QuestionA vulnerability manager is ramping up the vulnerability management program at their company. Which of the following is the most important consideration for prioritizing patching?A.ActorB.ThreatC.RiskD.MFA

90.8% completeQuestionA large company has recently discovered a vulnerability in its system. After analyzing the data, the company must prioritize the vulnerabilities based on exploitability and weaponization. Which of the following would be important for the company to consider when analyzing the data to achieve their requirements? (Select the two best options.)A.The level of sophistication of threat actors targeting the vulnerabilityB.The availability of patches for the vulnerabilityC.The number of systems and people affected by the vulnerabilityD.The potential damage caused by successful exploitation of the vulnerability

A company's vulnerability management team has identified a critical vulnerability in its server software. The team has created an action plan to address the vulnerability and has identified patching as a key part of the plan. Why is patching an important part of the action plan?A.It allows the vulnerability management team to prioritize other tasks that do not require patching.B.It can prevent attackers from exploiting the vulnerability and causing damage to the company.C.It allows the company to shift the responsibility of patching to the software vendor.D.It ensures that the scope of the incident response activities is limited.

Please choose the correct answer.If I prioritize code security, I do:Risk reduction for the companyGenerate more income for the companyProvide a better security maturity modelAll of the above

n what order are the steps in the vulnerability management life cycle conducted?discover, prioritize assets, assess, report, remediate, verifydiscover, assess, prioritize assets, report, remediate, verifydiscover, prioritize assets, assess, remediate, verify, reportdiscover, prioritize assets, assess, remediate, report, verify

Question 1What are the purposes of performing a patch update for security hardening? Select all that apply.1 pointUpgrading an operating system to the latest software version. Requiring a user to verify their identity to access a system or network.Preventing malicious actors from flooding a network.Fixing known security vulnerabilities in a network or services.2.Question 2What is the term for all the potential system vulnerabilities that a threat actor could exploit?1 pointRiskSecurity architectureAttack surfaceSecurity challenge3.Question 3Fill in the blank: Hiring a security guard is an example of a _____ security hardening practice.1 pointphysicalvirtualnetwork-focusedsoftware-based4.Question 4To help improve the security of a business, its in-house security team is approved to simulate an attack that will identify vulnerabilities in business processes. What does this scenario describe? 1 pointThe Ping of DeathPacket sniffingA Distributed Denial of Service (DDoS) attackPenetration testing5.Question 5Which of the following are OS hardening tasks? Select three answers. 1 pointUsing secure encryption standards  Implementing multifactor authentication Regularly installing updatesInstalling security cameras6.Question 6Fill in the blank: A/An _____ is a documented set of specifications within a system that is used as a basis for future builds, releases, and updates1 pointvirtual private network installationinternet control message protocol updatenetwork segmentbaseline configuration7.Question 7Multi-factor authentication (MFA) is an example of which type of hardening practice?1 pointNetwork log analysisOS hardeningNetwork hardeningAttack surface8.Question 8In what way might port filtering be used to protect a network from an attack?1 pointTo create isolated subnets for different departments in an organization To increase the attack surface in a networkTo disable unused ports in order to reduce the attack surfaceTo inspect, analyze, and react to security events based on their priority9.Question 9A security team considers the best way to handle the different security zones within their network. They prioritize protecting the restricted zone by separating from the rest of the network and ensuring it has much higher encryption standards. What does this scenario describe? 1 point Penetration testingPatch updatingNetwork segmentationCloud hardening10.Question 10How can a security professional confirm that no unverified changes have occurred within a cloud server?1 pointEstablish multifactor authentication (MFA)Perform a penetration testCompare the server baseline image to the data in cloud servers Use port filtering to block or allow certain updates