Chapter 05: Security Assessment and Testing

Question 1

_________ programs play a criticial role in identifying, prioritizing and remediating vulnerabilities in our environments.

Answer 1

Vulnerability Management

Question 2

What does Vulnerability Management use to detect new vulnerabilities as they arise and then implement a remediation workflow that addresses the highest priority vulnerabilities?

Answer 2

Vulnerability Scanning

Question 3

Cybersecurity professionals use scanning tools to search the network for connected systems, whether they were previously known or unknown, and to build an _________.

Answer 3

Asset Inventory

Question 4

______ (a) and ________ (b) information helps guide decisions about the types of scans that are performed, the frequency of those scans and the priority administrators should place on remediating vulnerabilities detected by the scan.

Answer 4

Asset Inventory and Asset Criticality

Question 5

Name 5 different factors from the book that may influence how often an organization decides to conduct a vulnerability scan?

Answer 5

• Organization’s Risk Appetite
• Regulatory Requirements
• Technical Constraints
• Business Contains
• Licensing Limitations

Question 6

_____ is the organizations willingness to tolerate risk within the environment.

Answer 6

Organization’s Risk Appetite

Question 7

_____, such as those imposed by the Payment Card Industry Data Security standard may dictate a minimum frequency for vulnerability scans.

Answer 7

Regulatory Requirements

Question 8

_______ may limit the frequency of scanning. For example, the scanning system may only be capable of performing a certain number of scans per day and organizations may need to adjust scan frequency to ensure that all scans complete successfully.

Answer 8

Technical Constraints

Question 9

______ may limit the organization from conducting resource-intensive vulnerability scans during periods of high business activity to avoid disruption of critical processes.

Answer 9

Business Constraints

Question 10

_______ may curtail the bandwidth consumed by the scanner or the number of scans that may be conducted simultaneously.

Answer 10

Licensing Limitations

Question 11

Why is it important to conduct regular configuration reviews of vulnerability scanners?

Answer 11

It ensures the scan settings match current requirements.

Question 12

It is important to conduct regular ______ of vulnerability scanners to ensure that scan settings match current requirements.

Answer 12

configuration reviews

Question 13

________ typically only retrieve info from target servers and do not make changes to the server itself.

Answer 13

Credential Scans

Question 14

Each ________, conducts the scan from a different location on the network, providing a different view into vulnerabilities.

Answer 14

Scan perspectives

Question 15

The ___________ is an effort by the security community led by the NIST, to create a standardized approach for communicating security-related information.

Answer 15

Security Content Automation Process (SCAP)

Question 16

________ provides the standard nomenclature for discussing system configuration issues.

Answer 16

Common Configuration Enumeration (CCE)

Question 17

_______ provides a standard nomenclature for describing product names and versions.

Answer 17

Common Platform Enumeration (CPE)

Question 18

____ provides a standard nomenclature for describing security-related software flaws.

Answer 18

Common Vulnerabilities and Exposures (CVE)

Question 19

________ provides a standard approach for measuring and describing the severity of security-related software flaws.

Answer 19

Common Vulnerability Scoring System (CVSS)

Question 20

_______ - a language for specifying checklists and reporting checklist results.

Answer 20

Extensible Configuration Checklist Description Format (XCCDF)

Question 21

________ - A language for specifying low-level testing procedures used by checklists.

Answer 21

Open Vulnerability and Assessment Language (OVAL)

Question 22

______ analyzes code for vulnerabilities without executing it.

Answer 22

Static Testing

Question 23

_____ executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.

Answer 23

Dynamic Testing

Question 24

______ analyzes the source code while testers interact with the application through exposed interfaces.

Answer 24

Interactive Testing

Question 25

Which is a free Infrastructure Vulnerability Scanning tool?
a. Nessus
b. OpenVAS
c. Qualys’s Vulnerability CScanner
d. Rapid7

Answer 25

b. OpenVAS

Question 26

Which of the following are free web application scanning tool? (Select all that applies)
a. Nessus
b. Nikto
c. Rapid7
d. Arachni

Answer 26

b. Nikto
d. Arachni

Question 27

Name 4 Values in the CVSS attack vector metric.

Answer 27

Physical, Local, Adjacent Network, Network

Question 28

The _____ describes how an attacker would exploit the vulnerability.

Answer 28

Attack Vector Metric

Question 29

The ______ describes the difficulty of exploiting the vulnerability.

Answer 29

Attack Complexity Metric

Question 30

The ______ describes the type of account access that an attacker would need to exploit a vulnerability.

Answer 30

privileges required metric

Question 31

The _____ describes whether the attacker needs to involve another human in the attack.

Answer 31

User Interaction Metric

Question 32

The ______ describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability.

Answer 32

Confidentiality metric

Question 33

The _____ describes the type of information alteration that might occur if an attacker successfully exploits the vulnerability.

Answer 33

Integrity Metric

Question 34

The ______ describes the type of disruption that might occur if an attacker successfully exploits the vulnerability.

Answer 34

Availability Metric

Question 35

The _______ describes whether the vulnerability can affect system components beyond the scope of the vulnerability.

Answer 35

Scope Metric

Question 36

There are 8 metrics used in the CVSS. Name them all.

Answer 36

1. Scope Metric (S)
2. Availability Metric (A)
3. Integrity Metric (I)
4. Confidentiality Metric (C)
5. User Interaction Metric (UI)
6. Privileges Required Metric (PR)
7. Attack Complexity Metric (AC)
8. Attack Vector Metric (AV)

Question 37

Formula for calculating the “Impact Sub-Score” (ISS)

Answer 37

ISS = 1 [(1 - Confidentiality) x (1 - Integrity) x (1 - Availability)]

Question 38

Formula for the Impact Score when the scope metric is “Unchanged”?

Answer 38

Impact = 6.42 x ISS

Question 39

Formula for the Impact Score when the scope metric is “Changed”?

Answer 39

Impact = 7.52 x (ISS - 0.029) - 3.25 x (ISS - 0.02)^15

Question 40

Exploitability Score formula

Answer 40

Exploitability = 8.22 x Attack Vector x Attack Complexity x PrivilegesRequired x UserInteraction

Question 41

In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of none?

Answer 41

less than 0.1 (< 0.1)

Question 42

In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of Low?

Answer 42

0.1 - 3.9

Question 43

In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of Medium?

Answer 43

4.0 - 6.9

Question 44

In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of High?

Answer 44

7.0 - 8.0

Question 45

In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of Critical?

Answer 45

9.0 - 10.0

Question 46

When a vulnerability scanner reports a vulnerability, this is known as a ______ report.

Answer 46

Positive

Question 47

When a vulnerability scanner reports an inaccurate vulnerability, this is known as a _____.

Answer 47

False positive report

Question 48

When a scanner reports that a vulnerability is not present, this is a _______.

Answer 48

Negative Report

Question 49

When a scanner reports that a vulnerability is not present and this is inaccurate, this is a _____.

Answer 49

False Negative report

Question 50

Cybersecurity analysts interpreting these reports should also turn to other sources of security info as they perform their analysts. Name a valuable information source.

Answer 50

• Log Reviews from servers, applications, network devices, and other sources that might contain information about possible attempts to exploit detected vulnerabilities.
• SIEM systems that correlated log entries from multiple sources and provide actionable intelligence.
• Configuration management systems that provide information on the operating system and applications installed on a system.

Question 51

_______ - They are performed with full knowledge of the underlying technology, configuration and settings that make up the target.

Answer 51

White-box Penetration test

Question 52

______ - Testers are not provided with access to or information about an environment, and must gather information, discover vulnerabilities and make their way through an infrastructure or systems like an attacker would.

Answer 52

Black-box Penetration Tests

Question 53

______ - Partially known environment tests. Some information about the environment is known without giving full access, credentials or configuration details.

Answer 53

Gray-box tests

Question 54

Name 3 key elements that may be listed in the rules of engagement?

Answer 54

• Timeline for the engagement.
• What locations, systems, applications or other potential targets are included/excluded.
• Data handling requirements for information gathered during the penetration test.
• What behaviors to expect from the target. Defensive behaviors like shunning, blacklisting or other active defenses may limit the value of the penetration test.
• What resources are committed to the test.
• Legal concerns should be addressed.
• When/How communications will occur. Should the engagement include daily or weekly updates regardless of progress.

Question 55

______ is the technique in which hackers use the drones and unmanned aerial vehicles to attempt to eavesdrop on or connect to wireless networks.

Answer 55

War Flying

Question 56

______ is a technique where hackers drive by facilities in a car equipped with high-end antennas and attempt to eavesdrop on or connect to wireless networks.

Answer 56

War driving

Question 57

_______ uses hacking techniques to shift form the initial access gained by the attacker to more advanced privileges such as root access on the same system.

Answer 57

Privilege escalation

Question 58

______ occurs as the attacker uses initial system compromise to gain access to other systems on the target network.

Answer 58

Pivoting (lateral movement)