Which of the following are characteristics of the vulnerability management process? Select two answers.1 pointVulnerability management is a way to discover new assets.Vulnerability management should be a one-time process.Vulnerability management is a way to limit security risks.Vulnerability management should consider various perspectives.

Which of the following best describes the purpose of a system/process audit in vulnerability management?

What is a vulnerability?1 pointAnything that can impact the confidentiality, integrity, or availability of an assetAny circumstance or event that can negatively impact assetsAn organization’s ability to manage its defense of critical assets and data and react to changeA weakness that can be exploited by a threat

1.Question 1Fill in the blank: Security posture refers to an organization’s ability to react to _____ and manage its defense of critical assets and data.1 pointcompetitionsustainabilitytaskschange2.Question 2Which of the following examples are key focus areas of the security and risk management domain? Select three answers.1 pointConduct control testingDefine security goalsFollow legal regulationsMaintain business continuity3.Question 3What term describes an organization's ability to maintain its everyday productivity by establishing risk disaster recovery plans?1 pointRecoveryBusiness continuityMitigationDaily defense4.Question 4What security concept involves all individuals in an organization taking an active role in reducing risk and maintaining security?1 pointRemote servicesEmployee retention Secure codingShared responsibility 5.Question 5A security analyst verifies users and monitors employees’ login attempts. The goal is to keep the business’s assets secure. Which security domain does this scenario describe?1 pointCommunication and network securitySecurity assessment and testingSecurity operationsIdentity and access management 6.Question 6A security analyst is asked to conduct a security audit to identify vulnerabilities. Which security domain is this task related to?1 pointSoftware development securitySecurity architecture and engineeringSecurity assessment and testingCommunication and network security7.Question 7Fill in the blank: When working in the software development security domain, security team members can use each phase of the software development _____ to conduct security reviews and ensure that security can be fully integrated into software products.1 pointsequencinglifecyclehandlingoperations8.Question 8Which of the following statements accurately describe risk? Select all that apply.1 pointIf compromised, a low-risk asset would not require ongoing monitoring or action.Determining whether a risk is low, medium, or high depends on the possible threat and the asset involved.If compromised, a medium-risk asset may cause some damage to an organization's reputation. Assets with SPII, PII, or intellectual property are examples of high-risk assets.9.Question 9A business experiences an attack. As a result, a major news outlet reports the attack, which creates bad press for the organization. What type of consequence does this scenario describe?1 pointLoss of identityIncrease in profitsLack of engagementDamage to reputation10.Question 10Fill in the blank: In the Risk Management Framework (RMF), the _____ step might involve implementing a plan to change password requirements in order to reduce requests to reset employee passwords.1 pointimplementauthorizecategorizeprepare

n what order are the steps in the vulnerability management life cycle conducted?discover, prioritize assets, assess, report, remediate, verifydiscover, assess, prioritize assets, report, remediate, verifydiscover, prioritize assets, assess, remediate, verify, reportdiscover, prioritize assets, assess, remediate, report, verify

What is the main goal of performing a vulnerability assessment?1 pointTo catalog assets that need to be protectedTo practice ethical hacking techniquesTo pass remediation responsibilities over to the IT departmentTo identify weaknesses and prevent attacks