Chapter 15- Security Assessment and Testing Flashcards

1
Q
  1. What is security testing?
A

Security Tests verify that a control is working properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What is testing strategy?
A

Testing strategy may involve frequent automated tests supplemented by infrequent manual tests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What is Security Assessment?
A

Security Assessment is a comprehensive review of a security system, application or tested environment.
• They also include a thoughtful review of the threat environment, current and future risks, and the value of the targeted environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. NIST 800-53A assessments include 4 components, list them:
A

specifications: i.e. documents associated with the systems being audited.
• Mechanisms: are controls used within an information system to meet the specifications.
• Activities: are actions carried out by people within an information system.
• Individuals: are people who implement specifications, mechanisms and activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. What Are security audits?
A

Security Audits are evaluations performed with the purpose of demonstrating the effectiveness of controls to a third party.
• Security audits use many of the same techniques followed during security assessments but must be performed by independent auditors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. There are three main types of audits:
A

internal audits, external audits, and third-party audits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What is internal audit?
A

Internal audit is performed by an organisation’s internal staff and are typically intended for internal audiences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What is external audit?
A

external audit is performed by an outside auditing firm. These audits have a high degree of external validity because the auditors performing the assessments theoretically have no conflict of interest with the organisation itself. e.g PWc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What are Third Party Audits?
A

Third Party Audits are conducted by or on behalf of another organisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. SSAE 16 means:
A

Statement on Standards for Attestation Engagements document 16.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Statement on Standards for Attestation Engagements document 16 (SSAE 16) engagements produce 2 types of reports:
A
  • Type I reports provide a description of the controls provided by the audited organisation as well as the auditor’s opinion based upon that description. Type I audits cover a single point in time and do not involve actual testing of the controls by the auditor.
  • Type II reports cover a minimum of 6months period and also include an opinion from the auditor on the effectiveness of those controls based upon actual testing performed by the auditor.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. List 2 auditing standards:
A

International Organisation for Standards (ISO) and Control Objectives for Information and related Technology (COBIT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. SCAP means
A

Security Content Automation Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. List and describe the components of Security Content Automation Protocol (SCAP)-
A
  • Common Vulnerabilities and Exposures (CVE): Provides a naming system for describing security vulnerabilities
  • Common Vulnerability Scoring System (CVSS): provides a standardised scoring system for describing the severity of vulnerabilities.
  • Common Configuration Enumeration (CCE): naming convention for system configuration issues.
  • Common Platform Enumeration (CPE): naming system for operating systems, applications and devices.
  • Extensible Configuration Checklist Description Format (XCCDF): provides a language for specifying security checklists
  • Open Vulnerability and Assessment Language (OVAL): provide a language for describing security testing procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What is vulnerability Scan?
A

Vulnerability scans automatically probe systems, applications and networks for weaknesses that may be exploited by an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. List 4 types of vulnerability scans:
A

network discovery scans, network vulnerability scans, web application vulnerability scans and database vulnerability scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. Describe Network Discovery Scanning:
A

Network Discovery Scanning uses a variety of techniques to scan a range of IP addresses, searching for systems with open network ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. List methods used by network scanners to identify open ports on remote systems:
A
  • TCP SYN Scanning
  • TCP Connect Scanning
  • TCP ACK Scanning
  • Xmas Scanning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What is TCP SYN Scanning?
A

Sends a single packet to each scanned port with the SYN flag set. This indicates a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags set, this indicates that the system is moving to the second phase in the three-way TCP handshake and that the port is open. TCP SYN scanning is also known as “half-open” scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. What is TCP Connect Scanning?
A

Opens a full connection to the remote system on the specified port. This scan type is used when the user running the scan does not have the necessary permissions to run a half-open scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. What is TCP ACK Scanning?
A

Sends a packet with the ACK flag set, indicating that it is part of an open connection. This type of scan may be done in an attempt to determine the rules enforced by a firewall and the firewall methodology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. What is Xmas Scanning?
A

Sends a packet with the FIN, PSH, and URG flags set. A packet with so many flags set is said to be “lit up like a Christmas tree,” leading to the scan’s name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

The most common tool used for network discovery scanning is an open-source tool called______________:

A

nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. What is nmap open status?
A

the port is open on the remote system and there is an application that is actively accepting connections on that port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. What is nmap closed status?
A

the port is accessible on remote system, firewall is allowing access but there is no application accepting connections on that port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. What is Nmap Filtered status?
A

Nmap is unable to determine if the port is open or closed because a firewall is interfering with the connection attempt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. What is false positive in vulnerability scanning?
A

False positive reports a vulnerability when there is really no problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. what is false negative in vulnerability scanning?
A

False negative occurs when a vulnerability scanner fails to alert the administrators to the presence of a dangerous situation. Note: By default, network vulnerability scanners run unauthenticated scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. What are Authenticated Scans?
A

Authenticated Scans improves the accuracy of scanning and reduce false negatives or positives. The scanner has read-only access to the scanner being scanned and can use this access to read configuration information from the target system and use that information when analyzing vulnerability testing results.

An authenticated scan is an essential tool to obtain accurate vulnerability information on covered devices by authenticating to scanned devices to obtain detailed and accurate information about the operating system and installed software, including configuration issues and missing security patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. What is the TCP Port for FTP?
A

20/21

31
Q
  1. What is the TCP Port for SSH
A

22

32
Q
  1. What is the TCP Port for Telnet?
A

23

33
Q
  1. What is the TCP Port for SMTP?
A

25

34
Q
  1. What is the TCP Port for DNS?
A

53

35
Q
  1. What is the TCP Port for HTTP?
A

80

36
Q
  1. What is the TCP Port for POP3?
A

110

37
Q
  1. What is the TCP Port for NTP?

*Network Time Protocol

A

123

38
Q
  1. What is the TCP Port for Windows file Sharing?
A

135, 137-139, 445

39
Q
  1. What is the TCP Port for HTTPS?
A

443

40
Q
  1. What is the TCP Port for LPR/LPD?
A

515

41
Q
  1. What is the TCP Port for Microsoft SQL Server?
A

1433/1434

42
Q
  1. What is the TCP Port for Oracle?
A

1521

43
Q
  1. What is the TCP Port for H.323?
A

1720

44
Q
  1. What is the TCP Port for PPTP?
A

1723

45
Q
  1. What is the TCP Port for RDP?
A

3389

46
Q
  1. What is the TCP Port for HP Jet Direct Printing?
A

9100

47
Q
  1. What are Web Vulnerability Scanners?
A

Web Vulnerability Scanners comb web applications for known vulnerabilities. Nessus Vulnerability scanner performs both network and web vulnerability scans.

48
Q
  1. What are database vulnerability scanners?
A

Database vulnerability scanners are tools that allow security professionals to scan both database and web applications for vulnerabilities that may affect database security. e.g. sqlmap.

49
Q
  1. List Vulnerability Management Workflow:
A

Scan ??) Detection, Validation, Remediation (e.g. patch, web application firewall etc.)

50
Q

What are penetration tests?

A

penetration involves targeting a single system or set of systems and uses various techniques to gain access.

51
Q
  1. List the phases of Penetration Testing?
A

PIVER) Planning, Information Gathering and discovery, vulnerability scanning, exploitation, reporting.
• Planning: this includes agreement on the scope of test and rules of engagement.
• Information Gathering and discovery: uses manual and automated tools to collect information about the target area.
• Vulnerability Scanning: probes systems weakness using vulnerability scans
• Exploitation: Seeks to use manual and automated exploit tools to attempt to defeat a system.
• Reporting

52
Q
  1. List 3 groups of Penetration Tests:
A

White box penetration test
• Gray-Box Penetration Test
• Black-Box Penetration Test

53
Q
  1. What is White-Box Penetration Test:
A

Provides attackers with a detailed information about the systems they target.

54
Q
  1. What is Grey-Box Penetration Test?
A

Gray-Box Penetration Test is also known as partial knowledge tests, they are used to balance the advantages and the disadvantages of white and black box penetration tests.
• This is particularly common when black box results are desired but costs or time constraints mean that some knowledge is needed to complete the testing.

55
Q
  1. What is Black-Box Penetration Test?
A

This testing does not provide the attacker with any information before the attack. this simulates an external attack.

56
Q
  1. Disadvantage of Black Box Penetration Testing?
A

Penetration Tests seek to exploit Vulnerabilities and consequently may disrupt system access or corrupt data stored in systems.
• This is one of the major reasons that it is important to clearly outline the rules of engagement during the planning phase of the test as well as have complete authorization from a senior management level prior to starting any testing.

57
Q

What is code review?

A

Code review involves developers other than the one who wrote the code review code for defects. It is also known as peer review.
• Code review is the foundation of software assessment programs.

58
Q
  1. The most formal code review process is known as:
A

Fagan inspections

59
Q
  1. List the steps in Fagan inspections:
A

Planning, Overview, Preparation, Inspection, Rework, Follow Up.

60
Q
  1. What is Static Testing?
A

Static testing evaluates the security of software without running it by analysing either the source code or compiled application. Static analysis usually involves the use of automated tools designed to detect common software flaws, such as buffer overflows.

61
Q
  1. What is dynamic testing?
A

Dynamic testing evaluates the security of software in a runtime environment and is often the only option for organisations deploying application written by someone else. e.g. using web scanning tolls to detect the presence of cross-site scripting

62
Q
  1. What are synthetic transactions?
A

Synthetic transactions are scripted transactions with known expected results. They are used to verify system performance.

63
Q
  1. What are Fuzz Testing?
A

Fuzz Testing is a specialized dynamic testing technique that provides many different types of input to software to stress its limits and find previously undetected flaws. e.g. invalid input

64
Q
  1. What do fuzz testers monitor
A

fuzz testers monitor the performance of applications watching for software crashes buffer overflows and other undesirable or/and unpredictable outcomes

65
Q
  1. There are two types of fuzz testing:
A
  • Mutation (Dumb) Fuzzing: takes previous input values from actual operation of software and manipulates (or mutates) to create fuzzed input.
  • What are generational (Intelligent) Fuzzing? Develops data models and creates new fuzzed input based on an understanding of the types of data used by the program.
66
Q
  1. List 3 types of Interfaces that should be tested during software testing process
A
  • Application Programming Interfaces (API): offer a standard way for codes to interact and may be exposed to the outside world.
  • User Interfaces (UIs): provide end users with the ability to interact with the software.
  • Physical Interfaces: exists in some applications that manipulate machinery, logic controllers or other objects in the physical world.
67
Q
  1. Software testers use a process known as _______ or _______ to evaluate the vulnerability of their software to software users that may attempt to misuse the application:
A

misuse case testing, abuse case testing.

68
Q
  1. What is Test Coverage Analysis:
A

Test Coverage= number of use case tested/ total no of use cases.

69
Q
  1. What is Passive Monitoring?
A

Passive Monitoring analyses actual network traffic sent to a website by capturing it as it travels over the network or reaches the server

70
Q
  1. What is Real User Monitoring?
A

Real User Monitoring is a variant of passive monitoring where the monitoring tool reassembles the activity of individual users to track the interaction with the website.

71
Q
  1. What is Synthetic Monitoring (or active monitoring)?
A

Synthetic Monitoring performs artificial transactions against a website to assess performance

72
Q
  1. SIEM means:
A

Security Information and Event Management

73
Q
  1. Logging systems should make use of the ________ Protocol to ensure that clocks are synchronised on systems sending log entries to the Security Information and Event Management (SIEM):
A

Network Time Protocol (NTP)

74
Q
  1. Account management Reviews may be done by __________ or ________:
A

Security Management Personnel or Internal Auditors.