Table of Contents
Exposure Management Certification (Free)
Website: https://xmcyber.com/exposure-management-course/
Module 1 Quiz:
1: What is the purpose of a vulnerability management program in cybersecurity exposure management?
Answer: To identify and prioritize vulnerabilities for remediation
2: What is the purpose of a security control framework, like the NIST Cybersecurity Framework, in cybersecurity exposure management?
Answer: To provide a structured approach for implementing and managing security controls
3: Which of the following is a simulated cyber-attack against your computer system to check for exploitable vulnerabilities?
Answer: Penetration testing
4: Which of the following is a process used to prioritize the remediation of identified vulnerabilities based on the risk they pose to an organization?
Answer: Risk management
5: What is the purpose of a patch management program?
Answer: To ensure that software vulnerabilities are remediated in a timely manner
6: Which of the following is a process used to identify potential sources of cyber threats and vulnerabilities in an organization’s IT systems and networks?
Answer: Vulnerability scanning
7: Which of the following is a process that helps organizations manage and track the status of remediation efforts for identified vulnerabilities?
Answer: Vulnerability management
8: What is the primary goal of a vulnerability assessment in cybersecurity exposure management?
Answer: To identify and prioritize vulnerabilities for remediation
9: Where does vulnerability management fit into an information security office in a business?
Answer: Reports to the CISO
10: What is the purpose of a threat model in cybersecurity exposure management?
Answer: To identify potential attack vectors and prioritize defenses
Module 2 Quiz:
1: Which of the following best describes an attack surface in cybersecurity?
Answer: The area of vulnerability in a system that can be exploited by a cyber-attack
2: Which of the following is an example of an attack surface in a typical corporate network?
Answer: The range of devices and applications that can be accessed by an employee’s login credentials
3: What is the purpose of cybersecurity control validation?
Answer: To test the effectiveness of cybersecurity controls
4: Which of the following is a common method for validating cybersecurity controls?
Answer: Conducting a penetration test
5: What is the goal of continuous monitoring in cybersecurity control validation?
Answer: To detect and respond to cyber threats in real-time
6: What is a common cause of cybersecurity vulnerabilities in software applications?
Answer: Failing to apply software patches and updates
7: Which of the following is an example of a social engineering attack that exploits a cybersecurity vulnerability?
Answer: A hacker tricking an employee into divulging their login credentials via a phishing email
8: What is an attack path in cybersecurity?
Answer: The sequence of steps taken by a hacker to carry out a cyber-attack
9: What is the purpose of mapping attack paths in cybersecurity?
Answer: To identify vulnerabilities in a system that can be exploited by a cyber-attack
10: What is the definition of a software vulnerability in cybersecurity?
Answer: A defect in software code that can be used to gain unauthorized access to a system
Module 3 Quiz:
1: What is a zero-day vulnerability?
Answer: A security flaw that is known to attackers but not yet known to the software vendor or security community.
2: True or False – A fully automated remediation workflow is the desired goal of exposure management?
Answer: False
3: What is patch management?
Answer: The process of installing security updates and bug fixes on a computer system.
4: Which activity that requires friction reduction is NOT part of the mobilization phase?
Answer: System Decommissioning
5: Which phase below is NOT part of the 5-phase workflow of operationalizing CTEM?
Answer: Purpose
6: What is validation in the context of Exposure Management?
Answer: The process of reviewing and assessing the effectiveness of security measures.
7: What is purple teaming in cybersecurity?
Answer: The collaboration between red and blue teams to identify weaknesses in a system.
8: How can security controls be validated?
Answer: Through vulnerability scanning and penetration testing.
9: True or False: CTEM is a Tool?
Answer: False
10: What is a vulnerability?
Answer: A weakness in a computer system that can be exploited by an attacker.
Module 5 Quiz:
1: Which of the following best describes the role of a cybersecurity GRC analyst?
Answer: Monitoring and assessing an organization’s cybersecurity risks and compliance.
2: What is the main objective of a cybersecurity purple team exercise?
Answer: To simulate a cyberattack and identify vulnerabilities in an organization’s defense.
3: Why are pentesters interested in vulnerabilities?
Answer: To exploit vulnerabilities and gain unauthorized access to an organization’s network.
4: Which of the following best describes the role of a Chief Information Security Officer (CISO)?
Answer: Oversee the organization’s information security program and ensure it aligns with business goals.
5: What is the primary concern of a CISO?
Answer: Protecting the organization’s digital assets from cyber threats.
6: Which of the following is an example of a useful cybersecurity metric for an organization?
Answer: The average time taken to detect and respond to a security incident.
7: What is a key value to exposure management from a metrics perspective?
Answer: It ensures silo’d metrics are rolled up to provide a cyber-risk picture for leaders.
8: What is the purpose of a CISO reporting to a board of directors on cybersecurity matters?
Answer: To ensure that the board understands the organization’s cybersecurity risks and the measures being taken to mitigate them.
9: How does exposure management help GRC analysts do their job better?
Answer: All of the above.
10: What is the primary goal of cybersecurity exposure management?
Answer: To identify, prioritize, and manage cybersecurity risks to reduce the organization’s attack surface.
Module 5 Quiz:
1: What is network segmentation?
Answer: A process of dividing a network into smaller subnetworks.
2: What is a cybersecurity attack path?
Answer: A path taken by cyber criminals to access sensitive data.
3: What is privileged access management?
Answer: A system that manages and controls privileged access to critical systems and data.
4: What is a cybersecurity configuration audit?
Answer: An analysis of an organization’s software and hardware configurations for potential security risks.
5: What is cybersecurity privileged access?
Answer: Access to administrative systems and tools granted to IT personnel.
6: What are cybersecurity golden images?
Answer: Standardized images of operating systems and applications used for security purposes.
7: Where can you go to learn more about the State of Exposure Management in 2023?
Answer: Download and read XM Cyber’s report “Navigating the Paths of Risk”.
8: What is cybersecurity credential caching?
Answer: A process of storing login credentials on a user’s device for easy access.
9: What are Domain Admin credentials?
Answer: Login credentials used by system administrators to manage Active Directory systems and networks.
10: What is the cybersecurity attack surface?
Answer: The area of an organization’s network or system that is vulnerable to cyber-attacks.
