2.0 Vulnerability Management Flashcards
what should you consult to identify all systems that need to have a vulnerability scan?
the company’s asset inventory
what is a flaw, loophole, or weakness in the system, software, or hardware?
vulnerabiltiy
which scan has less of an impact on the network: agent-based or server-based?
agent-based vulnerability scans because they run on the device and only send the report to the centralized server
what are the two main factors that CompTIA list as factors for prioritizing vulnerability remediation?
criticality and difficulty of implementation
how often should vulnerability scans be carried out based on PCI-DSS standards?
every three months and whenever systems are updated
which SCAP component provides standardized names for security-related software flaws?
common vulnerabilities and exposures (CVE)2
what does the acronym CCE denote?
common configuration enumeration
which systems provides CCE and CVE identifiers for vulnerability scans?
security content automation protocol (SCAP)
which term is used for an agreement that is signed by two partnering companies?
business partners agreement (BPA)
what does the acronym CVE denote?
common vulnerabilities and exposures
which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?
memorandum of understanding (MoU)
what does the acronym SCAP denote?
security content automation protocol
which step of the vulnerability management process involves assessing the documented requirements and workflow to determine when scans should occur?
establish scanning frequency
why should you document workflow prior to setting up a vulnerability scan?
to help provide business constraints for the scan
which step of the vulnerability management process involves documenting the regulatory environment and corporate policy, classifying data, and obtaining an asset inventory?
identify requirements
in which situation will you accept a risk?
when the cost of the safeguard exceeds the amount of the potential loss
why should you deploy remediation in a sandbox environment?
to test the effects of the remediation to ensure that the devices will be able to function properly after deployment
what is the process for the vulnerability management process?
- identify requirements2. establish scanning frequency3. configure the tools to perform the scans according to specifications4. execute the scan5. generate scan reports6. provide remediation for discovered vulnerabilities
what does the acronym CVSS denote?
common vulnerability scoring system
what is a service level agreement (SLA)?
a contract between a network service provider and a customer that specifies the services the network service provider will furnish
which range of CVSS scores indicates low priority?
0.1 to 3.9
what is meant by the term vulnerability feed?
the updates to the vulnerability scanner that ensures that the scanner is able to recognize newly discovered vulnerabilities
which range of CVSS scores indicates high priority?
7.0 to 8.9
what happens with an agent-based vulnerability scan?
agents are installed on the devices to run the scan and send the report to a centralized server
which range of CVSS scores indicates medium priority?
4.0 to 6.9
what is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?
to accept the risk
which permissions should you assign the account used for the vulnerability scans?
read only
which SCAP component provides standard names for product names and versions?
common platform enumeration (CPE)
which step of the vulnerability management process includes scanning criteria, such as sensitivity levels, vulnerability feed, and scope?
configure the tools to perform the scans according to specifications
which range of CVSS scores indicates critical priority?
9.0 to 10.0
what is meant by the scope of a vulnerability scan?
the range of hosts or subnets included in the scan
what is the purpose of a discovery vulnerability scan?
to create an inventory of assets based on host or service discovery
which SCAP component provides a standardized metric that measures and describes the severity of security-related software flaws?
common vulnerability scoring system (CVSS)
what is the term Nessus uses for vulnerability feeds?
plug-ins
which type of vulnerability scan includes the appropriate permissions for the different data types?
credentialed scan
what does a CVSS score of 0 indicate?
no issues
what are the FIVE inhibitors to remediation after a vulnerability scan?
MOUsSLAsOrganizational GovernanceBusiness process interruptionDegrading functionality
what does the acronym CPE denote?
common platform enumeration (CPE)
what are the three possible values of the availability (A) metric of the CVSS vector, and what do they stand for?
N - NoneP - PartialC - Complete
which value of the authentication (Au) metric of the CVSS vector means no authentication mechanisms are in place to stop the exploitation of the vulnerability?
N
which CVSS metric describes the authentication on attacker would need to get through to exploit the vulnerability?
the authentication (Au) metric
which value of the access vector (AV) metric of the CVSS vector indicates that the attacker must have physical access to the affected system?
L
which value of the Access Vector (AV) metric of the CVSS vector indicates the attacker can cause the vulnerability from any network?
N
which value of the confidentiality (C) metric of the CVSS vector means all information on the system could be compromised?
C
which value of the Confidentiality (C) metric of the CVSS vector means some access to information would occur?
P
what are the three possible values of the Access Vector (AV) metric of the CVSS vector, and what do they stand for?
L - LocalA - AdjacentN - Network
which CVSS metric describes the difficulty of exploiting the vulnerability?
the access complexity (AC) metric
which CVSS metric describes the information disclosures that may occur if the vulnerability is exploited?
the confidentiality (C) metric
what are the three main possible values of the authentication (Au) metric of the CVSS vector, and what do they stand for?
M - MultipleS - SingleN - None
which value of the availability (A) metric of the CVSS vector means system performance is degraded?
P
which CVSS metric describes how the attacker would exploit the vulnerability?
the access vector (AV) metric
which value of the integrity (I) metric of the CVSS vector means some information modification would occur?
P
what are the three possible values of the confidentiality (C) metric of the CVSS vector, and what do they stand for?
N - NoneP - PartialC - Complete
which value of the integrity (I) metric of the CVSS vector means all information on the system could be compromised?
C
which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability does not require special conditions?
L
which value of the availability (A) metric of the CVSS vector means the system is completely shut down?
C
which CVSS metric describes the disruption that might occur if the vulnerability is exploited?
the availability (A) metric
what should you do for the false positives in a vulnerability scanning report once you have verified that they are indeed false?
configure exceptions for the false positives in the vulnerability scanner
what is meant by the term false negative in a vulnerability scan?
when the vulnerability scan indicated no vulnerabilities existed when, in fact, one was present
which value of the access vector (AV) metric of the CVSS vector indicates the attacker must be on the local network?
A
which value of the integrity (I) metric of the CVSS vector means there is no integrity impact?
N
which CVSS metric describes the type of data alteration that might occur?
the integrity (I) metric
which value of the Confidentiality (C) metric of the CVSS vector means there is no confidentiality impact?
N
which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through two or more authentication mechanisms?
M
which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through one authentication mechanism?
S
what are the three possible values of the Access Complexity (AC) metric of the CVSS vector, and what do they stand for?
H - HighM - MediumL - Low
what are the three possible values of the integrity (I) metric of the CVSS vector, and what do they stand for?
N - NoneP - PartialC - Complete
which value of the Availability (A) metric of the CVSS vector means there is no availability impact?
N
which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires somewhat special conditions?
M
which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires special conditions that are hard to find?
H
what should you do if you expect that there are false positives in a vulnerability scanning report?
verify the false positives to ensure that you can eliminate them from the report
in which type of attack is a user connected to a different web server than the one intended by the user?
hyperlink spoofing attack
what is meant by VM escape?
viruses and malware can migrate multiple VMs on a single server
which type of system does a stuxnet attack target?
a supervisory control and data acquisition (SCADA) system
which type of attack involves flooding a recipient e-mail address with identical e-mails?
spamming attack
what is a replay attack?
an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user
what is the purpose of GPS tracking on a mobile device?
it allows a mobile device to be located
what is a command injection?
when an operating system command is submitted in an HTML string
what is war chalking?
leaving signals about a wireless network on the outside of the building where it is housed
which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?
DDoS attack
which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?
a no expectation of privacy policy
how do you ensure that data is removed from a mobile device that has been stolen?
use a remote wipe or remote sanitation program
what is phishing?
when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received
what is click-jacking?
a technique that is used to trick users into revealing confidential information or taking over the user’s computer when clicking links
what does the acronym SCADA denote?
supervisory control and data acquisition
which type of attack allows an attacker to redirect internet traffic by setting up a fake DNS server to answer client requests?
DNS spoofing
what is the purpose of screen locks on mobile devices?
to prevent users from accessing the mobile device until a password or other factor is entered
which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?
a replay attack
why is it important to limit the use of flash drives and portable music devices by organization employees?
to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers
which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?
man-in-the-middle
should virtual servers have the same information security requirements as physical servers?
Yes
what is a smurf attack?
an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system
what causes VM sprawl to occur?
when multiple VMs become difficult to manage
what is an Xmas attack?
an attack that looks for open ports
what is an XML injection?
when a user enters values in an XML query that takes advantage of security loopholes
what is the purpose of SCADA?
to collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data
what does the acronym ICS denote?
industrial control system
which servers are susceptible to the same type of attacks as their hosts, including denial of service attacks, detection attack, and escape attacks?
virtual servers
what is spear phishing?
an e-mail request for confidential information that appears to come from your supervisor
what is the main difference between virtualization and cloud computing?
the location and ownership of the physical components
what is an evil twin?
an access point with the same SSID as the legitimate access point
what is vishing?
a special type of phishing that uses VoIP
where should you physically store mobile devices to prevent theft?
in a locked cabinet or safe
what is whaling?
a special type of phishing that targets a single power user, such as Chief Executive Officer (CEO)
what is the purpose of a remote sanitation application on a mobile device?
to ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen
which address is faked with IP spoofing attacks?
the source IP address
what is bluesnarfing?
the act of gaining unauthorized access to a device (and the network it is connected to) through its bluetooth connection
which attack uses clients, handles, agents, and targets?
DDoS attack
when does path traversal occur?
when the ../ characters are entered into the URL to traverse directories that are not supposed to be available from the Web
what is war driving?
the act of discovering unprotected wireless network by driving around with a laptop
which type of attack does challenge handshake authentication protocol (CHAP) protect against?
replay
what does the acronym DDoS denote?
distributed denial of service
what is header manipulation?
when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet
what is bluejacking?
an attack that sends unsolicited messages over a bluetooth connection
which attack requires that the hacker compromise as many computers as possible to initiate the attack?
DDoS attack
what is an IP spoofing attack?
an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source
which type of attack searches long lists of words for a particular language to match them to an encrypted password?
dictionary attack
why is GPS tracking often disabled?
it is considered a security threat. as long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located
what is spimming?
an instance of spam sent over an instant message application
what is malicious insider?
an employee who uses his access to the network and facility to obtain confidential information
what is the purpose of a screen lock on a mobile device?
to act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device
encrypting all files on a system hardens which major component of a server?
the file system
what is an IV attack?
cracking the WEP secret key using the initialization vector (IV)
what is pharming?
traffic redirection to a web site that looks identical to the intended web site
what is the purpose of mobile device encryption?
to ensure that the contents of the mobile device are confidential
which type of attack sequentially generates every possible password and checks them all against a password file?
brute force attack
which type of brute-force attack attempts to find any two hashed messages that have the same value?
a birthday attack
