03 Vulnerability Mgmt And Response Flashcards

1
Q

The description and analysis of vulnerabilities in a system

A

Vulnerability assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An assessment of the adequacy of security controls and the evaluation of compliance

A

Security audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The ongoing repeatable processes for identifying, remediating, or accepting risk

A

Vulnerability management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

these testers actively exploit identified vulnerabilities to eliminate the possibility of false positives and provide critical insight into risk.

A

Penetration testers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A language and scoring system used to convey vulnerability severity and determine urgency.

A

CVSS - common vulnerability scoring system, five category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Process of testing involving the modeling of techniques used by real-world attackers to find vulnerabilities under controlled circumstances.

A

Penetration testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

this technique changes the way malware, a payload, or other code looks at a low level in order to evade signature detection.

A

Ghostwriting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This phase of pen testing discovers what ports are open, what services are associated with what ports, and the application version numbers.

A

Scanning and enumeration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Three types of pen testing

A

External, internal, web application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This is a working project to document all public command and control frameworks in a single place.

A

C2 matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

These are tools that if a vulnerability exists will exploit the system.

A

Exploitation frameworks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A piece of malware that’s goal is to subvert user land and kernel detective controls to provide ongoing access.

A

Rootkit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly