Correct Answer: A. pre-assessment defines scope, permissions, assets, rules of engagement, and constraints
Explanation:
The correct answer is pre-assessment defines scope, permissions, assets, rules of engagement, and constraints. This matches the course topic 'Pre-assessment' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: A. input validation review checks whether untrusted input is constrained, sanitized, or rejected
Explanation:
The correct answer is input validation review checks whether untrusted input is constrained, sanitized, or rejected. This matches the course topic 'Input validation review' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: B. assessment tools automate discovery, scanning, and reporting of potential weaknesses
Explanation:
The correct answer is assessment tools automate discovery, scanning, and reporting of potential weaknesses. This matches the course topic 'Vulnerability assessment tools' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: B. compliance maps security controls to laws, standards, and organizational requirements
Explanation:
The correct answer is compliance maps security controls to laws, standards, and organizational requirements. This matches the course topic 'Regulatory compliance' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: B. pre-assessment defines scope, permissions, assets, rules of engagement, and constraints
Explanation:
The correct answer is pre-assessment defines scope, permissions, assets, rules of engagement, and constraints. This matches the course topic 'Pre-assessment' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: B. input validation review checks whether untrusted input is constrained, sanitized, or rejected
Explanation:
The correct answer is input validation review checks whether untrusted input is constrained, sanitized, or rejected. This matches the course topic 'Input validation review' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: D. false positives are reported issues that are not actually exploitable or valid
Explanation:
The correct answer is false positives are reported issues that are not actually exploitable or valid. This matches the course topic 'Tool false positives' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: D. risk prioritization considers severity, likelihood, business impact, and exposure
Explanation:
The correct answer is risk prioritization considers severity, likelihood, business impact, and exposure. This matches the course topic 'Risk prioritization' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: D. scope definition specifies what systems, tests, time windows, and limits are authorized
Explanation:
The correct answer is scope definition specifies what systems, tests, time windows, and limits are authorized. This matches the course topic 'Scope definition' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: D. authentication review checks identity verification mechanisms, password handling, and session access
Explanation:
The correct answer is authentication review checks identity verification mechanisms, password handling, and session access. This matches the course topic 'Authentication review' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: A. false positives are reported issues that are not actually exploitable or valid
Explanation:
The correct answer is false positives are reported issues that are not actually exploitable or valid. This matches the course topic 'Tool false positives' in Vulnerability Assessment & Reverse Engineering.
Correct Answer: A. risk prioritization considers severity, likelihood, business impact, and exposure
Explanation:
The correct answer is risk prioritization considers severity, likelihood, business impact, and exposure. This matches the course topic 'Risk prioritization' in Vulnerability Assessment & Reverse Engineering.