants to try it at her company, but her software budget has already been spent for the fiscal year. Which of the following versions should she consider installing?

A) Nessus Basic
B) Nessus Manager
C) Nessus Essentials
D) Nessus Agent
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
9
Alaa wants to update her Nessus installation to ensure that she is scanning for all recently discovered vulnerabilities. Which of the following does she need to download?

A) Modules
B) Plug-ins
C) Service packs
D) Hotfixes
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
10
Darien last ran a vulnerability scan a year ago. Which of the following could he expect to have changed if he ran the scan again today?

A) Vulnerability ID of previously found items
B) CVSS base score
C) CVSS temporal score
D) Published date
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
11
Nephele is looking at the vulnerabilities found in her organization. She wants to figure out which ones must be present or addressed from the local network compared to the ones that must be addressed either from an adjacent network or other network. Which of the following metrics covers this information?

A) Scope
B) Attack vector
C) Attack complexity
D) User interaction
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
12
Morwenna wants to install Nessus for a trial run on her company's infrastructure. Which of the following is the default method of installation?

A) HTTPS
B) FTPS
C) SFTP
D) SCP
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
13
Dimitri wants to install Nessus on the systems within his network, but is concerned that Nessus may not be compatible with certain types of devices in his company. Which of the following is Nessus not compatible with?

A) Linux
B) UNIX
C) Windows
D) macOS
E) None of the above. It is compatible with all of these options.
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
14
Valeria, a cybersecurity manager, wants to start using a vulnerability scanner at the large global organization where she works. Which of the following might be the best fit for this organization?

A) Nessus Essentials
B) Nessus Manager
C) Nessus Professional
D) Nessus Global
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
15
Gabriel is trying to understand the metrics behind the scores that Nessus uses. He asks you which of the metrics is based on the attacker having to gather more information about the target before the vulnerability can be exploited. Which of the following identifies the metric he described?

A) Scope
B) Privileges required
C) Attack vector
D) Attack complexity
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
16
Franco, a cybersecurity analyst, has just received a report that a piece of malware has been detected on a user's system. The user downloaded a solitaire game that had pictures of cats on the back of the cards, and he just couldn't resist. After examining the computer and network traffic, Franco finds that the game has been allowing an intruder to connect to the computer and execute commands on the system as well as send files to a remote server. Which of the following has Franco found?

A) Worm
B) Trojan
C) RAT
D) Ransomware
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
17
Petronilla, a cybersecurity researcher, has just received a call from a client who reports that someone has redirected multiple A record entries on their recursive server to an incorrect IP address. Which of the following has occurred?

A) DNS poisoning
B) DNS manipulation
C) Authoritative DNS modification
D) ARP manipulation
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
18
Nik, a cybersecurity analyst, has been asked to examine an employee's iPhone that is exhibiting strange behavior. After looking through the phone, he finds that the user apparently has been able to upload third-party apps that are not in the App Store. Which of the following has most likely occurred with this phone?

A) Rooting
B) Jailbreaking
C) Clapping
D) Raking
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
19
Suki wants to analyze all of the traffic being sent to and from a group of 10 computers that are all connected to the same networking device. He decides to install a sniffing device that will capture packets and then enable port mirroring on the networking device to send copies of the traffic to the sniffing device. Which of the following networking devices is he most likely using?

A) Bridge
B) Switch
C) Router
D) Load balancer
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
20
Jupiter is a systems administrator for a growing company. Until recently, one web server has been enough to handle the traffic load for her organization. However, she knows that if something happens to this server, the website could go down for an undetermined amount of time. She is considering moving the website to a cloud configuration, but she knows that if the server failed in the cloud, it would be a single point of failure. Which of the following might she want to implement in addition to a secondary web server?

A) Bridge
B) Switch
C) Router
D) Load balancer
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
21
Sarita is a network engineer for a growing organization. Her company plans to open branch offices and connect them in a secure manner to the headquarters building via the Internet. Which of the following should Sarita implement?

A) Load balancer
B) SCADA
C) VPN
D) ICS
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 21 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree