1: 7 Vulnerability Scanning

Question 1

What are the four steps of the vulnerability patching process?

Answer 1

1) Company learns of vulnerability
2) Developers analyze issue and develop patch
3 Company releases patch to customers
4) Customers apply patch to remediate vulnerability

Question 2

Vulnerability Management

Answer 2

Detects, remediates, and reports vulnerabilities

Question 3

What are the different types of vulnerability requirements an organization must follow?

Answer 3

Corporate policy, regulatory requirements, system security

Question 4

PCI DSS

Answer 4

Credit Card Management requirement documentation

Question 5

FISMA - NIST 853

Answer 5

Government requirement documentation

Question 6

Network Vulnerability Scan

Answer 6

Probes devices for security issues

Question 7

Application Scan

Answer 7

Tests code running on an organization’s devices

Question 8

Web Application Scan

Answer 8

Probes for risks such as SQL injection

Question 9

What is the best way to assess an organization’s vulnerabilties?

Answer 9

Pairing scans with configuration and log reviews

Question 10

What are the three ways to prioritize assets to be scanned?

Answer 10

Impact, Likelihood, Criticality

Question 11

Impact

Answer 11

Highest data classification handled by system

Question 12

Likelihood

Answer 12

Network exposure, what services are exposed to outside world

Question 13

Criticality

Answer 13

Impact the system has on business operations

Question 14

What are the ways an organization can configure a vulnerability scan

Answer 14

Target applications, schedule for certain groups, configure types of network pings, target ports, protocols to follow, testing accuracy

Question 15

What is a vulnerability scan plugin

Answer 15

The ability to test for one specific vulnerability.

Question 16

Scanner in the DMZ

Answer 16

Unrestricted access to webserver as it doesn’t have to pass through firewall (most clear view)

Question 17

Scanner on the network

Answer 17

Firewall may block some rules for scanner

Question 18

Scanner on the internet

Answer 18

Firewall will block most, scanner will see fewest vulnerabilities (attackers view)

Question 19

Agent-based Scans

Answer 19

Reaches out over network to probe

Question 20

Server-based Scans

Answer 20

Scanners installed on each target device and then report to system (more complex)

Question 21

Credentialed Scanning

Answer 21

Using passwords to log into systems (read only access, not admin credentials)

Question 22

SCAP

Answer 22

Security Content Authentication protocol - led by NIST - format for talking about issues

Question 23

CVSS

Answer 23

Common Vulnerability Scoring System - widely used to evaluate severity of vulnerability

Question 24

CCE

Answer 24

Common Configuration Enumeration - Consistent language when talking about system configuration

Question 25

CPEs

Answer 25

Common Platform Enumeration - Consistent language when talking about platform configuration

Question 26

CVE

Answer 26

Common Vulnerability Enumeration - Consistent language when talking about vulnerabilities

Question 27

XCCDF

Answer 27

Extensible Configuration Checklist Description Format - language for creating and sharing checklists

Question 28

OVAL

Answer 28

Open Vulnerability and Assessment Language - describe testing procedures in a programmatic fashion

Question 29

What is the scoring of the CVSS

Answer 29

10-point scale - based on 8 metrics

Question 30

What are the 8 metrics used to score the CVSS

Answer 30

UI User Interaction, Privileges Required Metric, Attack Complexity, Attack Vector, Confidentiality, Integrity, Availability, Scope

Question 31

How should the results of a scan be prioritized?

Answer 31

Vulnerability severity, system criticality, information sensitivity, remediation difficulty, system exposure

Question 32

Scan validation

Answer 32

Correlate scan results with other sources of information i.e. Industry Standards, Technical Information Sources, Trend Analysis