Chapter 4 Analyzing Vulnerability Scans

Question 1

An industry standard for assessing the severity of security vulnerabilities - Provides a technique for scoring each vulnerability on a variety of measures

Answer 1

Common Vulnerability Scoring System (CVSS)

Question 2

Describes how an attacker would exploit a vulnerability

Answer 2

Access Vector Metric

Question 3

CVSS access vector metric

The attacker must have physical or logical access to the affected system

Score 0.395

Answer 3

Local (L)

Question 4

CVSS access vector metric

The attacker must have access to the local network that the affected system is connected to

Score 0.646

Answer 4

Adjacent Network (A)

Question 5

CVSS access vector metric

The attacker can exploit a vulnerability remotely over a network

Score 1.000

Answer 5

Network (N)

Question 6

Describe the difficulty of exploitng the vulnerability

Answer 6

Access Complexity Metric

Question 7

CVSS access complexity metric

Exploiting the vulnerability requires “specialized” conditions that would be difficult to find

Score 0.350

Answer 7

High (H)

Question 8

CVSS access complexity metric

Exploiting the vulnerability requires “somewhat specialized” conditions

Score 0.610

Answer 8

Medium (M)

Question 9

CVSS access complexity metric

Exploiting the vulnerability does not require any specialized conditions

Score 0.710

Answer 9

Low (L)

Question 10

Describes the authentication hurdles that an attacker would need to clear to exploit a vulnerability

Answer 10

Authentication Metric

Question 11

CVSS authentication metric

Attackers would need to authenticate two or more times to exploit the vulnerability

Score 0.450

Answer 11

Multiple (M)

Question 12

CVSS authentication metric

Attackers would need to authenticate once to exploit the vulnerability

Score 0.560

Answer 12

Single (S)

Question 13

CVSS authentication metric

Attackers do not need to authenticate to exploit the vulnerability

Score 0.704

Answer 13

None (N)

Question 14

Describe the type of information disclosure that might occur if an attacker successfully exploit their vulnerability

Answer 14

Confidentiality Metric

Question 15

CVSS confidentiality metric

There is no confidentiality impact

Score 0.000

Answer 15

None (N)

Question 16

CVSS confidentiality metric

Access to some information is possible, but the attacker does not have control over what information is compromised

Score 0.275

Answer 16

Partial (P)

Question 17

CVSS confidentiality metric

All information on the system is compromised

Score 0.660

Answer 17

Complete (C)

Question 18

Describes the type of information alteration that might occur if attacker successfully exploit vulnerability

Answer 18

Integrity Metric

Question 19

CVSS integrity metric

There is no integrity impact

Score 0.000

Answer 19

None (N)

Question 20

CVSS integrity metric

Modification of some information is possible, but the attacker does not have control over what information is modified

Score 0.275

Answer 20

Partial (P)

Question 21

CVSS integrity metric

The Integrity of the system is totally compromised, and the attacker may change any information at will

Score 0.660

Answer 21

Complete (C)

Question 22

Describe the type of disruption that might occur if attacker successfully exploit a vulnerability

Answer 22

Availability metric

Question 23

CVSS availability metric

There is no availability impact

Score 0.000

Answer 23

None (N)

Question 24

CVSS availability metric

The performance of the system is degraded

Score 0.275

Answer 24

Partial (P)

Question 25

CVSS availability metric

The system is completely shut down

Score 0.660

Answer 25

Complete (C)

Question 26

Uses a single line format to convey the ratings of a vulnerability on all six metrics

Answer 26

CVSS Vector

Question 27

Breakdown the following CVSS vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Answer 27

CVSS2# - informs the reader the vector is composed of CVSS version 2

Access Vector: Network (score: 1.000)

Access Complexity: Medium (score: 0.610)

Authentication: None (score: 0.704)

Confidentiality: Partial (score: 0.275)

Integrity: None (score: 0.000)

Availability: None (score: 0.000)

Question 28

A single number representing the overall risk posed by a vulnerability

Answer 28

CVSS base score

Question 29

Arriving at a base score requires first calculating what?

Answer 29

Exploitability score Impact score Impact function

Question 30

Formula for calculating the exploitability score

Answer 30

Exploitability = 20 × AccessVector × AccessComplexity × Authentication

Question 31

Formula for calculating impact score

Answer 31

Impact = 10.41 × (1 − (1 − Confidentiality) × (1 − Integrity) × (1 − Availability))

Question 32

Formula for calculating impact function

Answer 32

If the impact score is 0, the impact function is also 0 Otherwise, the impact function value is 1.176

Question 33

Formula for calculate CVSS the base score

Answer 33

BaseScore = ((0.6 × Impact) + (0.4 × Exploitability) − 1.5) × ImpactFunction

Question 34

Nessus risk categories based on CVSS base scores

Answer 34

Question 35

A scanner reports of vulnerability that does not exist is known as what?

Answer 35

False positive error

Question 36

Systems that correlate login trees from multiple sources and provides actionable intelligence

Answer 36

Security information and event management (SIEM)

Question 37

Occurs when an attacker manipulates a program into placing more data into an area of memory then is what is allocated for the program’s use

Answer 37

Buffer Overflow Attack

Question 38

Allows an attacker to run software of his or hers choice on a targeted system

Answer 38

Arbitrary Code Execution Vulnerabilities

Question 39

The attacker can exploit the vulnerabilitiy over a network connection without having physical or logical access to the target system

Answer 39

Remote Code Execution Vulnerabilities

Question 40

Give developers crucial information needed to troubleshoot applications in the development process

Answer 40

Debug mode

Question 41

How should debug mode be treated in mature organizations?

Answer 41

Debug mode should always take place in a dedicated development environment that is only accessible from private networks

Question 42

Which protocol is the most preferred Secure Socket Layer (SSL) or Transport Layer Security (TLS) ?

Answer 42

TLS is the replacement for SSL that offers similar functionality but does not have the same security flaws as SSL

Question 43

What are some common certificate vulnerabilities detected in scans?

Answer 43

Mismatch between the name on the certificate in the name of the server

Expiration of the digital certificate

Unknown Certificate Authority

Question 44

Describe a DNS amplification vulnerability?

Answer 44

That attacker sends spoofed DNS requests to a DNS server that are designed to elicit responses that are much larger in size than the original request.

These response packets then go to the spoofed address where the DNS server believes the query originated; this causes a denial-of-service attack on the target.

Question 45

An attacker has access to a virtual machine and uses this leverage to intrude other resources assigned to a different virtual machine

Answer 45

Virtual Machine Escape Vulnerabilities

Question 46

What are the two best ways to protect against SQL injection attacks?

Answer 46

Input Validation - ensures that users don’t provide unexpected text to the web server

Least Privilege - restricts the tables that may be accessed by the web server and can prevent the retrieval of credit card information

Question 47

An attacker embeds scripting commands on a website that will later be executed by unsuspecting visitor accessing the site

Answer 47

Cross-Site Scripting (XSS)