Section 4.3 Demonstrate your acquired knowledge about explaining various activities associated with vulnerabilitymanagement. This will demonstrate your proficiency for section 4.3 of the Security+ SY0-701 objectives. 1 / 25 Summarizing findings and next steps is known as: CVSS reporting Vulnerability reporting Enumeration report Audit certification 2 / 25 An independent check that patches succeeded is a: Dark-web audit Verification audit Patch enumeration CVE lookup 3 / 25 Confirming fixes by re-running scans is called: Vulnerability scoring Rescanning Threat ingestion Enumeration 4 / 25 Skipping a patch under formal approval creates an: Remediation plan Exception False positive Verification 5 / 25 Controls used when patching is impossible are: Remediation testing Compensating controls Responsible disclosure Data retention 6 / 25 Using VLANs to limit vulnerable system access is: Bug bounty Segmentation Dynamic analysis Enumeration 7 / 25 Quickly applying vendor fixes is known as: Compensating control Patching Segmentation Rescanning 8 / 25 A company’s willingness to accept risk is called: Impact analysis Risk tolerance CVSS scoring False-positive rate 9 / 25 Considering asset value and exploitability defines: Exposure factor Segmentation Environmental variable Patch window 10 / 25 A unique identifier for a known flaw is: CVSS vector CVE number Audit ticket Threat feed ID 11 / 25 A standard numeric severity rating is: ISO 27001 metric CVSS score Bug bounty level OSINT index 12 / 25 Ranking vulnerabilities by business impact is: CVE assignment Prioritization Rescanning Remediation 13 / 25 Missing a real vulnerability in a scan is a: True positive False negative False positive True negative 14 / 25 A scan flagging a harmless open port is a: False negative True positive False positive True negative 15 / 25 Reviewing configuration and processes is part of: Dynamic analysis System audit False-positive weeding CVSS mapping 16 / 25 A public program rewarding bug reports is a: Responsible disclosure Bug bounty program Threat feed service CVE issuance 17 / 25 Ethical attack simulations are known as: Threat feed ingestion Penetration testing Dynamic profiling CVSS scoring 18 / 25 Monitoring hacker forums for leaked exploits refers to: OSINT feeds Package updates Dark-web monitoring Static scanning 19 / 25 Membership in an ISAC provides: Dynamic analysis Industry threat sharing False-negative checks Patch exemptions 20 / 25 Paying for curated threat indicators comes from a: Dark-web search Proprietary feed Static code tool OS-level audit 21 / 25 Gathering publicly available cyber-threat data is: Vendor penetration Open-source intelligence Bug bounty submission Audit verification 22 / 25 Watching third-party libraries for new bugs is known as: Penetration testing Package monitoring Dark-web scraping Audit logging 23 / 25 Running an app and observing its behavior identifies flaws via: Static analysis OSINT review Dynamic analysis Code signing 24 / 25 Reviewing source code without running it is called: Threat feed analysis Static analysis Package monitoring Dynamic profiling 25 / 25 Which tool passively inspects traffic for known weaknesses? Penetration tester Static code analyzer Vulnerability scanner Dynamic fuzz tester Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
