Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Practice > (6) Tools Of Vulnerability Assessments > Flashcards

(6) Tools Of Vulnerability Assessments Flashcards

1
Q

What are the two most important scanning tools to know?

A

Nessus and OpenVas

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is scout suite?

A

Scout suite is a multicloud auditing tool that goes into user accounts with cloud service providers

It seeks to get configuration info using those services APIs.

Supports AWS, Microsoft Azure, Google Compute Platform, Alibaba cloud, and Oracle Cloud Infrastructure

Scout Suite looks at service configuration for potential security issues.

Detailed reports are done and can be drilled down to more detailed data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Pacu?

A

Pacu is a cloud focused framework for exploitation.

It works with AWS accounts and is made to help attackers determine what they can do with the access they have to an AWS Account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Prowler?

A

Prowler is a security configuration tester. It only works with AWS, Microsoft Azure and Google Compute Platform

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a web application scanner?

A

A web application scanner is a specialized tool used to examine the security of web apps

They test for specific things, like SQL injections, cross-site scripting, and cross site request forgery issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do web application scanners work?

A

Web application scanners work by combining traditional network scans of web servers with in depth probing of web apps using things like malicious input sequences and fuzzing in attempts to break the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is nikto?

A

Nikto is an open source tool that uses a command line interface. It is for web application scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Arachni?

A

It is a web application scanner for Windows, macOS, and Linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an interception proxy?

A

An interception proxy is a web application tester/exploit tool.

They intercept requests being sent from the browser to the web server before they get to the network.

It allows the tester to manipulate the request to attempt the injection of an attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Zed Attack Proxy?

A

Zed Attack Proxy (ZAP) is a community development project coordinated by the Open Web Application Security Project (OWASP)

ZAP intercepts requests sent from any web browser and alter them before going to the web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Burp Proxy?

A

The Burp Proxy is an interception proxy (part of a web application security toolkit called Port Swigger).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Practice (89 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions