(7) Scan Result Validity

Question 1

What is it when a scanner reports a vulnerability that does not exist?

Answer 1

When a scanner reports a vulnerability that does not exist, that is called a false positive error

Question 2

What is it called when a vulnerability scanner reports a vulnerability?

Answer 2

When a vulnerability scanner reports a vulnerability, it is called a positive report

Question 3

When a vulnerability reports an accurate positive report, what is it called? What about when it is inaccurate?

Answer 3

When a vulnerability scanner provides a report that is accurate, it is called a true positive report

When a vulnerability scanner provides a report that is not accurate, it is called a false positive report

Question 4

What is it called when a scanner reports that a vulnerability is not present?

Answer 4

When a vulnerability scanner reports that a vulnerability is not present, it is called a negative report

Question 5

If a vulnerability scanner reports a negative report that is accurate, what is it called? What if it is not accurate?

Answer 5

If a negative report is accurate, it is a true positive report. If it is not accurate, it is a false negative report

Question 6

What should an organization do if they decide to take no action against a vulnerability?

Answer 6

If an organization decides to take no action against a vulnerability, then the security team should file a documented exception and also set the scanner to ignore the exception vulnerability. This way it will create less noise on the system and not interrupt business operations.

Question 7

As a security team sees familiar results repeatedly. In the vulnerability scan, perhaps results that they don’t have to really do anything about, what should they do?

Answer 7

Security teams should document that they saw the results and what their chosen action was. This helps if and when they need to are audited so that they can demonstrate due diligence.

Question 8

What sources of information intelligence should analysts use to validate their results or conduct additional research?

Answer 8

Analysts should obtain additional information from logs, SIEM systems, configuration management systems

Question 9

How should trends factor in to vulnerability scanning?

Answer 9

Trends should be an important part of a vulnerability scanning plan. Check on new vulnerabilities that surface over time, how old any of them are, and how long it takes to handle them.

Question 10

What role does context and asset value play in a vulnerability management program?

Answer 10

Context is important. A vulnerability within a Internet facing system is a much bigger deal than one on an internal system shielded from the Internet.

Asset value is also important because higher value assets have a greater risk and should be higher up on the priority list