Which of the following best describes the range of mitigations you might recommend?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which of the following best describes the range of mitigations you might recommend?

Explanation:
A good set of mitigations uses layered protection that covers people, process, and technology. Patching closes known vulnerabilities at the source, reducing the chance an attacker can exploit a flaw. System hardening tightens configurations, disables unused services, and removes unnecessary components to shrink the attack surface. Filtering solutions like firewalls, intrusion detection and prevention systems, and web application firewalls help block or slow attacker attempts at the network and application layers. Altering architecture—such as network segmentation, stricter access controls, and isolation of sensitive components—limits how far an attacker can move if a breach occurs. Changing processes, including secure development practices, regular patch management, and change control, keeps defenses effective over time. Together, these measures form multiple, complementary controls that reduce risk more effectively than any single action. Relying solely on monitoring provides visibility but not prevention, replacing an entire network is impractical and misses targeted vulnerability remediation, and ignoring vulnerabilities leaves systems open to known flaws.

A good set of mitigations uses layered protection that covers people, process, and technology. Patching closes known vulnerabilities at the source, reducing the chance an attacker can exploit a flaw. System hardening tightens configurations, disables unused services, and removes unnecessary components to shrink the attack surface. Filtering solutions like firewalls, intrusion detection and prevention systems, and web application firewalls help block or slow attacker attempts at the network and application layers. Altering architecture—such as network segmentation, stricter access controls, and isolation of sensitive components—limits how far an attacker can move if a breach occurs. Changing processes, including secure development practices, regular patch management, and change control, keeps defenses effective over time. Together, these measures form multiple, complementary controls that reduce risk more effectively than any single action.

Relying solely on monitoring provides visibility but not prevention, replacing an entire network is impractical and misses targeted vulnerability remediation, and ignoring vulnerabilities leaves systems open to known flaws.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy