Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Practice > (12) Reporting Vulnerabilities > Flashcards

(12) Reporting Vulnerabilities Flashcards

1
Q

What should vulnerability reports include?

A

Vulnerability reports should include:

-Vulnerabilities and their associated information and a list of affected hosts with associated information

-A qualitative risk score and mitigation options

-Information about recurrence and prioritization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What options are available for vulnerability management reports in terms of automation?

A

Vulnerability management reports are automated normally because they are recurring. .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is important about vulnerability information on reports?

A

The importance of vulnerability information is huge because there has to be ways to flag false positives and workarounds, in order to do something about any change or need that the infrastructure has.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the stakeholder categories that need to be known for proper vulnerability reporting?

A

Stakeholder categories include:

-Technical

-Security, audit, and compliance

-Security management and oversight systems

-Executive or leadership staff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How often should compliance reporting be conducted?

A

Compliance reporting should be conducted regularly, and should meet the reporting requirements that the standard requires

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What vulnerability management plans new to be in place?

A

There needs to be action plans around

-Configuration management

-Patching

-Compensating controls

-Awareness, Education, and Training

-Changing Business Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 5 Metrics/KPIs that should be in place to review the vulnerability management system?

A

The top vulnerability management system Metrics/KPIs include

-Trends

-Top 10 lists

-Critical Vulnerabilities

-Zero-days

-Service level objectives (SLOs) (describe specific metrics like tie to remediate or patch, which are probably part of an SLA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some reasons that remediation might not happen?

A

Some reasons that remediation might not happen include:

-MOUs and SLAs

-Organizational governance, business process interruption and degrading functionality

-Legacy or proprietary systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What should happen if and when an inhibitor to remediation occurs?

A

A risk and policy based decision will need to be made about what should happen. The issue and decision should be fully documented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Practice (89 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions