Chapter 12: Vulnerability Management Flashcards
What is MAEC?
Malware Attribute Enumeration and Characterization -
Threat intelligence requires what type of approach?
Signature based, because it compares a vulnerability scan against a set of known threat signatures
What is AIS?
Automated Indicator Sharing - This distributes threat intelligence info through computer-to-computer communication, faster communication
What is a credentialed vulnerability scan?
A vulnerability scan where valid credentials are supplied to the scanner
What is Active Scanning?
Sends test traffic transmissions into the network and monitors the responses of the endpoints
What is Passive Scanning?
Does not send any transmissions; it only listens for normal traffic to learn the needed information.
What is Invicti?
What is Nessus?
What is Nextpose?
What is OpenVAS?
What is the difference between an Audit and an Assessment?
Audit is an examination of results to verify their accuracy whereas an Assessment is
What is Sensitivity level in vulnerability management?
It is the depth of the scan
What is the Scope in vulnerability management?
What is TAXII?
What is STIX?
What is TBD?