Home > Sample chapters

CompTIA Security+ Training Kit: Vulnerability Assessment and Management

Chapter review

Test your knowledge of the information in Chapter 7 by answering these questions. The answers to these questions, and the explanations of why each answer choice is correct or incorrect, are located in the “Answers” section at the end of this chapter.

  1. A security tool that is designed to allow attackers to attack a simulated system and thatgathers information about the attackers’ tools and techniques is known as what?

    1. A vulnerability detection system

    2. A port scanner

    3. A darknet

    4. A honeypot

  2. What type of vulnerability review focuses on how systems are put together?

    1. A penetration test

    2. A vulnerability scan

    3. A design or architecture review

    4. A code review

  3. The potential that a threat will exploit vulnerabilities is known as what?

    1. A risk

    2. A vulnerability

    3. A threat

    4. An exploit

  4. The equation to calculate risk is:

    1. Risk = Likelihood × Vulnerability

    2. Risk = Impact × Vulnerability

    3. Risk = Vulnerabilities × Threats

    4. Risk = Likelihood × Impact

  5. What type of penetration test provides partial visibility into the details of the environment to the testers?

    1. Red box

    2. White box

    3. Gray box

    4. Black box

  6. What type of testing would you perform to identify services and accessible ports via a network?

    1. A port scan

    2. A penetration test

    3. A vulnerability scan

    4. A ping sweep