03 Vulnerability Mgmt And Response

Question 1

The description and analysis of vulnerabilities in a system

Answer 1

Vulnerability assessment

Question 2

An assessment of the adequacy of security controls and the evaluation of compliance

Answer 2

Security audit

Question 3

The ongoing repeatable processes for identifying, remediating, or accepting risk

Answer 3

Vulnerability management

Question 4

these testers actively exploit identified vulnerabilities to eliminate the possibility of false positives and provide critical insight into risk.

Answer 4

Penetration testers

Question 5

A language and scoring system used to convey vulnerability severity and determine urgency.

Answer 5

CVSS - common vulnerability scoring system, five category

Question 6

Process of testing involving the modeling of techniques used by real-world attackers to find vulnerabilities under controlled circumstances.

Answer 6

Penetration testing

Question 7

this technique changes the way malware, a payload, or other code looks at a low level in order to evade signature detection.

Answer 7

Ghostwriting

Question 8

This phase of pen testing discovers what ports are open, what services are associated with what ports, and the application version numbers.

Answer 8

Scanning and enumeration

Question 9

Three types of pen testing

Answer 9

External, internal, web application

Question 10

This is a working project to document all public command and control frameworks in a single place.

Answer 10

C2 matrix

Question 11

These are tools that if a vulnerability exists will exploit the system.

Answer 11

Exploitation frameworks

Question 12

A piece of malware that’s goal is to subvert user land and kernel detective controls to provide ongoing access.

Answer 12

Rootkit