Chapter 15 - Security Assessment and Testing Flashcards

1
Q

Who is the intended audience for a security assessment report?

A

Security assessment reports should be addressed to the organization’s management. For this reason, they should be written in plain English and avoid technical jargon.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What type of network discovery scan only follows the first two steps of the TCP handshake?

A

TCP SYN scan. It sends a single packet to each scanned port with the SYN flag set. This indicates a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags set, this indicates that the system is moving to the second phase in the three-way handshake and that the port is open. TCP SYN scanning is also known as “half-open” scanning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Web application scanning frequency requirement by PCI DSS

A

PCI DSS requires that organization either perform web application vulnerability scans at least annually or that they install dedicated web application firewalls to add additional layers of protection against web vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What information security management task ensures that the organization’s data protection requirements are met effectively?

A

The backup verification process ensures that backups are running properly and thus meeting the organization’s data protection objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Penetration test process

A

Performing basic reconnaissance to determine system function (such as visiting websites hosted on the system)
Network discovery scans to identify open ports
Network vulnerability scans to identify unpatched vulnerabilities
Web application vulnerability scans to identify web application flaws
Use of exploit tools to automatically attempt to defeat the system security Manual probing and attack attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why social engineering is difficult to counter

A
  • There is no single hardware or software solution to solve the issue.
  • Policy depends on users following the policy.
  • It is difficult to detect social engineering or differentiate routine user behavior with behavior motivated by an external actor.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Type of network-based vulnerability assessment

A

A network-based vulnerability assessment tool/system either re-enacts system attacks, noting and recording responses to the attacks, or probes different targets to infer weaknesses from their responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What kind of data test environment should use?

A

Test environment using sanitized live workloads data.
The best way to properly verify an application or system during a stress test would be to expose it to “live” data that has been sanitized to avoid exposing any sensitive information or Personally Identifiable Data (PII) while in a testing environment.

Fabricated test data may not be as varied, complex or computationally demanding as “live” data. A production environment should never be used to test a product, as a production environment is one where the application or system is being put to commercial or operational use. It is a best practice to perform testing in a non-production environment.
Stress testing is carried out to ensure a system can cope with production workloads, but as it may be tested to destruction, a test environment should always be used to avoid damaging the production environment. Hence, testing should never take place in a production environment. If only test data is used, there is no certainty that the system was adequately stress tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Blind Testing

A

Blind Testing refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target. Such a testing is expensive, since the penetration tester has to research the target and profile it based on publicly available information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Change management process sequence

A

Request a change, approve, document, test, implement, report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Syslog

A

Syslog, the most widely used logging subsystem, by default transmits log data in plaintext over UDP/514 when sending data to a remote server. UDP, a transport protocol that does not guarantee the delivery of transmissions, has implications for ensuring the continuity of logging.

This means that the central log server might not have received all the log data, even though the endpoint has no facility for knowing that it failed to be delivered successfully.

The plaintext nature of Syslog means that a suitably positioned adversary could see the (potentially sensitive) log data as it traverses the network. Syslog messages may also be spoofed due to the lack of authentication, lack of encryption, and use of UDP as the layer 4 transport protocol.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security assessment

A

Security assessments are a holistic approach to assessing the effectiveness of access control. Instead of looking narrowly at penetration tests or vulnerability assessments, security assessments have a broader scope.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly