7.2 Assessing Security

Question 1

_____________ and ___________testing are two primary methods to assess security after implementing measures.
*

Answer 1

Vulnerability assessment and penetration

Question 2

_________________ uses specialized tools to scan for known vulnerabilities.
*

Answer 2

Vulnerability assessment

Question 3

Vulnerability assessment tools require______________ to remain useful and accurate.
*

Answer 3

constant updates

Question 4

Vulnerability assessment results only indicate the ___________________________.
*

Answer 4

presence of specific known vulnerabilities on hosts

Question 5

Conducting a vulnerability assessment involves several steps, including ______________________

Answer 5

mapping and discovery.
*

Question 6

Mapping environments creates a ________________ present in the network.
*

Answer 6

list of devices

Question 7

Mapping large networks can be ___________ and potentially ____________ to network infrastructure.
*

Answer 7

time-consuming; stressful

Question 8

Discovering new hosts is necessary to keep ___________ up-to-date.
*

Answer 8

device lists

Question 9

After __________, vulnerability scanning can be conducted using different types of scans.
*

Answer 9

mapping

Question 10

What two methods can be used to discover new hosts on networks.
*

Answer 10

Active and passive

Question 11

_____________________ don’t require credentials and show open ports and basic information.
*

Answer 11

Unauthenticated scans

Question 12

________________________ use valid credentials to collect more thorough internal information.
*

Answer 12

Authenticated scans

Question 13

_______________ use small software pieces installed on hosts to avoid some downsides of authenticated scans.
*

Answer 13

Agented scans

Question 14

____________________focuses on specific applications, often web applications.
*

Answer 14

Application scanning

Question 15

__________________ present challenges for vulnerability scanning due to provider restrictions.
*

Answer 15

Cloud environments

Question 16

____________ in cloud environments require specialized vulnerability scanning tools.
*

Answer 16

Containers

Question 16

__________________ is a more in-depth process than vulnerability scanning.
*

Answer 16

Penetration testing

Question 17

Penetration testing aims to find_____________ before attackers do.
*

Answer 17

security holes

Question 18

Penetration testing follows a standard process: 5 things
*

Answer 18

scoping, reconnaissance, discovery, exploitation, and reporting.

Question 19

_______ defines what will be tested and may include rules of engagement.
*

Answer 19

Scoping

Question 20

_____________ involves researching the target environment before active testing.
*

Answer 20

Reconnaissance

Question 21

_____________ begins active testing, often using vulnerability assessment tools.
*

Answer 21

Discovery

Question 22

____________ attempts to exploit vulnerabilities detected in earlier stages.
*

Answer 22

Exploitation

Question 23

_____________ documents findings and steps to reproduce successful attacks.
*

Answer 23

Reporting

Question 24

Penetration tests can be classified as _________, __________, or ____________ based on information provided.
*

Answer 24

black box; (Attacker knows nothing - only scope) white box; (attacker know hosts, ip addresses etc.) gray box; (hacker knows a hybrid of the two)

Question 25

Tests can also be classified as _____or _________ based on access or who conducts them.
*

Answer 25

internal or external

Question 26

_____________________ testing is a broad term for testing hosts, web applications, and even social engineering.
*

Answer 26

Network penetration

Question 27

_____________________ focuses on specific applications using static or dynamic analysis.
*

Answer 27

Application penetration testing

Question 28

Physical penetration testing involves directly testing _________ security measures.
*

Answer 28

physical

Question 29

__________________ testing uses techniques to manipulate people and is often highly successful.
*

Answer 29

Social engineering

Question 30

Hardware testing examines devices like ____________or ______ devices.
*

Answer 30

network gear ; IoT

Question 31

_________________ programs offer rewards for discovering vulnerabilities in an organization’s resources.
*

Answer 31

Bug bounty

Question 32

Technological challenges for penetration testing include __________________ and ____________________.
*

Answer 32

cloud provider restrictions and finding skilled testers.

Question 33

_________________ testing conditions are crucial for accurate security assessment.
*

Answer 33

Realistic

Question 34

Rules of engagement should closely adhere to ___________ attack conditions.
*

Answer 34

real-world

Question 35

_________ should be set realistically to include critical systems.
*

Answer 35

Scope

Question 36

_____ environments should closely match ___________ environments.
*

Answer 36

Test; production

Question 37

Organizations should ______________during testing to detect attacks.
*

Answer 37

monitor security tools

Question 38

___________ defend against ___________ attacks during penetration tests.
*

Answer 38

Blue teams; red team

Question 39

_____________ teams bridge red and blue teams to ensure efficient operations.
*

Answer 39

Purple;

Question 40

Proper ______________ is necessary to detect penetration testing activities.
*

Answer 40

instrumentation

Question 41

Effective ____________ is crucial to respond to attacks or penetration tests in real-time.
*

Answer 41

alerting

Question 42

Vulnerability assessments and penetration tests provide a _____________ of security at a specific point in time.
*

Answer 42

snapshot

Question 43

______________ change constantly, requiring regular security assessments.
*

Answer 43

Attack surfaces

Question 44

Attackers constantly evolve their ___________and _________.
*

Answer 44

tools;techniques

Question 45

Technology ____________ can change security posture without notice.
*

Answer 45

updates

Question 46

Fixing security holes can be ____________ in terms of resources and development efforts.
*

Answer 46

expensive

Question 47

Organizations may prioritize ________________over security, requiring alternative ________________.
*

Answer 47

business needs ; controls or tools

Question 48

Vulnerability assessment and penetration testing are essential but represent only a _______________.
*

Answer 48

point in time

Question 49

Regular iteration of these processes is necessary to maintain current________________.

Answer 49

security data.

Question 50

What methods can you use to detect new hosts in your environments?

Answer 50

Use a vulnerability scanning tool using Nmap to make a map of the network to see who is there.

Question 51

What benefits does an agent provide when vulnerability scanning?

Answer 51

Not required to have credentials on the scanning tool or on the host.

Question 52

What challenges are there in vulnerability scanning for containers?

Answer 52

Containers may be up one minute and down another according to the load at the time.

Question 53

How is penetration testing different from vulnerability assessment?

Answer 53

Pen testing provides a report of the results of the actual attack and what can be exploited and vulnerability only provides a list of weaknesses.

Question 54

How is a red team different from a blue team?

Answer 54

Red team is the assigned pen tester

Question 55

Why is scoping important for a penetration test?

Answer 55

So the assigned attacker knows what is authorized to attack.

Question 56

What are the differences between static and dynamic analysis?

Answer 56

Static is testing the code - dynamic is testing the application during operation

Question 57

How is a bug bounty program different than a penetration test?

Answer 57

There is some kind of reward and is usually open to the public to find a bug in a business.

Question 58

What impact does the environment on which you test have on your test results?

Answer 58

Important to not artificially create a well secured separate environment for testing purposes.

Question 59

What is alert fatigue?

Answer 59

Borrowed from healthcare. To many alerts may exhaust the blue team during testing phases - answer to this is to send carefully selected actionable alerts.

Question 60

What would the Burp Suite be used for?

Answer 60

manual and automated testing of web applications.

Question 61

___________ is a tool that scans for vulnerabilities on a host.
Nmap

Wireshark

Hping

Nessus

Answer 61

Nessus

Question 62

Nmap is a_______________

Answer 62

network discovery tool to identify network hosts and open ports.

Question 63

Wireshark is a ____________________.

Answer 63

packet sniffer and protocol analyzer