4.3

Question 1

Dynamic analysis is AKA

Answer 1

Fuzzing

Question 2

Fuzzing is AKA (4)

Answer 2

Fault-injecting
Robustness testing
Syntax testing
Negative testing

Question 3

True/False

Utilizing fuzzers is very time and resource intensive

Answer 3

True

Question 4

OSINT stands for

Answer 4

Open-Source Intelligence

Question 5

Publicly available sources of threat intelligence

(ex. discussion groups, social media, security researcher websites, govt data, commercial data like maps, financial reports, and databases about projects and risks)

Answer 5

OSINT

Question 6

4 sources of threat intelligence

Answer 6

OSINT
Proprietary/third-party intelligence
Information-sharing organization
Dark web intelligence

Question 7

Organizations that compile threat information and allow you to purchase it.

Will include threat analytics across many different organizations, viewing the patterns of attacks.

Answer 7

Proprietary/third-party intelligence

Question 8

Threat intelligence that comes from multiple organizations communicating with each other about their experiences, research, and developments. Members of this group can access the information.

Real-time, high-quality cyber threat information sharing.

Includes classified information and extensive resources.

Answer 8

Information-sharing organization

Question 9

A threat intelligence source that is only available through specialized software. It comes from an overlay network that uses the Internet for transport, though it’s not accessible openly from the internet.

This includes groups of hackers discussing their tools and techniques, as well as online stores where hackers sell their stolen information.

It is good to monitor this in case your organization’s name pops up as a potential target.

Answer 9

Dark web intelligence

Question 10

A form of vulnerability testing where an authorized individual simulates an attack against a network or device.

Answer 10

Pentesting

Question 11

A pentesting document that defines:

The scope and purpose of the test

The schedule (what time, whether it’s onsite or online, internal/external)

Any rules (IP address ranges, emergency contacts, how to handle sensitive information, in-scope and out-of-scope devices/applications)

Answer 11

Rules of engagement

Question 12

Techniques and strategies that enable continued access to a system after initial compromise

Ex. Backdoor, user account, change/verify default passwords

Answer 12

Persistence

Question 13

The technique used by attackers to access other parts of the network that are not directly reachable from the attacker’s position via a compromised system (ex. Firewall).

This compromised system is used as a proxy or relay, used to be able to jump to other systems in the same segment.

Answer 13

Pivoting

Question 14

A process that allows hackers to safely report found vulnerabilities to your team.

Answer 14

Responsible disclosure program

Question 15

A reward offered for the discovery of vulnerabilities in a system

Answer 15

Bug bounty

Question 16

A vulnerability defined by an automated vulnerability scanner that doesn’t really exist.

Answer 16

False positive

Question 17

A vulnerability that is not detected by an automated vulnerability scanner.

Answer 17

False negative

Question 18

How do you prevent false positives/negatives when vulnerability scanning?

Answer 18

Update signatures

Question 19

What organization made the CVSS?

Answer 19

NIST

Question 20

What organization made CVE?

Answer 20

MITRE

Question 21

How are vulnerabilities scored in the CVSS?

Answer 21

Quantitative scoring of 0 - 10

Different scoring for CVSS 2.0 vs CVSS 3.x

Question 22

True/False

CVSS is synchronized with CVE

Answer 22

True

Question 23

A type of vulnerability scan that specializes in desktop or mobile applications

Answer 23

Application scans

Question 24

A type of vulnerability scan that specializes in web server software

Answer 24

Web application scan

Question 25

A type of vulnerability scan that specializes in network infrastructure and configuration, such as misconfigured firewalls, open ports, and vulnerable devices.

Answer 25

Network scan

Question 26

A percentage of the loss of value or business activity if the vulnerability is exploited

For example, if the service might be down half the time, this number is 50%

Or if a buffer overflow completely disables a service, this number is 100%

Answer 26

Exposure factor

Question 27

True/False

When considering vulnerability priority, it is important to consider the level of access that people have to the vulnerable device/application

Answer 27

True

An isolated test lab would be lower in priority than a public cloud database server

Question 28

5 types of environmental variables to consider when assigning priority to vulnerabilities

Answer 28

Location (private, public, internal, cloud)

Number and type of users (internal, external)

Revenue-generating?

Criticality of the vulnerable app/device

Ease of exploitation

Question 29

The amount of risk that an organization is willing to accept by having a particular vulnerability unpatched

Answer 29

Risk tolerance

Question 30

True/False

You should always implement patches as soon as they come out

Answer 30

False

You need to test them. Test as much as you can, while also making sure that the organization is secure by implementing the patch as quickly as possible.

Question 31

The most common vulnerability mitigation technique

Answer 31

Patching

Question 32

4 things that a cybersecurity insurance policy will cover

Answer 32

Lost revenue
Data recovery costs
Money lost to phishing
Privacy lawsuit costs

Question 33

2 things that a cybersecurity insurance policy will not cover

Answer 33

Intentional acts
Funds transfers

Question 34

A way to limit the scope of an exploit by separating devices into their own networks/VLANs

May involve using air gaps and internal NGFWs between these separate networks/VLANs

Answer 34

Segmentation

Question 35

A security method that is implemented when an actual solution is unavailable. This is often temporary.

May include:

Disabling the vulnerable service

Revoking access to the application

Limiting external access

Modifying internal security controls and software firewalls to disallow traffic to that vulnerable service.

Answer 35

Compensating controls

Question 36

A service or device that the organization’s security committee decided should not receive a patch to a known vulnerability.

Answer 36

Exception/exemption

Question 37

Why would an organization’s security committee decide to give a service/device an exception to being patched?

Answer 37

The vulnerability might have some criteria for exploitation that is next to impossible to do. The risk is at an acceptable level for the organization, so there is no need to patch it.

Question 38

The process of making sure that a patch has actually removed a vulnerability, and that all vulnerable systems have been patched.

Answer 38

Validation of remediation

Question 39

3 methods used during validation of remediation

Answer 39

Rescanning (vulnerability scanning)

Audit (Check remediated systems to make sure the patch was successfully deployed)

Verification (Manually confirm the security of the system)

Question 40

A system that provides a continuous log of:

The number of identified vulnerabilities

How many systems are patched vs unpatched

New threat notifications

Errors, exceptions, and exemptions to patches

Answer 40

Reporting system