5 - Security Assessment and Testing Flashcards

Explain the security concerns associated with various types of vulnerabilities; summarize techniques used in assessments/penetrations; and given a scenario, use the appropriate tool to assess an org's cybersecurity.

1
Q

Which one of the following security assessment techniques assumes that an org has already been compromised and searches for evidence of that compromise?

A

Threat Hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Renee is configuring her vulnerability management solution to perform credential scans of servers on her network. What type of account should she provide to the scanner?

A

Read-Only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scans?

A

Run the scan in a test environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What value for the CVSS attack complexity metric would indicate that a specific attack is simplest to exploit?

A

Low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tara recently analyzed the result of a vulnerability scan and saw that a finding per the scanner did not actually exist because the system was patched as specified. What type of error occurred?

A

False Positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Brian ran a penetration test against a school’s grading systems and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type on control should he recommend to the school to prevent this?

A

Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What security assessment tools are used during the reconnaissance phase of a penetration test?

A

Nmap, Nessus, and Nslookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

During a vulnerability test Brian discovered that a system on his network was open to text-based attacks, and his SIEM recommended updating the system’s drivers. What security control, if deployed, would likely have addressed this issue?

A

Patch Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What tool is MOST likely to detect an XSS vulnerability?

A

Web Application Vulnerability Scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?

A

Lateral Movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Kevin is participating in an exercise for his org. His role in the exercise is to use hacking techniques to gain access to his org’s systems. What role is Kevin playing during this exercise?

A

Red Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What assessment technique is designed to solicit participation from external security experts, and rewards them for discovering vulnerabilities?

A

Bug Bounty (Bug Hunting)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

After gaining access to an org’s database server, Kevin installs a backdoor on the server to grant himself access in the future. What terms best describe this action?

A

Persistence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of technique are WHOIS Lookups considered?

A

Passive Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which element of the SCAP Framework can be used to consistently describe vulnerabilities?

A

Common Vulnerabilities and Exposures (CVE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Bruce is conducting a penetration test for his client. The client provided him with details of their system in advanced. What type of testing is Bruce conducting?

A

White-Box Testing

17
Q

Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as a part of the test. What document should she consult to find this info?

A

The Rules of Engagement (RoE)

18
Q

Grace would like to determine the operating system running on a system that she is targeting in a test. What technique would most directly provide her with this information?

A

Footprinting

19
Q

Kevin recently identified a new security vulnerability and computed its CSS base score as 6.5. Which risk category would this vulnerability fall into?

A

Medium (between 4.0 and 6.9)

20
Q

Which of the CVSS metrics would contain info about the type of account access that an attacker must have to execute an attack?

A

The Privileges Required (PR) Metric