A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the...

A security analyst is reviewing output from a CVE-based vulnerability scanner. Before
conducting the scan, the analyst was careful to select only Windows-based servers in a specific
datacenter. The scan revealed that the datacenter includes 27 machines running Windows 2003
Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE
environment. Which of the following statements are MOST likely applicable? (Choose two.)

A. Remediation is likely to require some form of compensating control.

B. Microsoft's published schedule for updates and patches for Win2003SE have continued
uninterrupted.

C. Third-party vendors have addressed all of the necessary updates and patches required by
Win2003SE.

D. The resulting report on the vulnerability scan should include some reference that the scan of the
datacenter included 27 Win2003SE machines that should be scheduled for replacement and
deactivation.

E. Remediation of all Win2003SE machines requires changes to configuration settings and
compensating controls to be made through Microsoft Security Center's Win2003SE Advanced
Configuration Toolkit.

Please explain for thumbs up.

Solutions

Expert Solution

Answer: (D) and (E)

(D) The resulting report on the vulnerability scan should include some reference that the scan of the datacenter included 27 Win2003SE machines that should be scheduled for replacement and deactivation.

(E) Remediation of all Win2003SE machines requires changes to configuration settings and compensating controls to be made through Microsoft Security Center's Win2003SE Advanced Configuration Toolkit.

Description:

• Common vulnerabilities and exposure CVE based scanner gives the information report about system vulnerabilities and its security issues. CVE scanner relies on freely accessible system data.

• The CVE scanner provides common interface to evaluate various security tools and make impactful database information. CVE reports provide the every detail about vulnerability issues, system risk level and its impact on environment along with the solutions.

• So, when security analyst scanned the output from a CVE-based scanner then that resulting report on vulnerabilities and exposure scan must include information about 27 Win2003SE machines with the datacenter which were scheduled for the replacement procedure or the deactivation.

• Solution for new found vulnerabilities includes changes in configuration settings that can be done using Win2003SE Advanced Configuration Toolkit of Microsoft Security MS - Center.

venereology answered 1 year ago

Next > < Previous

Related Solutions

The biggest profits from foreign trade are received by small countries, whereas domestic prices before conducting...

The biggest profits from foreign trade are received by small countries, whereas domestic prices before conducting international trade are far different from the prevailing world prices. Why is that?

Provide an interpretation of this regression model based on this output received from SPSS. Independent variable...

Provide an interpretation of this regression model based on this output received from SPSS. Independent variable is verbal IQ score. Dependent variable is full IQ score. Model Summary Model R R Square Adjusted R Square Std. Error of the Estimate 1 .875a .766 .764 7.003 a. Predictors: (Constant), verbiq Coefficientsa Model Unstandardized Coefficients Standardized Coefficients t Sig. 95.0% Confidence Interval for B B Std. Error Beta Lower Bound Upper Bound 1 (Constant) 12.502 3.987 3.136 .002 4.610 20.395 verbiq .928...

Below you are given a partial computer output from a multiple regression analysis based on a...

Below you are given a partial computer output from a multiple regression analysis based on a sample of 16 observations. Coefficients Standard Error Constant 12.924 4.425 x1 -3.682 2.630 x2 45.216 12.560 Analysis of Variance Source of Variation Degrees of Freedom Sum of Squares Mean Square F Regression 4853 2426.5 Error 485.3 Carry out the test of significance for the variable x1 at the 1% level. The null hypothesis should be options: be tested for β₃ instead. be rejected....

1. Following R output is from fitting multiple regression of House price (Y) in thousand based...

1. Following R output is from fitting multiple regression of House price (Y) in thousand based on Finish Area(X1), Age(X2) and Bedroom(X3). Coefficients: Estimate Std. Error t value Pr(>|t|) (Intercept) 190.11 2.587 73.48 0.00866 ** X1 2.30 0.010 228.00 0.00279 ** X2 -2.46 0.064 -38.03 0 .01674 * X3 36.67 0.359 101.96 0.00624 ** ----------------------------- Signif. codes: 0 ‘***’ 0.001 ‘**’ 0.01 ‘*’ 0.05 ‘.’ 0.1 ‘ ’ 1 Residual standard error: 0.9204 on 1 degrees of freedom Multiple R-squared:...

How does management determine how to classify each type of output from a joint process? Is this decided before or after production?

Based on information from the National Cyber Security Alliance, 93% of computer owners believe that they have antivirus programs installed on

Based on information from the National Cyber Security Alliance, 93% of computer owners believe that they have antivirus programs installed on their computers. In a random sample of 400 scanned computers, it is found that 380 of them (or 95%) actually have antivirus programs. Use the sample data from the scanned computers to test the claim that 93% of computers have antivirus programs.

Subjects