04- Vulnerability Assessment Flashcards

1
Q

Common Vulnerabilities and Exposures (CVE)

A

a reference of common names, or CVE Identifiers; CVE contains publicly known information on security vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

provides a universal open and standardized method for rating IT vulnerabilities

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Defense-in-depth

A

the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Fully Loaded Risk Factor

A

the value generated by multiplying Criticality times Vulnerability times Complexity Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

HFNetChk

A

tool built upon the industry standard of HFNetChk patch scanning engine which is used by Microsoft for its popular Microsoft Baseline Security Analyzer; developed by Shavlik Technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IBM Security AppScan

A

enables you to identify security vulnerabilities and generate reports and fix recommendations; improves application security program management and strengthens regulatory compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

iScanOnline

A

identifies and locates unprotected sensitive data at rest before a data breach happens; continuously assesses servers, laptops, smartphones, and tablets for known vulnerabilities and security threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

LanGuard 2014

A

allow automation of patching from a single console for the entire network; including Windows, Mac OS X, and major Linux distributions such as, Red Hat Enterprise Linux, Ubuntu, Suse, CentOS, and Debian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Microsoft Baseline Security Analyzer (MBSA)

A

determines security status by assessing missing security updates and less-secure security settings within Microsoft Windows and Windows components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Mitigation

A

using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

National Vulnerability Database (NVD)

A

the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance; includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Nessus

A

is the world?s most widely used vulnerability scanner, with extensive management and collaboration functions; uses powerful detection, scanning, and auditing features

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Patch

A

a fix to a vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Patch management

A

an important area of systems management; this involves acquiring, testing, and installing multiple patches to your computer system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Pen testers

A

Penetration testers; people who perform penetration testing, also called Ethical Hackers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Remediation

A

the process of correcting a fault or deficiency; the process of fixing vulnerabilities

17
Q

Report templates

A

allow you to filter and customize the vulnerability details for a particular scan or set of scans

18
Q

Reports

A

Presentation of a meaningful overview of the vulnerabilities found; should have possible remediation suggestions

19
Q

SANS Top 20 Critical Security Controls

A

focus first on prioritizing security functions which are successful in producing security controls against the latest Advanced Targeted Threats

20
Q

Secunia advisories archives page

A

allow you to get a quick summary of all Secunia advisories and vulnerabilities released. Secunia advisories cover all types of programs and operating systems vulnerabilities

21
Q

Vulnerability

A

a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage

22
Q

Vulnerability analysis

A

an estimate the effectiveness of proposed countermeasures and can evaluate their actual effectiveness after they are put into use

23
Q

Vulnerability Assessment

A

the process in which one can identify, quantify, and prioritize or rank the vulnerabilities in a network infrastructure or a system/ systems