Analyzing Output from Vulnerability Scanners

Question 1

A commonly used scheme for identifying vulnerabilities developed by MITRE and
adopted by NIST

Answer 1

Common Vulnerabilities and Exposures (CVE)

Question 2

A superset of the CVE database, maintained by NIST, that contains additional
information such as analysis, criticality metrics (CVSS), and fix information or
instructions

Answer 2

National Vulnerability Database (NVD)

Question 3

A knowledge base maintained by MITRE that classifies specific attack patterns
focused on application security and exploit techniques

Answer 3

Common Attack Pattern Enumeration and Classification (CAPEC)

Question 4

Scheme for identifying hardware devices, operating systems,
and applications
▪ cpe:/{part}:{vendor}:
{product}:{version}:
{update}:{edition}:{language}

Answer 4

Common Platform Enumeration (CPE)

Question 5

Scheme for provisioning secure configuration checks across multiple sources

Answer 5

Common Configuration Enumeration (CCE)

Question 6

A risk management approach to quantifying vulnerability data and then taking
into account the degree of risk to different types of systems or information

Answer 6

Common Vulnerability Scoring System (CVSS)

Question 7

Physical (P), Local (L), Adjacent network (A), or Network (N)

Answer 7

Access Vector (AV)

Question 8

High (H) or Low (L)

Answer 8

Access Complexity (AC)

Question 9

None (N), Low (L), or High (H)

Answer 9

Privileges Required (PR)

Question 10

Unchanged (U) or Changed (C)

Answer 10

Scope (S)

Question 11

High (H), Medium (M), or Low (L)

Answer 11

Confidentiality (C)

Question 12

High (H), Medium (M), or Low (L)

Answer 12

Integrity (I)

Question 13

High (H), Medium (M), or Low (L)

Answer 13

Availability (A)

Question 14

A vulnerability report that is not validated is useless
o True Positives
o False Positives
o True Negatives
o False Negatives

Answer 14

Vulnerability Reports

Question 15

An alert that matches a vulnerability and the vulnerability exists on the system

Answer 15

True Positive

Question 16

An alert that matches a vulnerability and the vulnerability does not exist on the
system

Answer 16

False Positive

Question 17

Exception Management

Answer 17

Exception Management

Question 18

An alert is not generated because there is no matching vulnerability on the
system

Answer 18

True Negative

Question 19

An alert is not generated even though there is a matching vulnerability on the
system

Answer 19

False Negative

Question 20

Reconcile results because scanners can misinterpret the information, they receive
from their probes

Answer 20

Validating Scan Reports

Question 21

A commercial vulnerability scanner produced by Tenable Network Security for on-premise and cloud-based vulnerability scanning

Answer 21

Nessus

Question 22

Open source vulnerability scanner that began its development from the Nessus
codebase when Nessus was converted to commercial software

Answer 22

OpenVAS

Question 23

A cloud-based vulnerability management solution with installed sensor agents at
various points in their network and the sensors upload data to the cloud platform
for analysis

Answer 23

Qualys