CompTIA Cybersecurity Analyst (CySA+) - Module 2: Vulnerability Management Questions And Answers With Complete Solution

CompTIA Cybersecurity Analyst (CySA+) - Module 2: Vulnerability Management All parts of a security policy should be public knowledge. True False - False What reasons might a company forgo scanning a critical system? Too much time Confidentiality Backups already exist Costs too much - Too much time & Costs too much What is the factor that determines scanning frequency characterized by an accepted amount of risk? Technical Constraints Risk Acceptance Risk Appetite Regulatory Requirements - Risk Appetite An assessment scan is used to discover assets. True False - False What type of test gives the best perspective of an outsider threat? Non-Credentialed Scan Passive Scan Agent-Based Scan Credentialed Scan - Non-Credentialed Scan What should be considered when prioritizing vulnerabilities to be fixed? Where it is How critical it is Time to fix Which scanner was used - How critical it is & Time to fix What is a factor considered when categorizing a change to a system? Scope Size Sensitivity Level Risk - Risk What could inhibit a change from being implemented? Cost Complexity Approval All of the Above - All of the Above An Agent-Based Scan has a lesser impact on a network vs Sever-based. True False - True Which scan effects network traffic the least? Non-Credentialed Scan Agent-Based Scan Passive Scan Server-Based Scan - Passive Scan Which one of these is legally binding? MOU SLA ATWA MTTR - SLA