5 Security Assessment and Testing Flashcards
What is the purpose of vulnerability management?
To ensure that security controls are operating properly and that the environment contains no exploitable vulnerabilities
Vulnerability management involves identifying, analyzing, responding to, and validating vulnerabilities in a system.
List the identification methods associated with vulnerability management.
- Vulnerability scan
- Penetration testing
- Responsible disclosure program
- Bug bounty program
- System/process audit
These methods help in discovering vulnerabilities in systems and applications.
What is the Common Vulnerability Scoring System (CVSS)?
A standard for assessing the severity of vulnerabilities
CVSS provides a way to convey the impact of vulnerabilities in a consistent manner.
What activities are involved in vulnerability response and remediation?
- Patching
- Insurance
- Segmentation
- Compensating controls
- Exceptions and exemptions
These activities are aimed at mitigating identified vulnerabilities.
How is the validation of remediation conducted?
- Rescanning
- Audit
- Verification
This ensures that vulnerabilities have been effectively addressed.
What tools are used for security alerting and monitoring?
- Security Content Automation Protocol (SCAP)
- Vulnerability scanners
These tools help in detecting and managing vulnerabilities in real-time.
Define threat hunting.
Proactive search for threats within an organization’s environment
Threat hunting involves actively looking for signs of malicious activity or potential vulnerabilities.
What are the rules of engagement in third-party risk assessment?
Guidelines that define how assessments are conducted with third parties
These rules ensure that both parties understand their roles and responsibilities during the assessment process.
List the types of audits and assessments.
- Internal (Compliance, Audit committee, Self-assessments)
- External (Regulatory, Examinations, Assessment, Independent third-party audit)
These audits evaluate the effectiveness of security programs and compliance with regulations.
What is penetration testing?
An assessment tool that simulates attacks to test security controls
This testing can be physical, offensive, defensive, integrated, or based on the knowledge of the environment.
True or False: Cybersecurity professionals are responsible for maintaining security controls against all threats.
True
They must address threats from hackers, malicious code, and social engineering.
Fill in the blank: Regular security assessment and testing is essential to ensure that controls are operating properly and that the environment contains no _______.
[exploitable vulnerabilities]
Regular assessments help in identifying and mitigating risks.
What is the purpose of vulnerability management programs?
To identify, prioritize, and remediate vulnerabilities in environments
Vulnerability management is essential for maintaining cybersecurity in complex technical environments.
What is vulnerability scanning?
A process used to detect new vulnerabilities as they arise
Vulnerability scanning is a critical component of vulnerability management programs.
What factors should organizations consider when identifying scan targets?
- Data classification
- Internet exposure
- Services offered
- System type (production, test, development)
These factors help determine which systems to include in vulnerability scans.
What is an asset inventory in vulnerability management?
A comprehensive list of systems connected to the network
It helps determine critical and noncritical systems for scanning.
What influences the frequency of vulnerability scans?
- Risk appetite
- Regulatory requirements
- Technical constraints
- Business constraints
- Licensing limitations
Organizations must balance these factors when planning their scan schedules.
True or False: Vulnerability scans can only be configured to run once a month.
False
Administrators can automate scan scheduling to meet various organizational needs.
What is the importance of scan sensitivity levels?
They determine the types of checks the scanner performs
Proper configuration minimizes disruption to the target environment.
What is the role of credentialed scans?
To improve scan accuracy by allowing access to server configurations
Credentialed scans check for vulnerabilities more reliably than noncredentialed scans.
Fill in the blank: Vulnerability management solutions often provide _______ scanning options.
[credentialed]
Credentialed scans enhance the detection capabilities of vulnerability management systems.
What is an agent-based scanning approach?
A method where small software agents are installed on target servers to conduct scans
This provides an ‘inside-out’ view of vulnerabilities.
What are the different perspectives from which scans can be conducted?
- External scan
- Internal scan
- Inside datacenter scan
Each perspective provides different views into vulnerabilities.
What is the Security Content Automation Protocol (SCAP)?
A standardized approach for communicating security-related information
SCAP facilitates automation in security components interactions.