CS205 Grand Quiz Solution and Discussion
-
Which team tests the patches in test environment in vulnerability management process?
Information security team
IT operations team
IT operations team
Risk & compliance team -
One of the major challenges of information security in Pakistan is that it is_____________________.
Reactive and superficial
Misunderstood
Not funded adequately
Not considered important -
-
Which one of the following is considered the first step in a vulnerability scan?
Port scanning
Firewall detection
TCP/UDP service delivery
Checking if the remote host is alive -
IT/ Infosec Teams require information security project report at ________basis.
Daily
Weekly
monthly
Quarterly -
It would be correct to say that the security posture in Pakistan can be improved by____________.
More awareness and training
Effective actions taken by regulators, organizations, and building an effective cyber security eco-system
Regular technical security audits
Learning from regional countries
-
Which team tests the patches in test environment in vulnerability management process?
Risk & compliance team
Business team
IT operations team
Audit team -
What should standard secure configuration images represent?
Default configuration version of OS only.
Hardened versions of OS only.
Hardened versions of application installed on system only.
Hardened versions of underlying OS and application installed on system. -
How security of outsourced services can be evaluated?
Include outsourced scope in internal audit
Ask for 3rd party security review
Vulnerability assessment and penetration testing
Spot security checks -
Policy & compliance practice of “governance” function of software assurance maturity model is focused on________________.
On arming personnel involved in software lifecycle with knowledge and resources to design develop and deploy secure software
Understanding and meeting external legal and regulatory requirements
On establishing a framework within an organization for a software security assurance program
On proactively specifying the expected behavior of software with respect to security -
Checklist of applicable security controls step includes?
Make a checklist for progress tracking and share with it teams
Document controls in sop
Research for applicable controls
Both b and C -
As per carneige mellon university computing consortium commercial software contains?
20 to 30 bugs for every 1000 lines of code
20 to 30 bugs for every 10,000 lines of code
40 to 50 bugs for every 1000 lines of code
40 to 50 bugs for every 10,000 lines of code -
The 4 layer security transformation model and isms requirements and controls__________________.
Are both separate security programs
Are both separate security projects
May form essential elements of the security program
None of the given -
-
Anthem insurance breach 2014 was initiated through?
Windows vulnerability
Phishing email
Man in the middle attack
Sql injection attack -
What are the three types of redundant site models in an enterprise network?
Hot site, cold site and warm site
Primary site, secondary site and DR site
Highly available site, fault tolerant site and DR site
Both a & b