Help with a question

SeekBytes

Dear members,

The author of the book says that the correct answer is "C", but I am do not agree with it.

That's the question

A set of standardized system images with a pre-defined set of applications is used to build end-user workstations. The security administrator has scanned every workstation to create a current inventory of all applications that are installed on active workstations and is documenting which applications are out-of-date and could be exploited. The security administrator is determining the:
A - attack surface
B - application hardening effectiveness
C - application baseline
D - OS hardening effectiveness


What would you answer?

A or C?

Kind Regards.

TacoRocket

This is a matter of what is the best answer. Yes out of date applications present an attack surface, but an attack surface is much more than just applications.

Here you are just querying the state of the applications on workstations. Much the same to getting the state of a server to see the baseline of its workload.

Which is why this is called an Application Baseline.

SeekBytes

Thank you Taco for answering.

SeekBytes

I post another question which I don't get.

Bart wants to send a secure email to Lisa so he decides to encrypt it. Bart wants to ensure that Lisa can verify that he sent it. Which of the following does Lisa need to meet this requirement?


A - Bart's public key
B - Lisa's private key
C - Lisa's public key
D - Bart's private key

The correct answer is "A". I answered "D".

The point that I do not get is regarding the owner of the private key. In this case, the question states that Bart wants Lisa to be certain that the message was from Bart. This part of the sentence made me think that since only Bart owns the private key, the message cannot be sent by anybody else.

Can somebody help me with this?

Kind Regards.

SeekBytes

I found where is the problem. I re-reading Chapter 10 from Darril Gibson's book.