Chapter 6 Questions

Question 1

What is the OWASP risk formula?

A. Risk = Threat + Impact
B. Risk = Likelihood × Impact
C. Risk = Vulnerability × Threat
D. Risk = Impact – Likelihood

Answer 1

Answer: B

Explanation:
OWASP defines risk as the combination of likelihood and impact. Likelihood measures how likely an attack is to occur, while impact measures the damage it would cause. Both must be considered to determine overall risk severity.

Question 2

What is vulnerability management?

A. Scanning only
B. Full process including remediation
C. Detecting malware
D. Blocking traffic

Answer 2

Answer: B

Explanation:
Vulnerability management is a continuous process that includes identifying vulnerabilities, assessing risk, applying patches, and monitoring systems. Scanning is only one part of this process, not the entire lifecycle.

Question 3

What is a vulnerability?

A. Threat
B. Weakness
C. Attack
D. Policy

Answer 3

Answer: B

Explanation:
A vulnerability is a weakness in systems, controls, or processes that can be exploited by a threat. It may exist in software, hardware, or organisational procedures

Question 4

Why are many breaches successful?

A. Strong security
B. Unpatched vulnerabilities
C. Encryption
D. Logging

Answer 4

Answer: B

Explanation:
Many attacks exploit known vulnerabilities that have not been patched. Studies show most breaches could be prevented with proper vulnerability management.

Question 5

Risk formula?

A. Threat
B. Likelihood × Impact
C. Logs
D. Detection

Answer 5

Answer: B

Explanation:
Risk is calculated by combining likelihood (probability of exploitation) and impact (damage caused). Both must be considered to assess severity.

Question 6

Likelihood refers to:

A. Damage
B. Probability of attack
C. Logs
D. Detection

Answer 6

Answer: B

Question 7

Impact refers to:

A. Probability
B. Damage caused
C. Logs
D. Detection

Answer 7

Answer: B

Question 8

Threat agent factor example?

A. Skill level
B. Logs
C. Encryption
D. Backup

Answer 8

Answer: A

Explanation:
Threat agent factors include attacker skill level, motivation, opportunity, and size. These determine how likely a vulnerability is to be exploited.

Question 9

Vulnerability factor example?

A. Ease of exploit
B. Logs
C. Encryption
D. Backup

Answer 9

Answer: A

Question 10

Technical impact includes:

A. Financial loss
B. Loss of integrity
C. Reputation
D. Compliance

Answer 10

Answer: B

Question 11

Business impact includes:

A. Integrity
B. Financial damage
C. Logs
D. Detection

Answer 11

Answer: B

Question 12

What is CVE?

A. Score system
B. Vulnerability identifier
C. Firewall
D. IDS

Answer 12

Answer: B

Explanation:
CVE (Common Vulnerabilities and Exposures) assigns unique identifiers to vulnerabilities. This allows consistent tracking and referencing across systems.

Question 13

What is CVSS?

A. ID
B. Severity scoring system
C. Firewall
D. IDS

Answer 13

Answer: B

Question 14

What is CPE?

A. Device classification
B. Score
C. Log
D. Detection

Answer 14

Answer: A

Question 15

What is CCE?

A. Config issue identifier
B. Score
C. Log
D. Detection

Answer 15

Answer: A

Question 16

Heat map shows:

A. Logs
B. Likelihood vs impact
C. Encryption
D. Detection

Answer 16

Answer: B

Question 17

Vulnerability management includes:

A. Scanning only
B. Full lifecycle (scan, assess, fix)
C. Detection only
D. Encryption

Answer 17

Answer: B