31. Which layer of the defense in depth model relates to user devices that have accessed a network?
- Endpoint
- Application
- Perimeter
- Data
32. Which of the following are criteria that a vulnerability must meet to qualify for a CVE® ID? Select all that apply.
- It can only affect one codebase.
- It must be submitted with supporting evidence.
- It must be independent of other issues.
- It must be recognized as a potential security risk.
- It must pose a financial risk.
33. Which of the following are reasons that security teams practice an attacker mindset? Select three answers.
- To identify attack vectors
- To exploit flaws in an application’s codebase
- To uncover vulnerabilities that should be monitored
- To find insights into the best security controls to use
34. Fill in the blank: According to the CVE® list, a vulnerability with a score of _____ or above is considered to be a critical risk to company assets that should be addressed right away.
- 11
- 1
- 9
- 4
35. You are tasked with performing a vulnerability assessment of an onsite server. After scanning the server, you discover that its operating system is missing several new updates.
What are two steps that you might take next to complete the vulnerability assessment? Select two answers.
- Investigate critical system updates that are available.
- Scan the millions of devices that connect to the server
- Perform a risk assessment of the old operating system.
- Deactivate the server because its operating system is outdated