5 Security Assessment and Testing Flashcards

1
Q

What is the purpose of vulnerability management?

A

To ensure that security controls are operating properly and that the environment contains no exploitable vulnerabilities

Vulnerability management involves identifying, analyzing, responding to, and validating vulnerabilities in a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List the identification methods associated with vulnerability management.

A
  • Vulnerability scan
  • Penetration testing
  • Responsible disclosure program
  • Bug bounty program
  • System/process audit

These methods help in discovering vulnerabilities in systems and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Common Vulnerability Scoring System (CVSS)?

A

A standard for assessing the severity of vulnerabilities

CVSS provides a way to convey the impact of vulnerabilities in a consistent manner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What activities are involved in vulnerability response and remediation?

A
  • Patching
  • Insurance
  • Segmentation
  • Compensating controls
  • Exceptions and exemptions

These activities are aimed at mitigating identified vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is the validation of remediation conducted?

A
  • Rescanning
  • Audit
  • Verification

This ensures that vulnerabilities have been effectively addressed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What tools are used for security alerting and monitoring?

A
  • Security Content Automation Protocol (SCAP)
  • Vulnerability scanners

These tools help in detecting and managing vulnerabilities in real-time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define threat hunting.

A

Proactive search for threats within an organization’s environment

Threat hunting involves actively looking for signs of malicious activity or potential vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the rules of engagement in third-party risk assessment?

A

Guidelines that define how assessments are conducted with third parties

These rules ensure that both parties understand their roles and responsibilities during the assessment process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

List the types of audits and assessments.

A
  • Internal (Compliance, Audit committee, Self-assessments)
  • External (Regulatory, Examinations, Assessment, Independent third-party audit)

These audits evaluate the effectiveness of security programs and compliance with regulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is penetration testing?

A

An assessment tool that simulates attacks to test security controls

This testing can be physical, offensive, defensive, integrated, or based on the knowledge of the environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or False: Cybersecurity professionals are responsible for maintaining security controls against all threats.

A

True

They must address threats from hackers, malicious code, and social engineering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fill in the blank: Regular security assessment and testing is essential to ensure that controls are operating properly and that the environment contains no _______.

A

[exploitable vulnerabilities]

Regular assessments help in identifying and mitigating risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the purpose of vulnerability management programs?

A

To identify, prioritize, and remediate vulnerabilities in environments

Vulnerability management is essential for maintaining cybersecurity in complex technical environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is vulnerability scanning?

A

A process used to detect new vulnerabilities as they arise

Vulnerability scanning is a critical component of vulnerability management programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What factors should organizations consider when identifying scan targets?

A
  • Data classification
  • Internet exposure
  • Services offered
  • System type (production, test, development)

These factors help determine which systems to include in vulnerability scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is an asset inventory in vulnerability management?

A

A comprehensive list of systems connected to the network

It helps determine critical and noncritical systems for scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What influences the frequency of vulnerability scans?

A
  • Risk appetite
  • Regulatory requirements
  • Technical constraints
  • Business constraints
  • Licensing limitations

Organizations must balance these factors when planning their scan schedules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

True or False: Vulnerability scans can only be configured to run once a month.

A

False

Administrators can automate scan scheduling to meet various organizational needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the importance of scan sensitivity levels?

A

They determine the types of checks the scanner performs

Proper configuration minimizes disruption to the target environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the role of credentialed scans?

A

To improve scan accuracy by allowing access to server configurations

Credentialed scans check for vulnerabilities more reliably than noncredentialed scans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Fill in the blank: Vulnerability management solutions often provide _______ scanning options.

A

[credentialed]

Credentialed scans enhance the detection capabilities of vulnerability management systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is an agent-based scanning approach?

A

A method where small software agents are installed on target servers to conduct scans

This provides an ‘inside-out’ view of vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the different perspectives from which scans can be conducted?

A
  • External scan
  • Internal scan
  • Inside datacenter scan

Each perspective provides different views into vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the Security Content Automation Protocol (SCAP)?

A

A standardized approach for communicating security-related information

SCAP facilitates automation in security components interactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
List the SCAP standards.
* Common Configuration Enumeration (CCE) * Common Platform Enumeration (CPE) * Common Vulnerabilities and Exposures (CVE) * Common Vulnerability Scoring System (CVSS) * Extensible Configuration Checklist Description Format (XCCDF) * Open Vulnerability and Assessment Language (OVAL) ## Footnote These standards help in automating security assessments and reporting.
26
What should be regularly maintained in vulnerability management solutions?
The scanning software and vulnerability feeds ## Footnote Regular maintenance ensures effectiveness and up-to-date security measures.
27
True or False: Vulnerability scanners do not require frequent updates.
False ## Footnote Scanners must frequently update their plug-ins to remain effective against new vulnerabilities.
28
How should organizations start their vulnerability scanning programs?
By beginning small and gradually expanding scope and frequency ## Footnote This approach helps avoid overwhelming the scanning infrastructure.
29
What is a common issue with intrusive plug-ins during scans?
They may disrupt activity on a production system ## Footnote Administrators often limit scans to nonintrusive plug-ins to avoid issues.
30
What is the principle of least privilege in credentialed scanning?
Providing the scanner with a read-only account on the server ## Footnote This minimizes the risk of security incidents related to scanner access.
31
What does SCAP stand for?
Security Content Automation Protocol ## Footnote SCAP is a framework that includes standards for vulnerability management and compliance.
32
What is the purpose of CVE?
To provide a standard naming system for flaws ## Footnote Common Vulnerabilities and Exposures (CVE) is widely used to identify and catalog vulnerabilities.
33
Name three types of vulnerability scanners.
* Network vulnerability scanner * Application scanner * Web application scanner
34
What is the function of network vulnerability scanners?
To probe network-connected devices for known vulnerabilities.
35
List four examples of network vulnerability scanners.
* Tenable's Nessus * Qualys vulnerability scanner * Rapid7's Nexpose * OpenVAS
36
What are the three techniques used in application testing?
* Static testing * Dynamic testing * Interactive testing
37
What vulnerabilities do web application scanners test for?
* SQL injection * Cross-site scripting (XSS) * Cross-site request forgery (CSRF)
38
What is Nikto?
A popular open source web application scanning tool.
39
What is the role of vulnerability scan reports?
To provide detailed information about each identified vulnerability.
40
What does the severity category in a vulnerability report indicate?
The overall severity of the vulnerability, such as low, medium, high, or critical.
41
What is the Common Vulnerability Scoring System (CVSS)?
An industry standard for assessing the severity of security vulnerabilities.
42
How many measures does CVSS use to rate vulnerabilities?
Eight different measures.
43
What does the attack vector metric (AV) describe?
How an attacker would exploit the vulnerability.
44
What is the score for the 'Network' attack vector in CVSS?
0.85
45
What does the attack complexity metric (AC) indicate?
The difficulty of exploiting the vulnerability.
46
What does the privileges required metric (PR) evaluate?
The type of account access required to exploit a vulnerability.
47
Fill in the blank: The user interaction metric (UI) describes whether the attacker needs to involve another human in the _______.
attack
48
What does the confidentiality metric (C) measure?
The type of information disclosure that might occur if exploited.
49
What does the integrity metric (I) assess?
The type of information alteration that might occur if exploited.
50
What does the availability metric (A) describe?
The type of disruption that might occur if exploited.
51
What does the scope metric (S) indicate?
Whether the vulnerability can affect system components beyond its scope.
52
What version of CVSS is currently in use?
Version 3.1
53
What is the significance of the CVSS vector?
It conveys the ratings of a vulnerability across all eight metrics.
54
What does a CVSS base score represent?
The overall risk posed by a vulnerability.
55
What does the CVSS vector provide?
Detailed information on the nature of the risk posed by a vulnerability
56
What is the purpose of calculating the CVSS base score?
To represent the overall risk posed by the vulnerability
57
What is the formula for calculating the impact sub-score (ISS)?
ISS = 1 - [(1 - Confidentiality) * (1 - Integrity) * (1 - Availability)]
58
How do you calculate the impact score from the impact sub-score?
If the scope metric is Unchanged, Impact = 6.42 * ISS
59
What is the impact score for an ISS of 0.56 when the scope is Unchanged?
3.60
60
What is the formula for calculating the exploitability score?
Exploitability = 8.22 * Attack Vector * Attack Complexity * Privileges Required * User Interaction
61
What is the base score calculation if the scope metric is Changed?
Impact + Exploitability * 1.08
62
What is the highest possible base score in CVSS?
10
63
What CVSS score range is categorized as 'High' risk?
7.0–8.9
64
What is a false positive in vulnerability scanning?
When a scanner reports a vulnerability that does not exist
65
What are the two types of positive reports from a scanner?
* True positive report * False positive report
66
What are the two types of negative reports from a scanner?
* True negative report * False negative report
67
What should analysts do to confirm vulnerabilities reported by scanners?
Perform their own investigations and use external data sources
68
Name three valuable information sources for reconciling scan results.
* Log reviews * Security information and event management (SIEM) systems * Configuration management systems
69
True or False: Vulnerability scans should take place in a vacuum.
False
70
What is the purpose of using SIEM systems in vulnerability analysis?
To correlate log entries from multiple sources and provide actionable intelligence
71
Fill in the blank: A scanner report that a vulnerability is not present may be a _______.
False negative report
72
What is the CVSS Qualitative Severity Rating Scale used for?
To categorize CVSS scores into risk categories
73
What is the impact of a vulnerability if the impact score is 0?
The base score is 0
74
What is the primary goal of penetration testing?
To bridge the gap between the use of technical tools and the skills of skilled attackers ## Footnote Penetration tests are authorized attempts to defeat an organization's security controls.
75
What mindset must penetration testers adopt?
The hacker mindset ## Footnote This involves thinking like an adversary to find vulnerabilities to exploit.
76
What is the CIA triad in cybersecurity?
Confidentiality, Integrity, Availability ## Footnote These are central goals for cybersecurity professionals.
77
What is a key difference between penetration testers and cybersecurity defenders?
Penetration testers need to find one vulnerability; defenders need to block all attacks ## Footnote Attackers can succeed once, while defenders must succeed every time.
78
What are some security controls a physical security assessment might evaluate?
* Security cameras in high-risk areas * Auditing of cash register receipts * Theft detectors at entrances/exits * Exit alarms on emergency exits * Burglar alarms for after-hours access ## Footnote These controls aim to prevent threats like shoplifting and robbery.
79
What is the primary benefit of conducting penetration testing?
It provides visibility into the organization's security posture ## Footnote This visibility is not obtainable by other means.
80
What does penetration testing help organizations determine?
If attackers with similar skills could penetrate defenses ## Footnote It helps assess the security against equivalently talented attackers.
81
What is the presumption of compromise in threat hunting?
The assumption that attackers have already breached the organization ## Footnote This leads to searching for evidence of successful attacks.
82
What are the four major categories of penetration testing?
* Physical penetration testing * Offensive penetration testing * Defensive penetration testing * Integrated penetration testing ## Footnote Each category serves a different purpose in assessing security.
83
What are the three classifications of penetration testing environments?
* Known environment tests * Unknown environment tests * Partially known environment tests ## Footnote These classifications indicate the level of information provided to testers.
84
What is a known environment test?
Tests performed with full knowledge of the target's technology and configurations ## Footnote It allows for comprehensive testing but may not reflect an external attacker's view.
85
What is an unknown environment test?
Tests conducted without prior knowledge of the target ## Footnote This simulates an attacker's experience but can be time-consuming.
86
What is the purpose of rules of engagement (RoE) in penetration testing?
To define the parameters and expectations of the testing process ## Footnote RoE includes timelines, targets, data handling, and legal concerns.
87
What is required before conducting a penetration test?
Appropriate permission from the target organization ## Footnote This is often documented as a signed agreement.
88
What is the significance of a 'get out of jail free' card?
A document providing permission to conduct the penetration test ## Footnote It protects testers legally if issues arise during testing.
89
What is passive reconnaissance?
Gathering information without directly engaging with the target ## Footnote This technique is often used in the initial phase of penetration testing.
90
What is the first phase of a penetration test?
Reconnaissance ## Footnote This phase involves gathering as much information as possible about the target organization.
91
What are the two types of reconnaissance techniques?
Passive reconnaissance and Active reconnaissance ## Footnote Each type has different methods of gathering information.
92
What is passive reconnaissance?
Techniques that gather information without directly engaging with the target ## Footnote Examples include DNS and WHOIS queries, web searches, and reviewing public websites.
93
What are common techniques used in passive reconnaissance?
* DNS lookups * WHOIS queries * Web searches * Reviewing public websites ## Footnote These techniques allow testers to gather information without alerting the target.
94
What is active reconnaissance?
Techniques that directly engage the target in intelligence gathering ## Footnote This includes port scanning, footprinting, and vulnerability scanning.
95
What is the goal of penetration testers regarding wireless networks?
To identify wireless networks that may allow access to the internal network without physical access ## Footnote This can be done through techniques like war driving and war flying.
96
What is war driving?
Driving by facilities with equipment to eavesdrop on or connect to wireless networks ## Footnote Testers use high-end antennas for this purpose.
97
What is war flying?
Using drones or unmanned aerial vehicles (UAVs) to identify wireless networks ## Footnote This technique is an expansion of war driving.
98
What is the process called that penetration testers follow during a test?
The same process used by attackers, including phases like initial access, privilege escalation, and pivoting ## Footnote This is discussed in the context of the Cyber Kill Chain.
99
What occurs during initial access in penetration testing?
Exploiting a vulnerability to gain access to the organization's network ## Footnote This is the first step in the attack process.
100
What is privilege escalation?
Shifting from initial access gained by the attacker to more advanced privileges ## Footnote This could involve gaining root access on the same system.
101
What does pivoting refer to in penetration testing?
Lateral movement to gain access to other systems on the target network ## Footnote This follows the initial compromise of a system.
102
What is persistence in the context of penetration testing?
Establishing mechanisms that allow attackers to regain access to the network later ## Footnote This often involves installing backdoors.
103
What tools do penetration testers commonly use?
Exploitation frameworks like Metasploit ## Footnote These tools simplify the process of exploiting vulnerabilities.
104
What are the close-out activities after a penetration test?
* Presenting results to management * Cleaning up traces of work ## Footnote This includes removing installed tools and providing a report on vulnerabilities discovered.
105
What should the close-out report provide?
Details on vulnerabilities discovered and advice on improving cybersecurity posture ## Footnote This report is essential for the target organization to enhance its security.
106
What is the cornerstone maintenance activity for an information security team?
Their security assessment and testing program
107
What are the three major components of a security assessment program?
* Security tests * Security assessments * Security audits
108
What do security tests verify?
That a control is functioning properly
109
List factors to consider when scheduling security controls for review.
* Availability of security testing resources * Criticality of the systems and applications * Sensitivity of information * Likelihood of technical failure * Likelihood of misconfiguration * Risk of attack * Rate of change of the control configuration * Other changes in the technical environment * Difficulty and time required for testing * Impact on normal business operations
110
What should security teams design after assessing factors for security controls?
A comprehensive assessment and testing strategy
111
True or False: Security testing programs often begin in a structured manner.
False
112
What is the main work product of a security assessment?
An assessment report addressed to management
113
What is the purpose of responsible disclosure programs?
To create a collaborative environment for identifying and remediating security vulnerabilities
114
What do bug bounty programs offer to incentivize vulnerability reporting?
Financial rewards (or 'bounties')
115
What distinguishes security audits from security assessments?
Security audits must be performed by independent auditors
116
What are the three main types of audits?
* Internal audits * External audits * Independent third-party audits
117
Who typically performs internal audits?
An organization's internal audit staff
118
What is the primary advantage of external audits?
High degree of external validity due to independence
119
What is the difference between external audits and independent third-party audits?
The requester of the audit; external audits are requested by the organization, while independent third-party audits are requested by regulators or customers
120
What standard does the AICPA provide to alleviate the burden of multiple third-party audits?
Statement on Standards for Attestation Engagements document 18 (SSAE 18)
121
What is COBIT?
A framework describing common requirements for information systems
122
What does ISO 27001 describe?
A standard approach for setting up an information security management system
123
Fill in the blank: The __________ provides a common standard for auditors performing assessments of service organizations.
SSAE 18
124
What is the primary outcome of an audit?
An attestation by the auditor
125
What are the main stages of the vulnerability life cycle?
Identification, Analysis, Response and Remediation, Validation of Remediation, Reporting
126
What is Vulnerability Identification?
The process where the organization becomes aware of a vulnerability in their environment.
127
List some sources of vulnerability identification.
* Vulnerability scans * Penetration tests * Reports from responsible disclosure or bug bounty programs * Results of system and process audits
128
What is the purpose of Vulnerability Analysis?
To confirm the existence of a vulnerability and prioritize it using external assessment tools.
129
What tools are used for vulnerability prioritization?
* CVSS * CVE
130
What factors should be considered in Vulnerability Analysis?
* Organization's exposure factor * Environmental variables * Industry and organizational impact * Organization's risk tolerance
131
What are the main responses to a vulnerability during the Response and Remediation phase?
* Apply a patch * Use network segmentation * Implement compensating controls * Purchase insurance * Grant an exception
132
What does Validation of Remediation involve?
Rescanning the affected system to verify that the vulnerability is no longer present.
133
Who may perform the validation of remediation for serious vulnerabilities?
Internal or external auditors
134
What is the purpose of Reporting in the vulnerability life cycle?
To communicate findings, actions taken, and lessons learned to stakeholders.
135
What should be included in the reporting stage?
* Summary of identified vulnerabilities * Details on remediation actions * Trends and patterns observed * Recommendations for improvements
136
True or False: Regular reporting does not affect the organization's commitment to cybersecurity.
False
137
Fill in the blank: The first stage in the vulnerability life cycle is _______.
Identification
138
Fill in the blank: The final stage in the vulnerability life cycle is _______.
Reporting
139
What is the role of cybersecurity professionals during the Response and Remediation phase?
To respond to identified vulnerabilities and implement corrective measures.
140
What is the significance of trends and patterns in reporting?
They help identify areas requiring further attention, such as recurring vulnerabilities.
141
List the core tasks involved in Vulnerability Analysis.
* Confirming existence * Prioritizing and categorizing * Supplementing with organization-specific details
142
What is a compensating control?
Measures like application firewalls or intrusion prevention systems to reduce exploit likelihood.
143
What role does security assessment and testing play in cybersecurity?
It plays a crucial role in the ongoing management of a cybersecurity program.
144
What is the purpose of vulnerability scanning?
To identify potential security issues in systems, applications, and devices.
145
What does vulnerability scanning allow teams to do?
Remediate issues before they are exploited by attackers.
146
Name some vulnerabilities that may be detected during vulnerability scans.
* Improper patch management * Weak configurations * Default accounts * Insecure protocols and ciphers
147
What is the primary objective of penetration testing?
To discover security issues by simulating an attack.
148
How do penetration tests benefit security controls?
They provide a roadmap for improving security controls.
149
True or False: Vulnerability scanning only identifies issues once they have been exploited.
False
150
Fill in the blank: Penetration testing puts security professionals in the role of _______.
[attackers]
151
What might alter an organization's security posture?
Changes in their environment.
152
What is one of the key techniques discussed for maintaining effective security controls?
Security assessment and testing.
153
154
What is the CVSS score range for a 'None' rating?
0.0 ## Footnote Indicates no impact or vulnerability.
155
What CVSS score range corresponds to a 'Low' rating?
0.1–3.9 ## Footnote Indicates minimal impact or vulnerability.
156
What is the CVSS score range for a 'Medium' rating?
4.0–6.9 ## Footnote Indicates moderate impact or vulnerability.
157
What CVSS score range signifies a 'High' rating?
7.0–8.9 ## Footnote Indicates significant impact or vulnerability.
158
What is the CVSS score range for a 'Critical' rating?
9.0–10.0 ## Footnote Indicates severe impact or vulnerability.
159
What are false positives in vulnerability reports?
False positives occur when a vulnerability scanner identifies a non-existent vulnerability. ## Footnote This can lead to unnecessary remediation efforts and wasted resources.
160
What are false negatives in vulnerability reports?
False negatives occur when a vulnerability scanner fails to identify an existing vulnerability. ## Footnote This can result in undetected security risks and potential exploitation.
161
Why is it important to understand false positives and false negatives?
Understanding these concepts helps in accurately interpreting vulnerability reports and making informed decisions about remediation. ## Footnote It is crucial for effective risk management and maintaining security posture.
162
Fill in the blank: A _______ occurs when a vulnerability scanner identifies a vulnerability that does not exist.
[false positive]
163
Fill in the blank: A _______ occurs when a vulnerability scanner misses an existing vulnerability.
[false negative]
164
True or False: False positives can lead to increased operational costs.
True ## Footnote This is due to unnecessary remediation efforts and resource allocation.
165
True or False: False negatives are less critical than false positives.
False ## Footnote False negatives can leave systems vulnerable to attacks, making them very critical.
166
What impact do false positives have on security teams?
They can overwhelm security teams with alerts, leading to alert fatigue and potentially overlooking real threats. ## Footnote This can create a less effective security environment.
167
What impact do false negatives have on an organization's security?
They can leave the organization exposed to vulnerabilities that could be exploited by attackers. ## Footnote This can result in data breaches or other security incidents.
168
169
What are good practices for vulnerability response and remediation?
Patching, insurance, segmentation, compensating controls, exceptions, and exemptions.
170
Fill in the blank: Good vulnerability response and remediation practices include _______, insurance, segmentation, compensating controls, exceptions, and exemptions.
[patching]
171
True or False: Segmentation is a good practice in vulnerability response and remediation.
True
172
List three components of good vulnerability response and remediation practices.
* Patching * Insurance * Segmentation
173
174
What are the four major categories of penetration testing?
* Physical penetration testing * Offensive penetration testing * Defensive penetration testing * Integrated penetration testing ## Footnote These categories represent different approaches and focuses within penetration testing.
175
What are the three classification types of penetration testing?
* Known environment tests * Unknown environment tests * Partially known environment tests ## Footnote These classifications help in understanding the context and scope of the penetration tests.
176
What is physical penetration testing?
A type of penetration testing focused on physical security measures and vulnerabilities.
177
What is offensive penetration testing?
A type of penetration testing aimed at simulating an attack to exploit vulnerabilities.
178
What is defensive penetration testing?
A type of penetration testing that evaluates the effectiveness of security measures in preventing attacks.
179
What is integrated penetration testing?
A type of penetration testing that combines elements of offensive and defensive testing.
180
Fill in the blank: Known environment tests involve testing in a _______.
[known environment]
181
Fill in the blank: Unknown environment tests are conducted in a _______.
[unknown environment]
182
Fill in the blank: Partially known environment tests involve testing in a _______.
[partially known environment]
183
True or False: The categories of penetration testing and the classification types are unrelated.
False
184
How can you identify the type(s) of penetration test being discussed?
By reading a scenario describing the test and analyzing the context.
185
What is the difference between passive and active reconnaissance techniques?
Passive techniques do not directly engage the target, whereas active reconnaissance directly engages the target.
186
What is the primary difference between an external audit and an independent third-party audit?
The request source for the audit ## Footnote An external audit is requested by the organization itself or its governing body, whereas an independent third-party audit is requested by an outside entity such as a regulator or customer.
187
Who typically requests an independent third-party audit?
A regulator, customer, or other outside entity
188
True or False: An independent third-party audit is requested by the organization being audited.
False
189
Fill in the blank: An __________ audit is a subcategory of external audits that differs in the requesting party.
independent third-party
190
What is the common term for audits requested by the organization or its governing body?
External audit
191
What does Attack Complexity (AC) measure?
The complexity involved in successfully exploiting a vulnerability ## Footnote It indicates whether the attack requires specialized conditions to succeed.
192
What are Attack Requirements (AT)?
The specific conditions or resources needed to successfully execute an attack ## Footnote This may include tools, knowledge, or access to certain systems.
193
What does Privileges Required (PR) indicate?
The level of access an attacker must have to exploit a vulnerability ## Footnote It can range from none to high, depending on the vulnerability.
194
What is User Interaction (UI) in the context of exploitability metrics?
The necessity for a user to perform a specific action for an attack to succeed ## Footnote Examples include clicking a link or opening a file.