1.7 Security Assessment Techniques Flashcards

1
Q

Define Threat Hunting: Intelligence Fusion

A

Combining internal security log data with threat feeds from external sources to identify attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Threat Hunting: Advisories & Bulletins

A

Monitoring resources provided by external entities listing new and emerging threats and vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Threat Hunting: Maneuver

A

Thinking like an attacker to identify trends/patterns that may indicate an attack or breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Vulnerability scan: false positive

A

Detection of a vulnerability when one doesn’t actually exist, an error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define vulnerability scan: false negative

A

When a vulnerability scan fails to detect an existing vulnerability, this is dangerous

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define vulnerability scan: credentialed

A

Running the scan as a logged in user to determine vulnerabilities that a non-credentialed scan might not detect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define vulnerability scan: non-credentialed

A

Running the scan as an external user that does not have any permissions to the systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define vulnerability scan: intrusive vs non-intrusive

A
  1. non-intrusive scan simply identifies vulnerabilities
  2. intrusive scan actually tries to exploit any vulnerabilities found
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define vulnerability scan: application

A

Specific desktop applications, such as MS Word, may have vulnerabilities that need to be patched

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define vulnerability scan: web application

A

Web-application software, such as Python, might have vulnerabilities and need to be patched

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define vulnerability scan: network

A

Vulnerabilities within network hardware/devices, such as open ports or a misconfigured firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can Common Vulnerabilities & Exposures (CVE) data help with vulnerability scans?

A

CVE (common vulnerabilities and exposures) are databases of threats that can be referenced by vulnerability scanners for more information on vulnerabilities found by scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is CVSS?

A

Common Vulnerability Scoring System, a scoring system from 1-10 to indicate how serious a vulnerability is

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Vulnerability scan: Configuration review

A

Review of configurations, such as accounts on a workstation or server, firewall ACLs, to check for any misconfigurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define Security Information and Event Management (SIEM

A

A central repository where all logging information, such as security logs, network traffic logs, etc.. is aggregated for analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does SIEM help from a security stand-point?

A

It can create reports summarizing information from logs to allow easier identification of anomalies or potential attacks/threats

17
Q

Define user behavior analysis relative to SIEM

A

Establishes a baseline of how users normally interact with systems in order to identify anomalies that might represent a threat/attack

18
Q

Define sentiment analysis

A

Understanding how the public feels about your organization which may provide motivation for attackers

19
Q

Define log collectors relative to SIEM

A

The log collector is able to collect logs from disparate systems, such as Linux, Windows, and include them in the SIEM database

20
Q

Define log aggregation relative to SIEM

A

The combination of log information from different systems into a single database for analysis

21
Q

Define Security Orchestration Automation and Response (SOAR), 2 capabilities

A
  1. Automate manual and tedious tasks to ensure security is applied en masse
  2. Dynamically apply security in response to real-time events