7. Vulnerability Scanning

Question 1

What is vulnerability management?

vulnerability management

Answer 1

The process of handling security vulnerabilities in modern computing systems and applications.

Question 2

Core goal of vulnerability management

vulnerability management

Answer 2

Ensuring the security of systems by developing and implementing measures to address vulnerabilities.

Question 3

Steps in vulnerability management

vulnerability management

Answer 3

Analyzing vulnerabilities, developing patches, releasing and applying patches to systems.

Question 4

Challenges in vulnerability management

vulnerability management

Answer 4

Dealing with complex software, multiple operating systems, numerous applications, and regular patching of various components.

Question 5

Components of a mature vulnerability management process

vulnerability management

Answer 5

Vulnerability scanning, patch application, remediation tracking, and result reporting.

Question 6

Regulatory requirements for vulnerability management

vulnerability management

Answer 6

Compliance with standards such as PCI DSS for credit card handling and FISMA for U.S. government agencies.

Question 7

Types of vulnerability tests in an organization

vulnerability management

Answer 7

Network vulnerability scans, application scans, and specialized testing for web applications.

Question 8

Supplementing vulnerability scans with other measures

vulnerability management

Answer 8

Reviewing system and application configurations, as well as logs, to validate scan results and identify false positives.

Question 9

Importance of understanding organizational rules and requirements

vulnerability management

Answer 9

Designing a vulnerability management program that aligns with specific regulations and policies applicable to the organization.

Question 10

What is the first step in developing a vulnerability management program?

Identify scan targets

Answer 10

Identify the requirements for the program.

Question 11

Why is a reliable asset inventory important for vulnerability management?

Identify scan targets

Answer 11

It helps in creating a specific list of systems and networks to scan.

Question 12

How can a vulnerability management solution be used for scanning targets?

Identify scan targets

Answer 12

Run a lightweight scan or use a platform like Nessus to identify systems on the local network.

Question 13

What are the key considerations for prioritizing assets in vulnerability management?

Identify scan targets

Answer 13

Importance of data classification, level of risk exposure, and criticality to business operations.

Question 14

Why is asset prioritization important even when scanning all systems regularly?

Identify scan targets

Answer 14

It helps in planning remediation efforts and allocating resources effectively.

Question 15

DMZ Placement

Scan Perspective

Answer 15

Placing the scanner in the DMZ provides the clearest view of vulnerabilities on the target system.

Question 16

Internet Placement

Scan Perspective

Answer 16

Placing the scanner on the internet gives an attacker’s view of the network, helping prioritize remediation efforts.

Question 17

Firewall Impact

Scan Perspective

Answer 17

Firewall settings and filtering affect vulnerability scans by altering the systems and services visible to the scanner.

Question 18

Intrusion Prevention Systems (IPS)

Scan Perspective

Answer 18

Active IPS on the network significantly influences scan results as vulnerability scanning traffic passes through it.

Question 19

Agent-Based Scans

Scan Perspective

Answer 19

Agents installed on servers can probe server configurations deeply and report vulnerabilities to the central management system.

Question 20

Credentialed Scanning

Scan Perspective

Answer 20

Providing credentials to the scanner allows it to log in and retrieve configuration information, offering an alternative to agent-based scanning.

Question 21

SCAP (Security Content Automation Protocol)

SCAP

Answer 21

A protocol for creating a consistent language and format to discuss security issues and enable information sharing.

Question 22

CVSS (Common Vulnerability Scoring System)

SCAP

Answer 22

A widely used system in the security community for evaluating the severity of security vulnerabilities.

Question 23

CCE (Common Configuration Enumeration)

SCAP

Answer 23

Provides a consistent language for sharing system configurations.

Question 24

CPE (Common Platform Enumeration)

SCAP

Answer 24

Offers a standardized system for naming product names and versions.

Question 25

CVE (Common Vulnerabilities and Exposures) ## Footnote SCAP

Answer 25

Provides a language for describing vulnerabilities.

Question 26

XCCDF (Extensible Configuration Checklist Description Format) ## Footnote SCAP

Answer 26

A language for creating and sharing checklists and processing security checklists' results.

Question 27

OVAL (Open Vulnerability and Assessment Language) ## Footnote SCAP

Answer 27

Provides a programmatic way to describe testing procedures.

Question 28

CVSS ## Footnote CVSS

Answer 28

Common Vulnerability Scoring System used to assess vulnerability severity on a 10-point scale.

Question 29

Attack Vector ## Footnote CVSS

Answer 29

Describes the type of access an attacker needs to exploit a vulnerability (e.g., physical, local, adjacent network, network).

Question 30

Attack Complexity ## Footnote CVSS

Answer 30

Measures the difficulty of exploiting a vulnerability (high or low).

Question 31

Privileges Required ## Footnote CVSS

Answer 31

Determines the level of user access an attacker must have to exploit a vulnerability (high, low, or none).

Question 32

User Interaction ## Footnote CVSS

Answer 32

Assesses the level of human involvement needed for an attack to succeed (required or none).

Question 33

Exploitability ## Footnote CVSS

Answer 33

Combination of Attack Vector, Attack Complexity, Privileges Required, and User Interaction metrics to describe the vulnerability's susceptibility to exploitation.

Question 34

Confidentiality ## Footnote CVSS

Answer 34

Evaluates the impact on information confidentiality (none, partial, high).

Question 35

Integrity ## Footnote CVSS

Answer 35

Assesses the impact on information integrity (none, low, high).

Question 36

Availability ## Footnote CVSS

Answer 36

Measures the impact on system availability (none, low, high).

Question 37

Scope ## Footnote CVSS

Answer 37

Determines whether a vulnerability can affect components beyond the vulnerable component (changed or unchanged).

Question 38

Base CVSS Score ## Footnote CVSS

Answer 38

The initial score assigned to a vulnerability based on the evaluation of eight different metrics.

Question 39

Scan Reports ## Footnote CVSS

Answer 39

CVSS scores are commonly seen in scan reports to provide information about vulnerability severity.

Question 40

What is the role of a cybersecurity analyst? ## Footnote Analysing scan reports

Answer 40

Analyzing reports from vulnerability scans and presenting information to different audiences.

Question 41

What factors should be considered when analyzing scan reports? ## Footnote Analysing scan reports

Answer 41

Severity of vulnerability, criticality of affected systems, sensitivity of information, difficulty of remediation, and exposure of vulnerable systems.

Question 42

Why is it important to validate vulnerabilities before requesting remediation? ## Footnote Analysing scan reports

Answer 42

To confirm the existence of the vulnerability and ensure its proper rating in the prioritization process.

Question 43

How can you validate a vulnerability reported in a scan? ## Footnote Analysing scan reports

Answer 43

Review the details in the scanner report, including input and output sections, to understand the issue and verify its presence.

Question 44

What should you do when encountering false positive reports? ## Footnote Analysing scan reports

Answer 44

Investigate the reasons behind the report, but be aware that false positives can occur. Clearing them is important to maintain accuracy.

Question 45

How should you handle vulnerabilities that have already been acknowledged or mitigated? ## Footnote Analysing scan reports

Answer 45

Track these exceptions in the scanner or a configuration management database to avoid reporting known vulnerabilities.

Question 46

What are the possible outcomes of vulnerability reports? ## Footnote Analysing scan reports

Answer 46

True positive (vulnerability exists), false positive (vulnerability does not exist), true negative (no vulnerability found), and false negative (vulnerability missed).

Question 47

What is the purpose of validating scan results? ## Footnote Correlating scan results

Answer 47

To eliminate false positive reports and remove documented exceptions.

Question 48

What should you do to correlate scan reports with other information? ## Footnote Correlating scan results

Answer 48

Consult industry standards, best practices, compliance obligations, and technical information within your organization.

Question 49

Why should you consult industry standards and guidance? ## Footnote Correlating scan results

Answer 49

They provide specific guidance on vulnerabilities requiring urgent remediation, such as PCI DSS's guidance on vulnerability scanning.

Question 50

What sources of technical information can contribute to scan results? ## Footnote Correlating scan results

Answer 50

Configuration management systems, log repositories, and other data sources within your organization.

Question 51

Why should you monitor scan result trends? ## Footnote Correlating scan results

Answer 51

To identify recurring vulnerabilities and potential underlying issues that need to be addressed.

Question 52

What is the importance of preventing vulnerabilities rather than remediating them? ## Footnote Correlating scan results

Answer 52

It's better to address vulnerabilities beforehand by providing security training to developers and implementing input validation libraries to protect code from attacks.