Chapter 05: Security Assessment and Testing Flashcards
_________ programs play a criticial role in identifying, prioritizing and remediating vulnerabilities in our environments.
Vulnerability Management
What does Vulnerability Management use to detect new vulnerabilities as they arise and then implement a remediation workflow that addresses the highest priority vulnerabilities?
Vulnerability Scanning
Cybersecurity professionals use scanning tools to search the network for connected systems, whether they were previously known or unknown, and to build an _________.
Asset Inventory
______ (a) and ________ (b) information helps guide decisions about the types of scans that are performed, the frequency of those scans and the priority administrators should place on remediating vulnerabilities detected by the scan.
Asset Inventory and Asset Criticality
Name 5 different factors from the book that may influence how often an organization decides to conduct a vulnerability scan?
- Organization’s Risk Appetite
- Regulatory Requirements
- Technical Constraints
- Business Contains
- Licensing Limitations
_____ is the organizations willingness to tolerate risk within the environment.
Organization’s Risk Appetite
_____, such as those imposed by the Payment Card Industry Data Security standard may dictate a minimum frequency for vulnerability scans.
Regulatory Requirements
_______ may limit the frequency of scanning. For example, the scanning system may only be capable of performing a certain number of scans per day and organizations may need to adjust scan frequency to ensure that all scans complete successfully.
Technical Constraints
______ may limit the organization from conducting resource-intensive vulnerability scans during periods of high business activity to avoid disruption of critical processes.
Business Constraints
_______ may curtail the bandwidth consumed by the scanner or the number of scans that may be conducted simultaneously.
Licensing Limitations
Why is it important to conduct regular configuration reviews of vulnerability scanners?
It ensures the scan settings match current requirements.
It is important to conduct regular ______ of vulnerability scanners to ensure that scan settings match current requirements.
configuration reviews
________ typically only retrieve info from target servers and do not make changes to the server itself.
Credential Scans
Each ________, conducts the scan from a different location on the network, providing a different view into vulnerabilities.
Scan perspectives
The ___________ is an effort by the security community led by the NIST, to create a standardized approach for communicating security-related information.
Security Content Automation Process (SCAP)
________ provides the standard nomenclature for discussing system configuration issues.
Common Configuration Enumeration (CCE)
_______ provides a standard nomenclature for describing product names and versions.
Common Platform Enumeration (CPE)
____ provides a standard nomenclature for describing security-related software flaws.
Common Vulnerabilities and Exposures (CVE)
________ provides a standard approach for measuring and describing the severity of security-related software flaws.
Common Vulnerability Scoring System (CVSS)
_______ - a language for specifying checklists and reporting checklist results.
Extensible Configuration Checklist Description Format (XCCDF)
________ - A language for specifying low-level testing procedures used by checklists.
Open Vulnerability and Assessment Language (OVAL)
______ analyzes code for vulnerabilities without executing it.
Static Testing
_____ executes code as part of the test, running all the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.
Dynamic Testing
______ analyzes the source code while testers interact with the application through exposed interfaces.
Interactive Testing
Which is a free Infrastructure Vulnerability Scanning tool?
a. Nessus
b. OpenVAS
c. Qualys’s Vulnerability CScanner
d. Rapid7
b. OpenVAS
Which of the following are free web application scanning tool? (Select all that applies)
a. Nessus
b. Nikto
c. Rapid7
d. Arachni
b. Nikto
d. Arachni
Name 4 Values in the CVSS attack vector metric.
Physical, Local, Adjacent Network, Network
The _____ describes how an attacker would exploit the vulnerability.
Attack Vector Metric
The ______ describes the difficulty of exploiting the vulnerability.
Attack Complexity Metric
The ______ describes the type of account access that an attacker would need to exploit a vulnerability.
privileges required metric
The _____ describes whether the attacker needs to involve another human in the attack.
User Interaction Metric
The ______ describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability.
Confidentiality metric
The _____ describes the type of information alteration that might occur if an attacker successfully exploits the vulnerability.
Integrity Metric
The ______ describes the type of disruption that might occur if an attacker successfully exploits the vulnerability.
Availability Metric
The _______ describes whether the vulnerability can affect system components beyond the scope of the vulnerability.
Scope Metric
There are 8 metrics used in the CVSS. Name them all.
- Scope Metric (S)
- Availability Metric (A)
- Integrity Metric (I)
- Confidentiality Metric (C)
- User Interaction Metric (UI)
- Privileges Required Metric (PR)
- Attack Complexity Metric (AC)
- Attack Vector Metric (AV)
Formula for calculating the “Impact Sub-Score” (ISS)
ISS = 1 [(1 - Confidentiality) x (1 - Integrity) x (1 - Availability)]
Formula for the Impact Score when the scope metric is “Unchanged”?
Impact = 6.42 x ISS
Formula for the Impact Score when the scope metric is “Changed”?
Impact = 7.52 x (ISS - 0.029) - 3.25 x (ISS - 0.02)^15
Exploitability Score formula
Exploitability = 8.22 x Attack Vector x Attack Complexity x PrivilegesRequired x UserInteraction
In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of none?
less than 0.1 (< 0.1)
In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of Low?
0.1 - 3.9
In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of Medium?
4.0 - 6.9
In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of High?
7.0 - 8.0
In the CVSS Qualitative Severity Rating Scale, what CVSS score range has a rating of Critical?
9.0 - 10.0
When a vulnerability scanner reports a vulnerability, this is known as a ______ report.
Positive
When a vulnerability scanner reports an inaccurate vulnerability, this is known as a _____.
False positive report
When a scanner reports that a vulnerability is not present, this is a _______.
Negative Report
When a scanner reports that a vulnerability is not present and this is inaccurate, this is a _____.
False Negative report
Cybersecurity analysts interpreting these reports should also turn to other sources of security info as they perform their analysts. Name a valuable information source.
- Log Reviews from servers, applications, network devices, and other sources that might contain information about possible attempts to exploit detected vulnerabilities.
- SIEM systems that correlated log entries from multiple sources and provide actionable intelligence.
- Configuration management systems that provide information on the operating system and applications installed on a system.
_______ - They are performed with full knowledge of the underlying technology, configuration and settings that make up the target.
White-box Penetration test
______ - Testers are not provided with access to or information about an environment, and must gather information, discover vulnerabilities and make their way through an infrastructure or systems like an attacker would.
Black-box Penetration Tests
______ - Partially known environment tests. Some information about the environment is known without giving full access, credentials or configuration details.
Gray-box tests
Name 3 key elements that may be listed in the rules of engagement?
- Timeline for the engagement.
- What locations, systems, applications or other potential targets are included/excluded.
- Data handling requirements for information gathered during the penetration test.
- What behaviors to expect from the target. Defensive behaviors like shunning, blacklisting or other active defenses may limit the value of the penetration test.
- What resources are committed to the test.
- Legal concerns should be addressed.
- When/How communications will occur. Should the engagement include daily or weekly updates regardless of progress.
______ is the technique in which hackers use the drones and unmanned aerial vehicles to attempt to eavesdrop on or connect to wireless networks.
War Flying
______ is a technique where hackers drive by facilities in a car equipped with high-end antennas and attempt to eavesdrop on or connect to wireless networks.
War driving
_______ uses hacking techniques to shift form the initial access gained by the attacker to more advanced privileges such as root access on the same system.
Privilege escalation
______ occurs as the attacker uses initial system compromise to gain access to other systems on the target network.
Pivoting (lateral movement)
