# Assessing System Security

Ports 1 through 1024 are NOT assigned and used for well-known protocols

> False

You should have a document that lists the physical security in place

> True

All employees within a company must have access to the server room.

> False

Virus attacks utilize uncommon ports to gain access to a system.

> True (my note: debatable)

Open Web Application Security Project is the standard for risk assessment.

> False

Which of the following best describes risk assessment.

> Evaluating the security of a network

Which of the following is the least necessary security device/software

> Encryption for all internal transmissions

All visitors to the building must be logged in and escorted by an employee at all times.

> True

Which of the following is the most fundamental aspect of security?

> Patching the operating system

What is NOT a primary reason for documenting your security activity and audits?

> To demonstrate how much work the network administrators usually do


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.zacheller.dev/network-security/courses/isci-cnss-course/assessing-system-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.