Which of the following would be the BEST source of reference during the revision process?

8 thoughts on “Which of the following would be the BEST source of reference during the revision process?”

1. All of the answers can be used to guide configuration/hardening guides, but the CVE database is the industry standard reference for vulnerability enumeration.

   I would go with A

   Reply

2. I verified this question with external ISO auditors and the answer is C.

   1

   Reply

3. The CISO knows improvements can be ‘made’ to the guides.
   NIST + ISO

   so C is correct

   1

   Reply

   1. see

      industry-accepted-hardening-standards

      https://kirkpatrickprice.com/blog/industry-accepted-hardening-standards/

      Reply

4. @ The real 007, I think you would perform a security assessment based on the exact internal security assessment; how else would you know if there are areas that need improvement. Yeah, vendor specific guides help determine if you are meeting their implementations, but they are just that…guides. Thoughts?

   1

   Reply

5. The answer is D.

   If you were to improve your security posture, you would not perform a security assessment based on the exact internal security assessment you are trying to improve. It would be a biased assessment if done internally.

   To view what your security posture looks like, a third party external vulnerability assessment will be required. This will tell you everything you need to know if your system requires update to a hardened computer.

   1

   Reply

6. I agree with B

   1

   Reply

7. Not A, makes no sense.
   A. No, will tell you vulnerabilities for products, don’t see how this would be correct.
   B. Yes would tell current posture and areas of improvement.
   C. No this is more like USB standards and the like.
   D. No, only covers external and question specifically says internal (sort of)
   E. No, these should have been configured in the baseline.

   So answer is B.

   4

   1

   Reply