CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
1. Which one of the following protocols should never be used on a public network?
A) Telnet
B) SFTP
C) HTTPS
D) SSH
2. Which one of the following terms is not typically used to describe the connection of physical devices to a network?
A) ICS
B) SCADA
C) IoT
D) IDS
3. When preparing a penetration test report, the following are recommended as best practice, except _______________.
A) Omission of findings lower than 3.0 on the CVSS 3.0
B) Reduction of redundancy and streamlining of data presented
C) Verification and full documentation of findings
D) Robust accounting of testing methodology
4. Which of the following components of a written penetration test report is meant to provide a high-level overview of findings without getting too wrapped up in technical details?
A) Risk Ratings
B) Methodology
C) Executive Summary
D) Conclusion
5. Which of the following options defines the term -risk appetiteΓΒ with regard to information security?
A) The ability or willingness of an organization to withstand the effects of any events or situations that adversely affect its business assets, such as computer systems or networks
B) The amount and kinds of risk an organization is willing to accept in its information system-s environment
C) A key factor that helps an organization determine if a penetration test is a financially supportable business expense
D) An organization-s understanding and acceptance of the likelihood and impact of a specific threat on its systems or networks
A) Telnet
B) SFTP
C) HTTPS
D) SSH
2. Which one of the following terms is not typically used to describe the connection of physical devices to a network?
A) ICS
B) SCADA
C) IoT
D) IDS
3. When preparing a penetration test report, the following are recommended as best practice, except _______________.
A) Omission of findings lower than 3.0 on the CVSS 3.0
B) Reduction of redundancy and streamlining of data presented
C) Verification and full documentation of findings
D) Robust accounting of testing methodology
4. Which of the following components of a written penetration test report is meant to provide a high-level overview of findings without getting too wrapped up in technical details?
A) Risk Ratings
B) Methodology
C) Executive Summary
D) Conclusion
5. Which of the following options defines the term -risk appetiteΓΒ with regard to information security?
A) The ability or willingness of an organization to withstand the effects of any events or situations that adversely affect its business assets, such as computer systems or networks
B) The amount and kinds of risk an organization is willing to accept in its information system-s environment
C) A key factor that helps an organization determine if a penetration test is a financially supportable business expense
D) An organization-s understanding and acceptance of the likelihood and impact of a specific threat on its systems or networks
1. Right Answer: A
Explanation: Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are all considered secure.
2. Right Answer: B
Explanation: Intrusion Detection Systems (IDSs) are a security control used to detect network or host attacks. The Internet of Things (IoT), Supervisory Control And Data Acquisition (SCADA) systems, and Industrial Control Systems (ICSs) are all associated with connecting physical world objects to a network.
3. Right Answer: A
Explanation: Omission of any findings would be unethical and counterproductive to the purpose of a penetration test.
4. Right Answer: C
Explanation: The component described is the executive summary. As hinted in the name, the executive summary aims to provide a 50,000-foot view of the penetration test report without relying on technical terms that may not mean anything to readers.
5. Right Answer: B
Explanation: Risk appetite is defined as the amount and kinds of risk an organization is willing to accept, and can be expected to drive much of the organization-s decision making when pursuing mitigation techniques for vulnerabilities discovered during a penetration test.
Explanation: Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are all considered secure.
2. Right Answer: B
Explanation: Intrusion Detection Systems (IDSs) are a security control used to detect network or host attacks. The Internet of Things (IoT), Supervisory Control And Data Acquisition (SCADA) systems, and Industrial Control Systems (ICSs) are all associated with connecting physical world objects to a network.
3. Right Answer: A
Explanation: Omission of any findings would be unethical and counterproductive to the purpose of a penetration test.
4. Right Answer: C
Explanation: The component described is the executive summary. As hinted in the name, the executive summary aims to provide a 50,000-foot view of the penetration test report without relying on technical terms that may not mean anything to readers.
5. Right Answer: B
Explanation: Risk appetite is defined as the amount and kinds of risk an organization is willing to accept, and can be expected to drive much of the organization-s decision making when pursuing mitigation techniques for vulnerabilities discovered during a penetration test.
0 Comments
Leave a comment
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
