00_综合测试习题（4582题）.pdf

APPENDIX A Comprehensive Questions Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in his company’s DMZ may have been successfully compromised and a rootkit loaded. 1. Based upon this scenario, what is most likely the biggest risk Josh’s company needs to be concerned with? A. Market share drop if the attackers are able to bring the specific product to market more quickly than Josh’s company. B. Confidentiality of e-mail messages. Attackers may post all captured e-mail messages to the Internet. C. Impact on reputation if the customer base finds out about the attack. D. Depth of infiltration of attackers. If attackers have compromised other systems, more confidential data could be at risk. 2. The attackers in this situation would be seen as which of the following? A. Vulnerability B. Threat C. Risk D. Threat agent 3. If Josh is correct in his assumptions, which of the following best describes the vulnerability, threat, and exposure, respectively? A. E-mail server is hardened, an entity could exploit programming code flaw, server is compromised and leaking data. B. E-mail server is not patched, an entity could exploit a vulnerability, server is hardened. C. E-mail server misconfiguration, an entity could exploit misconfiguration, server is compromised and leaking data. D. DMZ firewall misconfiguration, an entity could