2.0 Vulnerability Management

Question 1

Map scans

Question 2

Device fingerprinting

Question 3

Scheduling

Question 4

Operations

Question 5

Performance

Question 6

Sensitivity levels

Question 7

Segmentation

Question 8

Regulatory requirements

Question 9

Internal vs. external scanning

Question 10

Agent vs. agentless

Question 11

Credentialed vs. non-credentialed

Question 12

Passive vs. active

Question 13

Static vs. dymanic

Question 14

Reverse engineering

Question 15

Fuzzing

Question 16

Operational technology (OT)

Question 17

Industrial control systems (ICS)

Question 18

Supervisory control and data acquisition (SCADA)

Question 19

Security baseline scanning

Question 20

Payment Card Industry Data Security Standard (PCI DSS)

Question 21

Center for Internet Security (CIS) benchmarks

Question 22

Open Web Application Security Project (OWASP)

Question 23

International Organization for Standardization (ISO) 27000 series

Question 24

Angry IP Scanner

Question 25

Maltego

Question 26

Burp Suite

Question 27

Zed Attack Proxy (ZAP)

Question 28

Arachni

Question 29

Nikto

Question 30

Nessus

Question 31

OpenVAS

Question 32

Immunity debugger

Question 33

GNU debugger (GDB)

Question 34

Nmap

Question 35

Metasploit framework (MSF)

Question 36

Recon-ng

Question 37

Scout Suite

Question 38

Prowler

Question 39

Pacu

Question 40

Common Vulnerability Scoring System (CVSS) Interpretation

Question 41

Attack vectors

Question 42

Attack complexity

Question 43

Privileges required

Question 44

User interaction

Question 45

Scope

Question 46

Impact

Answer 46

Confidentiality
Integrity
Availability

Question 47

True/false positives

Question 48

True/false negatives

Question 49

Internal

Question 50

External

Question 51

Isolated

Question 52

Exploitability/weaponization

Question 53

Asset value

Question 54

Zero-day

Question 55

Cross-site scripting

Question 56

Reflected

Question 57

Persistent

Question 58

Buffer overflow

Question 59

Integer overflow

Question 60

Heap overflow

Question 61

Stack overflow

Question 62

Data poisoning

Question 63

Broken access control

Question 64

Cryptographic failures

Question 65

Injection flaws

Question 66

Cross-site request forgery

Question 67

Directory traversal

Question 68

Insecure design

Question 69

Security misconfiguration

Question 70

End-of-life or outdated components

Question 71

Identification and authentication failures

Question 72

Server-side request forgery

Question 73

Remote code execution

Question 74

Privilege escalation

Question 75

Local file inclusion (LFI)/remote file inclusion (RFI)

Question 76

Compensating control

Question 77

Managerial

Question 78

Operational

Question 79

Technical

Question 80

Preventative

Question 81

Detective

Question 82

Responsive

Question 83

Corrective

Question 84

Testing

Question 85

Implementation

Question 86

Rollback

Question 87

Validation

Question 88

Maintenance windows

Question 89

Exceptions

Question 90

Accept

Question 91

Transfer

Question 92

Avoid

Question 93

Mitigate

Question 94

Policies, governance, and service level objectives (SLO)

Question 95

Prioritization and escalation

Question 96

Edge discovery

Question 97

Passive discovery

Question 98

Security controls testing

Question 99

Penetration testing and adversary emulation

Question 100

Bug bounty

Question 101

Attack surface reduction

Question 102

Input validation

Question 103

Output encoding

Question 104

Session management

Question 105

Authentication

Question 106

Data protection

Question 107

Parameterized queries

Question 108

Secure software development life cycle (SDLC)

Question 109

Threat modeling