CIS-VR Online Practice Questions and Answers

A list of software weaknesses is known as:

A. National Vulnerability Database (NVD)

B. Common Vulnerability and Exposure (CVE)

C. National Institute of Science and Technology (NIST)

D. Common Weaknesses Enumeration (CWE)

Vulnerability Response can be best categorized as a ____________, focused on identifying and remediating vulnerabilities as early as possible.

A. A proactive process

B. An iterative process

C. A tentative process

D. A reactive process

What is the ID associated with the Vulnerability Response plugin?

A. com.snc.threat.intelligence

B. com.snc.vulnerability

C. com.snc.threat.feeds

D. com.snc.security_incident

Which Vulnerability maturity level provides advanced owner assignment?

A. Enterprise risk trending

B. Automated prioritization

C. Manual operations

D. Improved remediation

Ignoring a Vulnerable Item:

A. Permanently removes the item from the list of Active Vulnerable Items

B. Move the item to the Slushbucket

C. Has no impact on the list of Active Vulnerable Items

D. Temporarily removes the item from the list of Active Vulnerable Items

Best Practices dictate that when creating a Change task from a Vulnerable Item, which of the following fields should be used for assigning the Assigned To field on the Change task?

A. Assigned To on Vulnerable Item

B. Managed By on CMDB_CI

C. Assigned To on CMDB_CI Record

D. Best Practice does not dictate a specific field

Approvals within the Vulnerability Application are created based on:

A. The sys_approval and the sn_vul_vulnerable_item tables

B. The sn_vul_vulnerable_item and sn_vul_vulnerability tables

C. The sn_vul_change_approval table

D. The sys_approval table

What must Vulnerability Exceptions be supplied by default?

A. A reason for the exception

B. Integrations with GRC to handle the exception

C. Requirement Actions for the exception

D. A manual approval authority for the exception

Which of the following best describes a Vulnerability Group?

A. Groups VIs using a Filter against Vulnerable Item Fields

B. A Filter defining a sub-set of CIs to be treated as a group

C. The User Group assigned to resolving the Vulnerable Item

D. Must have a corresponding filter group

Filter Groups can be used in Vulnerability Response to group what type of vulnerability records?

A. Vulnerability groups

B. Third Party Entries

C. Vulnerable Items

D. Vulnerable Software