7.3.3 Practice Questions Flashcards
Which of the following are the three metrics used to determine a CVSS score?
answer
Base, temporal, and environmental
Risk, temporal, and severity
Base, change, and environmental
Risk, change, and severity
Base, temporal, and environmental
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?
answer
NVD
CWE
CVE
CVSS
NVD
Listen to exam instructions
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?
answer
NVD
CVE
CISA
CWE
CWE
Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers?
answer
CAPEC
CVE
CISA
CWE
CAPEC
The list of cybersecurity resources below are provided by which of the following government sites?
Information exchange
Training and exercises
Risk and vulnerability assessments
Data synthesis and analysis
Operational planning and coordination
Watch operations
Incident response and recovery
answer
CISA
CVE
CAPEC
CWE
CISA
There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?
answer
A community-developed list of common software security weaknesses.
A list of standardized identifiers for known software vulnerabilities and exposures.
A mailing list that often shows the newest vulnerabilities before other sources.
A list searchable by mechanisms of attack or domains of attack.
A mailing list that often shows the newest vulnerabilities before other sources.
Listen to exam instructions
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use?
answer
CAPEC
CVSS
CVE
CISA
CVSS