Analyzing Vulnerability Scans Flashcards
Tom is reviewing a vulnerability scan report and finds that one of the servers on his network suffers from an internal IP address disclosure vulnerability. What technology is likely in use on this network that resulted in this vulnerability?
A. TLS
B. NAT
C. SSH
D. VPN
Answer:
B. Although the network can support any of these protocols, internal IP disclosure vulnerabilities occur when a network uses Network Address Translation (NAT) to map public and private IP addresses but a server inadvertently discloses its private IP address to remote systems.
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack?
A. AV
B. C
C. PR
D. AC
Answer:
C. The privileges required (PR) metric indicates the type of account access the attacker must have.
Which one of the following values for the confidentiality, integrity, or availability CVSS metric would indicate the potential for total compromise of a system?
A. N
B. L
C. M
D. H
Answer:
D. A value of High (H) for an impact metric indicates the potential for complete loss of confidentiality, integrity, and/or availability.
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?
A. High
B. Medium
C. Low
D. Severe
Answer:
C. An attack complexity of “low” indicates that exploiting the vulnerability does not require any specialized conditions.
What is the most recent version of CVSS that is currently available?
A. 1.0
B. 2.0
C. 2.5
D. 3.1
Answer:
D. Version 3.1 of CVSS is currently available but is not as widely used as the more common CVSS version 2.0.
Which one of the following metrics is not included in the calculation of the CVSS exploitability score?
A. Attack vector
B. Vulnerability age
C. Attack complexity
D. Privileges required
Answer:
B. The CVSS exploitability score is computed using the attack vector, attack complexity, privileges required, and user interaction metrics.
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?
A. Low
B. Medium
C. High
D. Critical
Answer:
B. Vulnerabilities with CVSS base scores between 4.0 and 6.9 fit into the medium risk category.
Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?
A. False positive
B. False negative
C. True positive
D. True negative
Answer:
A. A false positive error occurs when the vulnerability scanner reports a vulnerability that does not actually exist.
Which one of the following is not a common source of information that may be correlated with vulnerability scan results?
A. Logs
B. Database tables
C. SIEM
D. Configuration management system
Answer:
B. It is unlikely that a database table would contain information relevant to assessing a vulnerability scan report. Logs, SIEM reports, and configuration management systems are much more likely to contain relevant information.
Which one of the following operating systems should be avoided on production networks?
A. Windows Server 2003
B. Red Hat Enterprise Linux 7
C. CentOS 7
D. Ubuntu 16
Answer:
A. Microsoft discontinued support for Windows Server 2003, and it is likely that the operating system contains unpatchable vulnerabilities.
In what type of attack does the attacker place more information in a memory location than is allocated for that use?
A. SQL injection
B. LDAP injection
C. Cross-site scripting
D. Buffer overflow
Answer:
D. Buffer overflow attacks occur when an attacker manipulates a program into placing more data into an area of memory than is allocated for that program’s use. The goal is to overwrite other information in memory with instructions that may be executed by a different process running on the system.
The Dirty COW attack is an example of what type of vulnerability?
A. Malicious code
B. Privilege escalation
C. Buffer overflow
D. LDAP injection
Answer:
B. In October 2016, security researchers announced the discovery of a Linux kernel vulnerability dubbed Dirty COW. This vulnerability, present in the Linux kernel for nine years, was extremely easy to exploit and provided successful attackers with administrative control of affected systems.
Which one of the following protocols should never be used on a public network?
A. SSH
B. HTTPS
C. SFTP
D. Telnet
Answer:
D. Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are all considered secure.
Betty is selecting a transport encryption protocol for use in a new public website she is creating. Which protocol would be the best choice?
A. SSL 2.0
B. SSL 3.0
C. TLS 1.0
D. TLS 1.1
Answer:
D. TLS 1.1 is a secure transport protocol that supports web traffic. The other protocols listed all have flaws that render them insecure and unsuitable for use.
Which one of the following conditions would not result in a certificate warning during a vulnerability scan of a web server?
A. Use of an untrusted CA
B. Inclusion of a public encryption key
C. Expiration of the certificate
D. Mismatch in certificate name
Answer:
B. Digital certificates are intended to provide public encryption keys, and this would not cause an error. The other circumstances are all causes for concern and would trigger an alert during a vulnerability scan.