Chapter 88 · Quiz

Security Tools — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
An organization runs a next-generation firewall, an intrusion prevention system, and a vulnerability scanner. All three identify the same vulnerability on a server, but each tool names and describes it differently. Which standard addresses this interoperability problem, and what does it enable?
Question 2 of 6
A security engineer needs to deploy compliance monitoring across 500 employee laptops and 200 contractor devices. The contractor devices cannot have software installed on them. Which monitoring approach should be used for each device category, and what is the key limitation of the approach used for contractor devices?
Question 3 of 6
An employee receives a phishing email with a malicious attachment that installs a remote access trojan. The trojan begins sending files containing Social Security numbers to an external server via HTTPS. The organization has DLP deployed only on the email gateway. Which data transfer succeeds and which is blocked?
Question 4 of 6
A network management station polls a core router every 10 minutes via SNMP. An interface on that router begins experiencing CRC errors due to a failing cable at 3:00 AM. The interface completely fails at 3:07 AM. At what time would polling alone have first detected the elevated error count, and what mechanism would have provided an earlier alert?
Question 5 of 6
A NetFlow collector reports that a user workstation generated 60 GB of outbound traffic to an unfamiliar external IP address between 11 PM and 4 AM. The workstation's normal daily outbound traffic is under 100 MB. What does this traffic pattern most likely indicate, and what can NetFlow confirm vs. what requires additional investigation?
Question 6 of 6
A security team runs monthly external vulnerability scans and consistently reports a clean result for the internal server farm, which is firewalled from internet access. A new analyst asks whether internal scans are performed; they are not. An internal scan is then run and finds seven servers with critical CVEs. What explains this discrepancy, and what does it demonstrate about vulnerability scanning scope?

Matching

Match each description to the correct security tool or standard.

1. A NIST-managed framework that gives diverse security tools a common language for identifying and reporting vulnerabilities, enabling automated cross-tool remediation
2. A security technology that monitors data in motion and at rest to prevent sensitive information (SSNs, medical records, credit cards) from leaving the organization without authorization
3. A network monitoring technology that collects flow statistics using a probe-and-collector architecture to identify top talkers, bandwidth usage, and anomalous traffic patterns
4. A proactive notification mechanism that a monitored device sends to a management station over UDP 162 when a configured threshold is exceeded
A. SCAP
B. DLP
C. NetFlow
D. SNMP Trap