2.0 Vulnerability Management Flashcards by paulo guiao

what should you consult to identify all systems that need to have a vulnerability scan?

the company’s asset inventory

How well did you know this?

Not at all

Perfectly

what is a flaw, loophole, or weakness in the system, software, or hardware?

vulnerabiltiy

How well did you know this?

Not at all

Perfectly

which scan has less of an impact on the network: agent-based or server-based?

agent-based vulnerability scans because they run on the device and only send the report to the centralized server

How well did you know this?

Not at all

Perfectly

what are the two main factors that CompTIA list as factors for prioritizing vulnerability remediation?

criticality and difficulty of implementation

How well did you know this?

Not at all

Perfectly

how often should vulnerability scans be carried out based on PCI-DSS standards?

every three months and whenever systems are updated

How well did you know this?

Not at all

Perfectly

which SCAP component provides standardized names for security-related software flaws?

common vulnerabilities and exposures (CVE)2

How well did you know this?

Not at all

Perfectly

what does the acronym CCE denote?

common configuration enumeration

How well did you know this?

Not at all

Perfectly

which systems provides CCE and CVE identifiers for vulnerability scans?

security content automation protocol (SCAP)

How well did you know this?

Not at all

Perfectly

which term is used for an agreement that is signed by two partnering companies?

business partners agreement (BPA)

How well did you know this?

Not at all

Perfectly

what does the acronym CVE denote?

common vulnerabilities and exposures

How well did you know this?

Not at all

Perfectly

which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?

memorandum of understanding (MoU)

How well did you know this?

Not at all

Perfectly

what does the acronym SCAP denote?

security content automation protocol

How well did you know this?

Not at all

Perfectly

which step of the vulnerability management process involves assessing the documented requirements and workflow to determine when scans should occur?

establish scanning frequency

How well did you know this?

Not at all

Perfectly

why should you document workflow prior to setting up a vulnerability scan?

to help provide business constraints for the scan

How well did you know this?

Not at all

Perfectly

which step of the vulnerability management process involves documenting the regulatory environment and corporate policy, classifying data, and obtaining an asset inventory?

identify requirements

How well did you know this?

Not at all

Perfectly

in which situation will you accept a risk?

when the cost of the safeguard exceeds the amount of the potential loss

How well did you know this?

Not at all

Perfectly

why should you deploy remediation in a sandbox environment?

to test the effects of the remediation to ensure that the devices will be able to function properly after deployment

How well did you know this?

Not at all

Perfectly

what is the process for the vulnerability management process?

identify requirements2. establish scanning frequency3. configure the tools to perform the scans according to specifications4. execute the scan5. generate scan reports6. provide remediation for discovered vulnerabilities

How well did you know this?

Not at all

Perfectly

what does the acronym CVSS denote?

common vulnerability scoring system

How well did you know this?

Not at all

Perfectly

what is a service level agreement (SLA)?

a contract between a network service provider and a customer that specifies the services the network service provider will furnish

How well did you know this?

Not at all

Perfectly

which range of CVSS scores indicates low priority?

0.1 to 3.9

How well did you know this?

Not at all

Perfectly

what is meant by the term vulnerability feed?

the updates to the vulnerability scanner that ensures that the scanner is able to recognize newly discovered vulnerabilities

How well did you know this?

Not at all

Perfectly

which range of CVSS scores indicates high priority?

7.0 to 8.9

How well did you know this?

Not at all

Perfectly

what happens with an agent-based vulnerability scan?

agents are installed on the devices to run the scan and send the report to a centralized server

How well did you know this?

Not at all

Perfectly

which range of CVSS scores indicates medium priority?

4.0 to 6.9

what is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?

to accept the risk

which permissions should you assign the account used for the vulnerability scans?

read only

which SCAP component provides standard names for product names and versions?

common platform enumeration (CPE)

which step of the vulnerability management process includes scanning criteria, such as sensitivity levels, vulnerability feed, and scope?

configure the tools to perform the scans according to specifications

which range of CVSS scores indicates critical priority?

9.0 to 10.0

what is meant by the scope of a vulnerability scan?

the range of hosts or subnets included in the scan

what is the purpose of a discovery vulnerability scan?

to create an inventory of assets based on host or service discovery

which SCAP component provides a standardized metric that measures and describes the severity of security-related software flaws?

common vulnerability scoring system (CVSS)

what is the term Nessus uses for vulnerability feeds?

plug-ins

which type of vulnerability scan includes the appropriate permissions for the different data types?

credentialed scan

what does a CVSS score of 0 indicate?

no issues

what are the FIVE inhibitors to remediation after a vulnerability scan?

MOUsSLAsOrganizational GovernanceBusiness process interruptionDegrading functionality

what does the acronym CPE denote?

common platform enumeration (CPE)

what are the three possible values of the availability (A) metric of the CVSS vector, and what do they stand for?

N - NoneP - PartialC - Complete

which value of the authentication (Au) metric of the CVSS vector means no authentication mechanisms are in place to stop the exploitation of the vulnerability?

which CVSS metric describes the authentication on attacker would need to get through to exploit the vulnerability?

the authentication (Au) metric

which value of the access vector (AV) metric of the CVSS vector indicates that the attacker must have physical access to the affected system?

which value of the Access Vector (AV) metric of the CVSS vector indicates the attacker can cause the vulnerability from any network?

which value of the confidentiality (C) metric of the CVSS vector means all information on the system could be compromised?

which value of the Confidentiality (C) metric of the CVSS vector means some access to information would occur?

what are the three possible values of the Access Vector (AV) metric of the CVSS vector, and what do they stand for?

L - LocalA - AdjacentN - Network

which CVSS metric describes the difficulty of exploiting the vulnerability?

the access complexity (AC) metric

which CVSS metric describes the information disclosures that may occur if the vulnerability is exploited?

the confidentiality (C) metric

what are the three main possible values of the authentication (Au) metric of the CVSS vector, and what do they stand for?

M - MultipleS - SingleN - None

which value of the availability (A) metric of the CVSS vector means system performance is degraded?

which CVSS metric describes how the attacker would exploit the vulnerability?

the access vector (AV) metric

which value of the integrity (I) metric of the CVSS vector means some information modification would occur?

what are the three possible values of the confidentiality (C) metric of the CVSS vector, and what do they stand for?

N - NoneP - PartialC - Complete

which value of the integrity (I) metric of the CVSS vector means all information on the system could be compromised?

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability does not require special conditions?

which value of the availability (A) metric of the CVSS vector means the system is completely shut down?

which CVSS metric describes the disruption that might occur if the vulnerability is exploited?

the availability (A) metric

what should you do for the false positives in a vulnerability scanning report once you have verified that they are indeed false?

configure exceptions for the false positives in the vulnerability scanner

what is meant by the term false negative in a vulnerability scan?

when the vulnerability scan indicated no vulnerabilities existed when, in fact, one was present

which value of the access vector (AV) metric of the CVSS vector indicates the attacker must be on the local network?

which value of the integrity (I) metric of the CVSS vector means there is no integrity impact?

which CVSS metric describes the type of data alteration that might occur?

the integrity (I) metric

which value of the Confidentiality (C) metric of the CVSS vector means there is no confidentiality impact?

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through two or more authentication mechanisms?

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through one authentication mechanism?

what are the three possible values of the Access Complexity (AC) metric of the CVSS vector, and what do they stand for?

H - HighM - MediumL - Low

what are the three possible values of the integrity (I) metric of the CVSS vector, and what do they stand for?

N - NoneP - PartialC - Complete

which value of the Availability (A) metric of the CVSS vector means there is no availability impact?

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires somewhat special conditions?

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires special conditions that are hard to find?

what should you do if you expect that there are false positives in a vulnerability scanning report?

verify the false positives to ensure that you can eliminate them from the report

in which type of attack is a user connected to a different web server than the one intended by the user?

hyperlink spoofing attack

what is meant by VM escape?

viruses and malware can migrate multiple VMs on a single server

which type of system does a stuxnet attack target?

a supervisory control and data acquisition (SCADA) system

which type of attack involves flooding a recipient e-mail address with identical e-mails?

spamming attack

what is a replay attack?

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

what is the purpose of GPS tracking on a mobile device?

it allows a mobile device to be located

what is a command injection?

when an operating system command is submitted in an HTML string

what is war chalking?

leaving signals about a wireless network on the outside of the building where it is housed

which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

DDoS attack

which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

a no expectation of privacy policy

how do you ensure that data is removed from a mobile device that has been stolen?

use a remote wipe or remote sanitation program

what is phishing?

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

what is click-jacking?

a technique that is used to trick users into revealing confidential information or taking over the user's computer when clicking links

what does the acronym SCADA denote?

supervisory control and data acquisition

which type of attack allows an attacker to redirect internet traffic by setting up a fake DNS server to answer client requests?

DNS spoofing

what is the purpose of screen locks on mobile devices?

to prevent users from accessing the mobile device until a password or other factor is entered

which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

a replay attack

why is it important to limit the use of flash drives and portable music devices by organization employees?

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

man-in-the-middle

should virtual servers have the same information security requirements as physical servers?

Yes

what is a smurf attack?

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

what causes VM sprawl to occur?

when multiple VMs become difficult to manage

what is an Xmas attack?

an attack that looks for open ports

what is an XML injection?

when a user enters values in an XML query that takes advantage of security loopholes

what is the purpose of SCADA?

to collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

what does the acronym ICS denote?

industrial control system

which servers are susceptible to the same type of attacks as their hosts, including denial of service attacks, detection attack, and escape attacks?

virtual servers

what is spear phishing?

an e-mail request for confidential information that appears to come from your supervisor

what is the main difference between virtualization and cloud computing?

the location and ownership of the physical components

what is an evil twin?

an access point with the same SSID as the legitimate access point

what is vishing?

a special type of phishing that uses VoIP

where should you physically store mobile devices to prevent theft?

in a locked cabinet or safe

what is whaling?

a special type of phishing that targets a single power user, such as Chief Executive Officer (CEO)

what is the purpose of a remote sanitation application on a mobile device?

to ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen

which address is faked with IP spoofing attacks?

the source IP address

what is bluesnarfing?

the act of gaining unauthorized access to a device (and the network it is connected to) through its bluetooth connection

which attack uses clients, handles, agents, and targets?

DDoS attack

when does path traversal occur?

when the ../ characters are entered into the URL to traverse directories that are not supposed to be available from the Web

what is war driving?

the act of discovering unprotected wireless network by driving around with a laptop

which type of attack does challenge handshake authentication protocol (CHAP) protect against?

replay

what does the acronym DDoS denote?

distributed denial of service

what is header manipulation?

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

what is bluejacking?

an attack that sends unsolicited messages over a bluetooth connection

which attack requires that the hacker compromise as many computers as possible to initiate the attack?

DDoS attack

what is an IP spoofing attack?

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

which type of attack searches long lists of words for a particular language to match them to an encrypted password?

dictionary attack

why is GPS tracking often disabled?

it is considered a security threat. as long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located

what is spimming?

an instance of spam sent over an instant message application

what is malicious insider?

an employee who uses his access to the network and facility to obtain confidential information

what is the purpose of a screen lock on a mobile device?

to act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device

encrypting all files on a system hardens which major component of a server?

the file system

what is an IV attack?

cracking the WEP secret key using the initialization vector (IV)

what is pharming?

traffic redirection to a web site that looks identical to the intended web site

what is the purpose of mobile device encryption?

to ensure that the contents of the mobile device are confidential

which type of attack sequentially generates every possible password and checks them all against a password file?

brute force attack

which type of brute-force attack attempts to find any two hashed messages that have the same value?

a birthday attack