6. Vulnerability Types

Question 1

Vulnerability impact

Vulnerability impact

Answer 1

Vulnerabilities expose organizations to security breaches.

Question 2

Information security goals

Vulnerability impact

Answer 2

Confidentiality, integrity, and availability.

Question 3

Confidentiality

Vulnerability impact

Answer 3

Unauthorized changes, hacker alterations, service disruption.

Question 4

Integrity

Vulnerability impact

Answer 4

To prevent unauthorized changes to information.

Question 5

Availability

Vulnerability impact

Answer 5

Authorized access, denial of service attacks.

Question 6

Financial risk

Vulnerability impact

Answer 6

Costs, incident response, data theft, identity theft.

Question 7

Reputational risk

Vulnerability impact

Answer 7

Negative publicity, loss of goodwill, stakeholder decisions.

Question 8

Strategic risk

Vulnerability impact

Answer 8

Impact on goals and objectives, product development, competition.

Question 9

Operational risk

Answer 9

Business process slowdown, customer order delays, manual workarounds.

Question 10

Compliance risk

Vulnerability impact

Answer 10

Legal and regulatory violations, HIPAA, sanctions, fines.

Question 11

Evaluating impacts

Vulnerability impact

Answer 11

Categorizing risks, financial, reputational, strategic, operational, compliance.

Question 12

Supply chain vulnerabilities

Supply chain vulnerabilities

Answer 12

IT organizations rely on external vendors for hardware, software, and services.

Question 13

Impact on organizations

Supply chain vulnerabilities

Answer 13

Security issues in the supply chain can affect organizational operations.

Question 14

End-of-life announcements

Supply chain vulnerabilities

Answer 14

Security professionals must monitor vendor announcements about product lifecycle terminations.

Question 15

Importance of patch management

Supply chain vulnerabilities

Answer 15

Timely patch updates protect systems against new vulnerabilities.

Question 16

Running products without patches

Supply chain vulnerabilities

Answer 16

End-of-life announcements mean no more patches, making it difficult to maintain secure systems.

Question 17

Different terms for product support termination

Supply chain vulnerabilities

Answer 17

Terminology varies among vendors; understanding definitions is crucial.

Question 18

Steps in product lifecycle termination

Supply chain vulnerabilities

Answer 18

Product end-of-sale and end-of-support announcements mark different stages.

Question 19

Risks of using legacy products

Supply chain vulnerabilities

Answer 19

Legacy products may introduce unpatchable vulnerabilities.

Question 20

Informal lack of vendor support

Supply chain vulnerabilities

Answer 20

Lack of vendor support can be as dangerous as running an unsupported product.

Question 21

Vulnerabilities in embedded systems

Supply chain vulnerabilities

Answer 21

Integrated vendor systems may have hidden vulnerabilities.

Question 22

Risks of relying on vendors for cloud services

Supply chain vulnerabilities

Answer 22

Vendors assume responsibility for managing risks in cloud services.

Question 23

Importance of vendor viability

Supply chain vulnerabilities

Answer 23

Ensuring vendors remain viable is crucial for sustained support and security.

Question 24

Mitigating risks in data storage

Supply chain vulnerabilities

Answer 24

Keeping independent backups reduces the risk of vendor inability to provide data access.

Question 25

Configuration vulnerabilities

Configuration vulnerabilities

Answer 25

Potential risks arising from system configuration errors that can compromise enterprise security.

Question 26

Default configurations

Configuration vulnerabilities

Answer 26

The pre-set settings on devices, such as copiers or building controllers, which may contain security flaws if not modified.

Question 27

Misconfigured systems

Configuration vulnerabilities

Answer 27

Systems with errors in their settings or weak security configurations that can lead to serious security issues.

Question 28

Least privilege principle

Configuration vulnerabilities

Answer 28

The concept that users should only have the minimum necessary permissions required for their job function.

Question 29

Encryption protocols

Configuration vulnerabilities

Answer 29

Protocols used to secure communications, which, if misconfigured, can result in eavesdropping and tampering risks.

Question 30

Cryptographic keys

Configuration vulnerabilities

Answer 30

Keys used in encryption systems that must be carefully managed to prevent unauthorized access and impersonation.

Question 31

Digital certificates

Configuration vulnerabilities

Answer 31

Certificates used to verify the authenticity and integrity of digital communications, requiring strong management processes to prevent misuse.

Question 32

Patch management

Configuration vulnerabilities

Answer 32

The practice of regularly applying security updates and patches to systems, applications, and firmware to address known vulnerabilities.

Question 33

Operating system patches

Configuration vulnerabilities

Answer 33

Updates specifically targeting the security of the operating system to mitigate potential risks.

Question 34

Unpatched devices

Configuration vulnerabilities

Answer 34

Devices that have not received the latest security updates, posing a potential entry point for attackers into the network.

Question 35

Account management

Configuration vulnerabilities

Answer 35

The process of properly configuring user accounts with appropriate permissions to prevent misuse or unauthorized access.

Question 36

Strong certificate management

Configuration vulnerabilities

Answer 36

Effective procedures and controls in place to safeguard the issuance and use of digital certificates and protect associated private keys.

Question 37

Documented security standards

Configuration vulnerabilities

Answer 37

Established guidelines and protocols that IT professionals should rely on when installing systems to ensure secure configurations.

Question 38

Architectural vulnerabilities

Architectural vulnerabilities

Answer 38

Flaws in a complex system due to improper design, leading to fundamental issues that are difficult to fix.

Question 39

Incorporating security requirements

Architectural vulnerabilities

Answer 39

The importance of integrating security needs early in the design process to avoid weaknesses in architecture and system designs.

Question 40

Business processes and people

Architectural vulnerabilities

Answer 40

Considering the impact of business processes and users on the security of a system, as untrained users and insecure processes can have a significant effect.

Question 41

System sprawl

Architectural vulnerabilities

Answer 41

The phenomenon of having numerous devices connected to a network without proper management throughout their lifecycle, leading to security issues and open vulnerabilities.

Question 42

Assessing architectural processes

Architectural vulnerabilities

Answer 42

The need for security professionals to evaluate all organizational architectural processes to ensure the inclusion of proper security controls.