04- Vulnerability Assessment Quiz Flashcards
On which is the National Vulnerability Database primarily built upon?
A. Vulnerabilities
B. NVD
C. Patch
D. CVE identifiers
Answer: D
The National Vulnerability Database is built primarily upon CVE identifiers.
Which of the following is another top priority of SANS Top 20 critical controls?
A. Prioritizing security functions
B. Standardization and automation
C. Vulnerability management
D. Exploit
Answer: B
Standardization and automation is another top priority.
National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data.
True
False
Answer: True
National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data.
Which continuously updates advisories to reflect new data whenever it becomes available?
A. Secunia
B. NVD
C. CVE
D. CVSS
Answer: A
Secunia continuously updates advisories to reflect new data whenever it becomes available.
Which is a dictionary of common names for publicly known information security vulnerabilities?
A. Vulnerability
B. Zero day
C. SANS Top 20 controls
D. Common Vulnerabilities and Exposures
Answer: D
Common Vulnerabilities and Exposures (CVE) is a dictionary of common names, i.e. CVE Identifiers for publicly known information security vulnerabilities.
Vulnerability analysis is also known as: A. Penetration testing B. Port scanning C. Vulnerability assessment D. none of these
Answer: C
Vulnerability analysis, also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes in a computer, network, or communications infrastructure.
What are the gateways by which threats are manifested? A. Ports B. Computer Networks C. Patches D. Vulnerabilities
Answer: D
Vulnerabilities are the gateways by which threats are manifested.
The professional pen tester will focus on automated methods to confirm whether the results in the vulnerability assessment report are positive or negative.
True
False
Answer: False
The professional pen tester will focus on manual methods to confirm whether the results in the vulnerability assessment report are positive or negative.
Which of the following can you use as a foundation when building a vulnerability assessment report?
A. Tools
B. Nmap
C. SQL Injection
D. Salami
Answer: A
You can use tools as a foundation when building a vulnerability assessment report.
What is common with most vulnerability assessment tools?
A. Command mode
B. GUI front end
C. ICMP traffic
D. Fragmented packets
Answer: B
Most vulnerability assessment tools have a GUI front end.
What is CVSSv2?
A. Latest version of the CVE
B. Latest version of CVS
C. Latest version of SANS Top 20 controls
D. None of these
Answer: D
CVSSv2 is the latest version of the Common Vulnerability Scoring System(CVSS).
Which of the following tools allows automation of patching from a single console for the entire network?
A. Nessus
B. LanGuard
C. IBM Security AppScan
D. None of these
Answer: B
LanGuard 2014 is now a perfect fit for mixed environments because it allows automation of patching from a single console for the entire network.
Nessus Enterprise provides four user levels.
True
False
Answer: True
Nessus Enterprise provides four user levels that enable managed access to all resources based on user and/or group permissions
How does MBSA determine security updates on Windows computers?
A. Windows agent
B. Windows security agent
C. Security agent
D. Missing patch agent
Answer: B
Security updates are determined by the current version of MBSA using the Windows update agent present on Windows computers.
Which of the following servers works as a daemon at the back end when a client is used at the front end? A. Nessus B. IBM Security AppScan C. MBSA D. iScanOnline
Answer: A
In Nessus the server works as a daemon at the back end and a client is used at the front end.