GCC Class 2 Lesson 4 Quiz

You are designing a new Web application service for your company. An initial design review reveals a number of attack surfaces not identified in the initial baseline for the application, including unneeded network services that are enabled. What should you do?
A. Remove unneeded services from the design.
B. Rework the initial baseline
C. Reduce the attack surfaces during actual coding.
D. Perform a conceptual test.

Which of the following is the least intrusive way of checking an environment for know software flaws?
A. Port Scanner
B. Protocol analyzer
C. Penetration test
D. Vulnerability scanner

After a system risk assessment, the cost to mitigate a risk is higher than the expected loss if the threat materializes. In this situation, which of the following is the better course of action?
A. Accept the risk
B. Mitigate the risk
C. Run a new risk assessment
D. Reject the risk

After completing a risk assessment, a security administrator recommends that the network owner take actions to prevent future security incidents. Which of the following describes this type of action?
A. Risk Transference
B. Risk Mitigation
C. Risk Avoidance
D. Risk Acceptance

What is likely your best course of action when a vulnerability is identified on an operating system?
A. Ignore the vulnerability for now and wait for an automatic update from the manufacturer.
B. Visit the OS manufacturer's website for information and a patch.
C. Search for a patch on the internet.
D. Shut down all affected servers until management can be notified.