1. A baseline is the initial settings in a newly installed system.

1. True

2. False

  2. A baseline, also called a ________, is a collection of settings at a specific point in time.

  3. Which Microsoft tool analyzes a computer’s settings and compares its configuration with a baseline?

1. SCA

2. MBSA

3. OpenVAS

4. SCT

  4. Stored settings that make up a baseline are stored in which type of files?

1. Baseline configuration

2. Baseline database

3. Security template

4. Security object

  5. The Security Configuration and Analysis tool operates as a snap-in to the ________.

  6. Which command-line tool provides the same scanning capability as SCA?

1. Secedit

2. Mbsacli

3. Scacli

4. Mbsaedit

  7. Which of the following products does MBSA not analyze?

1. IIS

2. SQL Server

3. Adobe Acrobat

4. Windows 7

  8. MBSA automatically ranks vulnerabilities by severity.

1. True

2. False

  9. Which command-line tool provides the same scanning capability as MBSA?

1. Secedit

2. Mbsacli

3. Scacli

4. Mbsaedit

10. Which security scanner commonly runs as a Linux virtual machine?

1. SCA

2. OpenVAS

3. Retina

4. MBSA

11. Which vulnerability scanner discussed in this chapter makes its source code available?

1. Retina

2. nexpose

3. Nessus

4. OpenVAS

12. Which security scanner runs in a web browser and doesn’t require that you install a product before scanning?

1. MBSA

2. OpenVAS

3. SCT

4. PSI

13. Which of the following statements best describe the relationship between profiling and auditing?

1. Auditing is often a part of profiling.

2. Profiling is often a part of auditing.

3. Profiling and auditing are interchangeable terms.

4. If auditing is in place, profiling is not necessary.

14. When designing an audit strategy, you should log access attempts on the ________ number of objects.

15. What is the main purpose of an audit?

1. To uncover problems

2. To catch errors

3. To validate compliance

4. To standardize configurations