1.0 Identify

Question 1

Active

Answer 1

Active fingerprinting is performed with a scanning tool that sends specifically crafted packets and examines their responses to determine the operating system version and service-related information

Question 2

Passive

Answer 2

Passive fingerprinting attempts to learn more about a targeted service without the targeted service without the target knowing it. A form of packet sniffing.

Question 3

Nessus

Answer 3

Tenable Nessus is a comprehensive vulnerability scanner that provides high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis

Question 4

Nmap

Answer 4

Nmap can help a pen tester by scanning the status of network ports, enumerating the host information like its operating system, and identifying the IP address of all active hosts on a network

Question 5

Switch Port analyzer (SPAN) ports

Answer 5

SPAN is an approach in which a network appliance (switch or router) takes the network packets that flow to and from one main port (or VLAN) on the device, then copies those packets to another port (mirror port). The mirror port then forwards the copied packets to the network monitoring system.

Question 6

Test access point (TAP) devices

Answer 6

TAP is not a port on an existing device, but a dedicated device itself. The TAP device sits between network appliances, often between a switch and router, and forwards both incoming and outgoing packets between those appliances to a security monitoring system. Packets are also copied to separate monitoring ports on the TAP device (one for incoming traffic, one for outgoing).

Question 7

service-level agreements (SLAs)

Answer 7

Clearly defines what services are to be provided to the client, and what support, if any, will be provided.

Question 8

Common Vulnerability Scoring System (CVSS)

Answer 8

A risk management approach to quantifying vulnerability data and then taking into account the severity of harm to different types of systems or information

Question 9

Common Vulnerabilities and Exposures (CVE)

Answer 9

A database of software-related vulnerabilities. Maintained by the MITRE Corporation

Question 10

Common Weakness Enumeration (CWE)

Answer 10

Sponsored by MITRE, provides a catalog of software weaknesses and vulnerabilities, with the goal of reducing security-related software flaws and creating automated tools to identify, correct, and prevent such flaws

Question 11

Common Attack Pattern Enumeration and Classification (CAPEC)

Answer 11

A database that classifies specific attack patterns. Maintained by the MITRE Corporation

Question 12

Threat Modeling

Answer 12

The process of identifying and assessing the possible attack vectors that target systems.
1. Identify security objectives and requirements
2. Identify the architecture of the target system, including its components, roles, services, and dependencies
3.Decompose the system further to identify how it functions and how those functions can be vulnerable
4. Identify know threats to the target system
5. Determine ways to mitigate these threats

Question 13

Network topology and architecture information

Question 14

Collect artifacts and evidence based on volatility level

Question 15

Assets and underlying risks

Question 16

Data collection

Question 17

Data analysis and e-discovery

Question 18

Threat targets

Answer 18

Individuals
Non-profit associations
Corporations
Governments
Critical Infrastructure
Systems

Question 19

Mobile

Question 20

IOT

Question 21

SCADA

Question 22

ICS

Question 23

PLC

Question 24

Threat actors

Question 25

Threat motives/reasons

Question 26

Threat intent

Question 27

Attack Phases

Question 28

Attack Vectors

Question 29

Technique criteria

Question 30

GDPR

Question 31

HIPAA

Question 32

COPPA

Question 33

GLBA

Question 34

CAN-SPAM

Question 35

National Privacy laws

Question 36

NIST Privacy Framework

Question 37

ISO/IEC 27000 series

Question 38

ISO 29100

Question 39

AICPA/CICA Generally Accepted Privacy Principles (GAPP)

Question 40

Federal Trade Commission

Question 41

ANSI/ISA-62443

Question 42

NIST Special Publication 800 series

Question 43

Standard of Good Practice from ISF

Question 44

NERC 1300

Question 45

RFC 2196

Question 46

PCI DSS

Question 47

SSAE 18

Question 48

NIST Cybersecurity Framework

Question 49

CIS Critical Security Controls

Question 50

COBIT

Question 51

NIST Special Publication 800-61

Question 52

DOD Risk Management Framework (RMF)

Question 53

IT Assurance Framework (ITAF)

Question 54

OWASP

Question 55

MITRE

Question 56

CAPEC

Question 57

CSA

Question 58

Critical assets and data

Question 59

Establish scope

Question 60

Determine vulnerability assessment frequency

Question 61

Identify common areas of vulnerability

Question 62

Users

Question 63

Internal acceptable use policies

Question 64

Operating systems

Question 65

Networking software

Question 66

Network operations and management

Question 67

Firewall

Question 68

Database software

Question 69

Access points

Question 70

Routers

Question 71

Wireless Routers

Question 72

Switches

Question 73

Firewall

Question 74

Modems

Question 75

Network Address Translation (NAT)

Question 76

Network configurations

Question 77

Network services

Question 78

DSL

Question 79

Wireless protocols

Question 80

Ip addressing

Question 81

Configuration files

Question 82

IOC information

Question 83

Perform Vulnerability assessment

Answer 83

Determining scanning criteria
Utilize scanning tools
Identify and assess exposures
Generate reports

Question 84

Conduct post-assessment tasks

Answer 84

Remediate/mitigate vulnerabilities
Recovery planning processes and procedures

Question 85

Hardening

Question 86

Patches

Question 87

Conduct audit/validate action was taken

Question 88

Vendor agreements, NDAs, and vendor assessment questionnaires