Chapter 4 Analyzing Vulnerability Scans Flashcards

1
Q

An industry standard for assessing the severity of security vulnerabilities - Provides a technique for scoring each vulnerability on a variety of measures

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describes how an attacker would exploit a vulnerability

A

Access Vector Metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CVSS access vector metric

The attacker must have physical or logical access to the affected system

Score 0.395

A

Local (L)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CVSS access vector metric

The attacker must have access to the local network that the affected system is connected to

Score 0.646

A

Adjacent Network (A)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CVSS access vector metric

The attacker can exploit a vulnerability remotely over a network

Score 1.000

A

Network (N)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe the difficulty of exploitng the vulnerability

A

Access Complexity Metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CVSS access complexity metric

Exploiting the vulnerability requires “specialized” conditions that would be difficult to find

Score 0.350

A

High (H)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CVSS access complexity metric

Exploiting the vulnerability requires “somewhat specialized” conditions

Score 0.610

A

Medium (M)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CVSS access complexity metric

Exploiting the vulnerability does not require any specialized conditions

Score 0.710

A

Low (L)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Describes the authentication hurdles that an attacker would need to clear to exploit a vulnerability

A

Authentication Metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CVSS authentication metric

Attackers would need to authenticate two or more times to exploit the vulnerability

Score 0.450

A

Multiple (M)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CVSS authentication metric

Attackers would need to authenticate once to exploit the vulnerability

Score 0.560

A

Single (S)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CVSS authentication metric

Attackers do not need to authenticate to exploit the vulnerability

Score 0.704

A

None (N)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe the type of information disclosure that might occur if an attacker successfully exploit their vulnerability

A

Confidentiality Metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CVSS confidentiality metric

There is no confidentiality impact

Score 0.000

A

None (N)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CVSS confidentiality metric

Access to some information is possible, but the attacker does not have control over what information is compromised

Score 0.275

A

Partial (P)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

CVSS confidentiality metric

All information on the system is compromised

Score 0.660

A

Complete (C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describes the type of information alteration that might occur if attacker successfully exploit vulnerability

A

Integrity Metric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

CVSS integrity metric

There is no integrity impact

Score 0.000

20
Q

CVSS integrity metric

Modification of some information is possible, but the attacker does not have control over what information is modified

Score 0.275

A

Partial (P)

21
Q

CVSS integrity metric

The Integrity of the system is totally compromised, and the attacker may change any information at will

Score 0.660

A

Complete (C)

22
Q

Describe the type of disruption that might occur if attacker successfully exploit a vulnerability

A

Availability metric

23
Q

CVSS availability metric

There is no availability impact

Score 0.000

24
Q

CVSS availability metric

The performance of the system is degraded

Score 0.275

A

Partial (P)

25
CVSS availability metric The system is completely shut down Score 0.660
Complete (C)
26
Uses a single line format to convey the ratings of a vulnerability on all six metrics
CVSS Vector
27
Breakdown the following CVSS vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS2# - informs the reader the vector is composed of CVSS version 2 Access Vector: Network (score: 1.000) Access Complexity: Medium (score: 0.610) Authentication: None (score: 0.704) Confidentiality: Partial (score: 0.275) Integrity: None (score: 0.000) Availability: None (score: 0.000)
28
A single number representing the overall risk posed by a vulnerability
CVSS base score
29
Arriving at a base score requires first calculating what?
Exploitability score Impact score Impact function
30
Formula for calculating the exploitability score
Exploitability = 20 × AccessVector × AccessComplexity × Authentication
31
Formula for calculating impact score
Impact = 10.41 × (1 − (1 − Confidentiality) × (1 − Integrity) × (1 − Availability))
32
Formula for calculating impact function
If the impact score is 0, the impact function is also 0 Otherwise, the impact function value is 1.176
33
Formula for calculate CVSS the base score
BaseScore = ((0.6 × Impact) + (0.4 × Exploitability) − 1.5) × ImpactFunction
34
Nessus risk categories based on CVSS base scores
35
A scanner reports of vulnerability that does not exist is known as what?
False positive error
36
Systems that correlate login trees from multiple sources and provides actionable intelligence
Security information and event management (SIEM)
37
Occurs when an attacker manipulates a program into placing more data into an area of memory then is what is allocated for the program's use
Buffer Overflow Attack
38
Allows an attacker to run software of his or hers choice on a targeted system
Arbitrary Code Execution Vulnerabilities
39
The attacker can exploit the vulnerabilitiy over a network connection without having physical or logical access to the target system
Remote Code Execution Vulnerabilities
40
Give developers crucial information needed to troubleshoot applications in the development process
Debug mode
41
How should debug mode be treated in mature organizations?
Debug mode should always take place in a dedicated development environment that is only accessible from private networks
42
Which protocol is the most preferred Secure Socket Layer (SSL) or Transport Layer Security (TLS) ?
TLS is the replacement for SSL that offers similar functionality but does not have the same security flaws as SSL
43
What are some common certificate vulnerabilities detected in scans?
Mismatch between the name on the certificate in the name of the server Expiration of the digital certificate Unknown Certificate Authority
44
Describe a DNS amplification vulnerability?
That attacker sends spoofed DNS requests to a DNS server that are designed to elicit responses that are much larger in size than the original request. These response packets then go to the spoofed address where the DNS server believes the query originated; this causes a denial-of-service attack on the target.
45
An attacker has access to a virtual machine and uses this leverage to intrude other resources assigned to a different virtual machine
Virtual Machine Escape Vulnerabilities
46
What are the two best ways to protect against SQL injection attacks?
Input Validation - ensures that users don't provide unexpected text to the web server Least Privilege - restricts the tables that may be accessed by the web server and can prevent the retrieval of credit card information
47
An attacker embeds scripting commands on a website that will later be executed by unsuspecting visitor accessing the site
Cross-Site Scripting (XSS)