CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. Which of the following is a Pre-Assessment phase of Vulnerability Assessment Life-Cycle?
A) Creating Baseline
B) Vulnerability Assessment
C) Risk Assessment
D) Remediation
2. CVSS Stands for _________________.
A) Common Vulnerability Solution Service
B) Common Vulnerability Service Solution
C) Common Vulnerability Scoring System
D) Common Vulnerability System Solution
3. Vulnerability Database launched by NIST is _________________.
A) CVE
B) CVSS
C) NVD
D) Google Hacking Database
4. Which of the followings is not a Vulnerability Scanning tool?
A) Nessus
B) GFI LanGuard
C) Qualys Scan
D) Wireshark
5. Which of the followings is not an example of Non-Electronic/Non-Technical Password Attack?
A) Shoulder Surfing
B) Social Engineering
C) Dumpster Diving
D) Dictionary Attack
A) Creating Baseline
B) Vulnerability Assessment
C) Risk Assessment
D) Remediation
2. CVSS Stands for _________________.
A) Common Vulnerability Solution Service
B) Common Vulnerability Service Solution
C) Common Vulnerability Scoring System
D) Common Vulnerability System Solution
3. Vulnerability Database launched by NIST is _________________.
A) CVE
B) CVSS
C) NVD
D) Google Hacking Database
4. Which of the followings is not a Vulnerability Scanning tool?
A) Nessus
B) GFI LanGuard
C) Qualys Scan
D) Wireshark
5. Which of the followings is not an example of Non-Electronic/Non-Technical Password Attack?
A) Shoulder Surfing
B) Social Engineering
C) Dumpster Diving
D) Dictionary Attack
1. Right Answer: C
Explanation: Tree-based assessment is the assessment approach in which auditor follows different strategies for each component of an environment. For example, consider a scenario of an organization's network where different machines are live, the auditor may use an approach for Windows-based machines and another technique for Linux based servers.
2. Right Answer: C
Explanation: The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
3. Right Answer: D
Explanation: U.S. National Vulnerability Database (NVD) was launched by National Institute of Standards and Technology (NIST).
4. Right Answer: D
Explanation: Wireshark is the most popular, widely used Network Protocol Analyzer tool across commercial, governmental, non-profit and educational organizations. It is a free, open source tool available for Windows, Linux, MAC, BSD, Solaris and other platforms natively.
5. Right Answer: B
Explanation: Non-Electronic attacks or Non-technical attacks are the attacks that do not require any technical understanding and knowledge. This is the type of attack that can be done by shoulder surfing, social engineering, and dumpster diving.
Explanation: Tree-based assessment is the assessment approach in which auditor follows different strategies for each component of an environment. For example, consider a scenario of an organization's network where different machines are live, the auditor may use an approach for Windows-based machines and another technique for Linux based servers.
2. Right Answer: C
Explanation: The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
3. Right Answer: D
Explanation: U.S. National Vulnerability Database (NVD) was launched by National Institute of Standards and Technology (NIST).
4. Right Answer: D
Explanation: Wireshark is the most popular, widely used Network Protocol Analyzer tool across commercial, governmental, non-profit and educational organizations. It is a free, open source tool available for Windows, Linux, MAC, BSD, Solaris and other platforms natively.
5. Right Answer: B
Explanation: Non-Electronic attacks or Non-technical attacks are the attacks that do not require any technical understanding and knowledge. This is the type of attack that can be done by shoulder surfing, social engineering, and dumpster diving.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
