04- Vulnerability Assessment

Question 1

Common Vulnerabilities and Exposures (CVE)

Answer 1

a reference of common names, or CVE Identifiers; CVE contains publicly known information on security vulnerabilities

Question 2

provides a universal open and standardized method for rating IT vulnerabilities

Answer 2

Common Vulnerability Scoring System (CVSS)

Question 3

Defense-in-depth

Answer 3

the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.

Question 4

Fully Loaded Risk Factor

Answer 4

the value generated by multiplying Criticality times Vulnerability times Complexity Value

Question 5

HFNetChk

Answer 5

tool built upon the industry standard of HFNetChk patch scanning engine which is used by Microsoft for its popular Microsoft Baseline Security Analyzer; developed by Shavlik Technologies

Question 6

IBM Security AppScan

Answer 6

enables you to identify security vulnerabilities and generate reports and fix recommendations; improves application security program management and strengthens regulatory compliance

Question 7

iScanOnline

Answer 7

identifies and locates unprotected sensitive data at rest before a data breach happens; continuously assesses servers, laptops, smartphones, and tablets for known vulnerabilities and security threats

Question 8

LanGuard 2014

Answer 8

allow automation of patching from a single console for the entire network; including Windows, Mac OS X, and major Linux distributions such as, Red Hat Enterprise Linux, Ubuntu, Suse, CentOS, and Debian

Question 9

Microsoft Baseline Security Analyzer (MBSA)

Answer 9

determines security status by assessing missing security updates and less-secure security settings within Microsoft Windows and Windows components

Question 10

Mitigation

Answer 10

using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization

Question 11

National Vulnerability Database (NVD)

Answer 11

the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance; includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics

Question 12

Nessus

Answer 12

is the world?s most widely used vulnerability scanner, with extensive management and collaboration functions; uses powerful detection, scanning, and auditing features

Question 13

Patch

Answer 13

a fix to a vulnerability

Question 14

Patch management

Answer 14

an important area of systems management; this involves acquiring, testing, and installing multiple patches to your computer system

Question 15

Pen testers

Answer 15

Penetration testers; people who perform penetration testing, also called Ethical Hackers

Question 16

Remediation

Answer 16

the process of correcting a fault or deficiency; the process of fixing vulnerabilities

Question 17

Report templates

Answer 17

allow you to filter and customize the vulnerability details for a particular scan or set of scans

Question 18

Reports

Answer 18

Presentation of a meaningful overview of the vulnerabilities found; should have possible remediation suggestions

Question 19

SANS Top 20 Critical Security Controls

Answer 19

focus first on prioritizing security functions which are successful in producing security controls against the latest Advanced Targeted Threats

Question 20

Secunia advisories archives page

Answer 20

allow you to get a quick summary of all Secunia advisories and vulnerabilities released. Secunia advisories cover all types of programs and operating systems vulnerabilities

Question 21

Vulnerability

Answer 21

a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage

Question 22

Vulnerability analysis

Answer 22

an estimate the effectiveness of proposed countermeasures and can evaluate their actual effectiveness after they are put into use

Question 23

Vulnerability Assessment

Answer 23

the process in which one can identify, quantify, and prioritize or rank the vulnerabilities in a network infrastructure or a system/ systems