2.0 Vulnerability Management

Question 1

what should you consult to identify all systems that need to have a vulnerability scan?

Answer 1

the company’s asset inventory

Question 2

what is a flaw, loophole, or weakness in the system, software, or hardware?

Answer 2

vulnerabiltiy

Question 3

which scan has less of an impact on the network: agent-based or server-based?

Answer 3

agent-based vulnerability scans because they run on the device and only send the report to the centralized server

Question 4

what are the two main factors that CompTIA list as factors for prioritizing vulnerability remediation?

Answer 4

criticality and difficulty of implementation

Question 5

how often should vulnerability scans be carried out based on PCI-DSS standards?

Answer 5

every three months and whenever systems are updated

Question 6

which SCAP component provides standardized names for security-related software flaws?

Answer 6

common vulnerabilities and exposures (CVE)2

Question 7

what does the acronym CCE denote?

Answer 7

common configuration enumeration

Question 8

which systems provides CCE and CVE identifiers for vulnerability scans?

Answer 8

security content automation protocol (SCAP)

Question 9

which term is used for an agreement that is signed by two partnering companies?

Answer 9

business partners agreement (BPA)

Question 10

what does the acronym CVE denote?

Answer 10

common vulnerabilities and exposures

Question 11

which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?

Answer 11

memorandum of understanding (MoU)

Question 12

what does the acronym SCAP denote?

Answer 12

security content automation protocol

Question 13

which step of the vulnerability management process involves assessing the documented requirements and workflow to determine when scans should occur?

Answer 13

establish scanning frequency

Question 14

why should you document workflow prior to setting up a vulnerability scan?

Answer 14

to help provide business constraints for the scan

Question 15

which step of the vulnerability management process involves documenting the regulatory environment and corporate policy, classifying data, and obtaining an asset inventory?

Answer 15

identify requirements

Question 16

in which situation will you accept a risk?

Answer 16

when the cost of the safeguard exceeds the amount of the potential loss

Question 17

why should you deploy remediation in a sandbox environment?

Answer 17

to test the effects of the remediation to ensure that the devices will be able to function properly after deployment

Question 18

what is the process for the vulnerability management process?

Answer 18

1. identify requirements2. establish scanning frequency3. configure the tools to perform the scans according to specifications4. execute the scan5. generate scan reports6. provide remediation for discovered vulnerabilities

Question 19

what does the acronym CVSS denote?

Answer 19

common vulnerability scoring system

Question 20

what is a service level agreement (SLA)?

Answer 20

a contract between a network service provider and a customer that specifies the services the network service provider will furnish

Question 21

which range of CVSS scores indicates low priority?

Answer 21

0.1 to 3.9

Question 22

what is meant by the term vulnerability feed?

Answer 22

the updates to the vulnerability scanner that ensures that the scanner is able to recognize newly discovered vulnerabilities

Question 23

which range of CVSS scores indicates high priority?

Answer 23

7.0 to 8.9

Question 24

what happens with an agent-based vulnerability scan?

Answer 24

agents are installed on the devices to run the scan and send the report to a centralized server

Question 25

which range of CVSS scores indicates medium priority?

Answer 25

4.0 to 6.9

Question 26

what is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?

Answer 26

to accept the risk

Question 27

which permissions should you assign the account used for the vulnerability scans?

Answer 27

read only

Question 28

which SCAP component provides standard names for product names and versions?

Answer 28

common platform enumeration (CPE)

Question 29

which step of the vulnerability management process includes scanning criteria, such as sensitivity levels, vulnerability feed, and scope?

Answer 29

configure the tools to perform the scans according to specifications

Question 30

which range of CVSS scores indicates critical priority?

Answer 30

9.0 to 10.0

Question 31

what is meant by the scope of a vulnerability scan?

Answer 31

the range of hosts or subnets included in the scan

Question 32

what is the purpose of a discovery vulnerability scan?

Answer 32

to create an inventory of assets based on host or service discovery

Question 33

which SCAP component provides a standardized metric that measures and describes the severity of security-related software flaws?

Answer 33

common vulnerability scoring system (CVSS)

Question 34

what is the term Nessus uses for vulnerability feeds?

Answer 34

plug-ins

Question 35

which type of vulnerability scan includes the appropriate permissions for the different data types?

Answer 35

credentialed scan

Question 36

what does a CVSS score of 0 indicate?

Answer 36

no issues

Question 37

what are the FIVE inhibitors to remediation after a vulnerability scan?

Answer 37

MOUsSLAsOrganizational GovernanceBusiness process interruptionDegrading functionality

Question 38

what does the acronym CPE denote?

Answer 38

common platform enumeration (CPE)

Question 39

what are the three possible values of the availability (A) metric of the CVSS vector, and what do they stand for?

Answer 39

N - NoneP - PartialC - Complete

Question 40

which value of the authentication (Au) metric of the CVSS vector means no authentication mechanisms are in place to stop the exploitation of the vulnerability?

Answer 40

N

Question 41

which CVSS metric describes the authentication on attacker would need to get through to exploit the vulnerability?

Answer 41

the authentication (Au) metric

Question 42

which value of the access vector (AV) metric of the CVSS vector indicates that the attacker must have physical access to the affected system?

Answer 42

L

Question 43

which value of the Access Vector (AV) metric of the CVSS vector indicates the attacker can cause the vulnerability from any network?

Answer 43

N

Question 44

which value of the confidentiality (C) metric of the CVSS vector means all information on the system could be compromised?

Answer 44

C

Question 45

which value of the Confidentiality (C) metric of the CVSS vector means some access to information would occur?

Answer 45

P

Question 46

what are the three possible values of the Access Vector (AV) metric of the CVSS vector, and what do they stand for?

Answer 46

L - LocalA - AdjacentN - Network

Question 47

which CVSS metric describes the difficulty of exploiting the vulnerability?

Answer 47

the access complexity (AC) metric

Question 48

which CVSS metric describes the information disclosures that may occur if the vulnerability is exploited?

Answer 48

the confidentiality (C) metric

Question 49

what are the three main possible values of the authentication (Au) metric of the CVSS vector, and what do they stand for?

Answer 49

M - MultipleS - SingleN - None

Question 50

which value of the availability (A) metric of the CVSS vector means system performance is degraded?

Answer 50

P

Question 51

which CVSS metric describes how the attacker would exploit the vulnerability?

Answer 51

the access vector (AV) metric

Question 52

which value of the integrity (I) metric of the CVSS vector means some information modification would occur?

Answer 52

P

Question 53

what are the three possible values of the confidentiality (C) metric of the CVSS vector, and what do they stand for?

Answer 53

N - NoneP - PartialC - Complete

Question 54

which value of the integrity (I) metric of the CVSS vector means all information on the system could be compromised?

Answer 54

C

Question 55

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability does not require special conditions?

Answer 55

L

Question 56

which value of the availability (A) metric of the CVSS vector means the system is completely shut down?

Answer 56

C

Question 57

which CVSS metric describes the disruption that might occur if the vulnerability is exploited?

Answer 57

the availability (A) metric

Question 58

what should you do for the false positives in a vulnerability scanning report once you have verified that they are indeed false?

Answer 58

configure exceptions for the false positives in the vulnerability scanner

Question 59

what is meant by the term false negative in a vulnerability scan?

Answer 59

when the vulnerability scan indicated no vulnerabilities existed when, in fact, one was present

Question 60

which value of the access vector (AV) metric of the CVSS vector indicates the attacker must be on the local network?

Answer 60

A

Question 61

which value of the integrity (I) metric of the CVSS vector means there is no integrity impact?

Answer 61

N

Question 62

which CVSS metric describes the type of data alteration that might occur?

Answer 62

the integrity (I) metric

Question 63

which value of the Confidentiality (C) metric of the CVSS vector means there is no confidentiality impact?

Answer 63

N

Question 64

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through two or more authentication mechanisms?

Answer 64

M

Question 65

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through one authentication mechanism?

Answer 65

S

Question 66

what are the three possible values of the Access Complexity (AC) metric of the CVSS vector, and what do they stand for?

Answer 66

H - HighM - MediumL - Low

Question 67

what are the three possible values of the integrity (I) metric of the CVSS vector, and what do they stand for?

Answer 67

N - NoneP - PartialC - Complete

Question 68

which value of the Availability (A) metric of the CVSS vector means there is no availability impact?

Answer 68

N

Question 69

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires somewhat special conditions?

Answer 69

M

Question 70

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires special conditions that are hard to find?

Answer 70

H

Question 71

what should you do if you expect that there are false positives in a vulnerability scanning report?

Answer 71

verify the false positives to ensure that you can eliminate them from the report

Question 72

in which type of attack is a user connected to a different web server than the one intended by the user?

Answer 72

hyperlink spoofing attack

Question 73

what is meant by VM escape?

Answer 73

viruses and malware can migrate multiple VMs on a single server

Question 74

which type of system does a stuxnet attack target?

Answer 74

a supervisory control and data acquisition (SCADA) system

Question 75

which type of attack involves flooding a recipient e-mail address with identical e-mails?

Answer 75

spamming attack

Question 76

what is a replay attack?

Answer 76

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

Question 77

what is the purpose of GPS tracking on a mobile device?

Answer 77

it allows a mobile device to be located

Question 78

what is a command injection?

Answer 78

when an operating system command is submitted in an HTML string

Question 79

what is war chalking?

Answer 79

leaving signals about a wireless network on the outside of the building where it is housed

Question 80

which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

Answer 80

DDoS attack

Question 81

which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

Answer 81

a no expectation of privacy policy

Question 82

how do you ensure that data is removed from a mobile device that has been stolen?

Answer 82

use a remote wipe or remote sanitation program

Question 83

what is phishing?

Answer 83

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

Question 84

what is click-jacking?

Answer 84

a technique that is used to trick users into revealing confidential information or taking over the user’s computer when clicking links

Question 85

what does the acronym SCADA denote?

Answer 85

supervisory control and data acquisition

Question 86

which type of attack allows an attacker to redirect internet traffic by setting up a fake DNS server to answer client requests?

Answer 86

DNS spoofing

Question 87

what is the purpose of screen locks on mobile devices?

Answer 87

to prevent users from accessing the mobile device until a password or other factor is entered

Question 88

which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

Answer 88

a replay attack

Question 89

why is it important to limit the use of flash drives and portable music devices by organization employees?

Answer 89

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

Question 90

which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

Answer 90

man-in-the-middle

Question 91

should virtual servers have the same information security requirements as physical servers?

Answer 91

Yes

Question 92

what is a smurf attack?

Answer 92

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

Question 93

what causes VM sprawl to occur?

Answer 93

when multiple VMs become difficult to manage

Question 94

what is an Xmas attack?

Answer 94

an attack that looks for open ports

Question 95

what is an XML injection?

Answer 95

when a user enters values in an XML query that takes advantage of security loopholes

Question 96

what is the purpose of SCADA?

Answer 96

to collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

Question 97

what does the acronym ICS denote?

Answer 97

industrial control system

Question 98

which servers are susceptible to the same type of attacks as their hosts, including denial of service attacks, detection attack, and escape attacks?

Answer 98

virtual servers

Question 99

what is spear phishing?

Answer 99

an e-mail request for confidential information that appears to come from your supervisor

Question 100

what is the main difference between virtualization and cloud computing?

Answer 100

the location and ownership of the physical components

Question 101

what is an evil twin?

Answer 101

an access point with the same SSID as the legitimate access point

Question 102

what is vishing?

Answer 102

a special type of phishing that uses VoIP

Question 103

where should you physically store mobile devices to prevent theft?

Answer 103

in a locked cabinet or safe

Question 104

what is whaling?

Answer 104

a special type of phishing that targets a single power user, such as Chief Executive Officer (CEO)

Question 105

what is the purpose of a remote sanitation application on a mobile device?

Answer 105

to ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen

Question 106

which address is faked with IP spoofing attacks?

Answer 106

the source IP address

Question 107

what is bluesnarfing?

Answer 107

the act of gaining unauthorized access to a device (and the network it is connected to) through its bluetooth connection

Question 108

which attack uses clients, handles, agents, and targets?

Answer 108

DDoS attack

Question 109

when does path traversal occur?

Answer 109

when the ../ characters are entered into the URL to traverse directories that are not supposed to be available from the Web

Question 110

what is war driving?

Answer 110

the act of discovering unprotected wireless network by driving around with a laptop

Question 111

which type of attack does challenge handshake authentication protocol (CHAP) protect against?

Answer 111

replay

Question 112

what does the acronym DDoS denote?

Answer 112

distributed denial of service

Question 113

what is header manipulation?

Answer 113

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

Question 114

what is bluejacking?

Answer 114

an attack that sends unsolicited messages over a bluetooth connection

Question 115

which attack requires that the hacker compromise as many computers as possible to initiate the attack?

Answer 115

DDoS attack

Question 116

what is an IP spoofing attack?

Answer 116

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

Question 117

which type of attack searches long lists of words for a particular language to match them to an encrypted password?

Answer 117

dictionary attack

Question 118

why is GPS tracking often disabled?

Answer 118

it is considered a security threat. as long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located

Question 119

what is spimming?

Answer 119

an instance of spam sent over an instant message application

Question 120

what is malicious insider?

Answer 120

an employee who uses his access to the network and facility to obtain confidential information

Question 121

what is the purpose of a screen lock on a mobile device?

Answer 121

to act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device

Question 122

encrypting all files on a system hardens which major component of a server?

Answer 122

the file system

Question 123

what is an IV attack?

Answer 123

cracking the WEP secret key using the initialization vector (IV)

Question 124

what is pharming?

Answer 124

traffic redirection to a web site that looks identical to the intended web site

Question 125

what is the purpose of mobile device encryption?

Answer 125

to ensure that the contents of the mobile device are confidential

Question 126

which type of attack sequentially generates every possible password and checks them all against a password file?

Answer 126

brute force attack

Question 127

which type of brute-force attack attempts to find any two hashed messages that have the same value?

Answer 127

a birthday attack