Chapter 10 ■ Practice Test 2 255
- Which of the following concerns should not be on Lauren’s list of potential issues when
penetration testers suggest using Metasploit during their testing?
A. Metasploit can only test vulnerabilities it has plug-ins for.
B. Penetration testing only covers a point-in-time view of the organization’s security.
C. Tools like Metasploit can cause denial of service issues.
D. Penetration testing cannot test process and policy. - Colin is reviewing a system that has been assigned the EAL7 evaluation assurance level
under the Common Criteria. What is the highest level of assurance that he may have about
the system?
A. It has been functionally tested.
B. It has been methodically tested and checked.
C. It has been methodically designed, tested, and reviewed.
D. It has been formally verified, designed, and tested. - Which ITU-T standard should Alex expect to see in use when he uses his smart card to
provide a certificate to an upstream authentication service?
A. X.500
B. SPML
C. X.509
D. SAML - What type of websites are regulated under the terms of COPPA?
A. Financial websites not run by financial institutions
B. Healthcare websites that collect personal information
C. Websites that collect information from children
D. Financial websites run by financial institutions- Tracy recently accepted an IT compliance position at a federal government agency that
works very closely with the Defense Department on classified government matters. Which
one of the following laws is least likely to pertain to Tracy’s agency?
A. H I PA A
B. FISMA
C. HSA
D. CFA A