chapter 5 - Security Assesment and Testing

Question 1

SCAP

Answer 1

Security
Content
Automation
Protocol

Question 2

CVE

Answer 2

Common Vulnerabilities & Exposures

Question 3

CVSS

Answer 3

Common
Vulnerability
Scoring
System

Question 4

ASV

Answer 4

approved
scanning
vendor

Question 5

NIST

Answer 5

national
institute
of
standards
and
technology

Question 6

ASV

Answer 6

approved
scanning
vendor

Question 7

SCAP (elements)

Answer 7

CPE
CCE
CVE
XCCDF
CVSS
OVAL

Question 8

CPE

Answer 8

common
platform
enumeration

Question 9

CCE

Answer 9

common
configuration
enumeration

Question 10

XCCDF

Answer 10

extensible
configuration
checklist
description
format

Question 11

OVAL

Answer 11

OPEN
VULNERABILITIES
AND
ASSESMENT
LANGUAGE

Question 12

vulnerability scanners

Answer 12

web
app
ntw

Question 13

WEB APP SCANNING

Answer 13

• SQL INJECTION
• CROSS-SITE SCRIPTING (XSS)
• CROSS-SITE REQUEST FORGERY (CSRF)

Question 14

APP SCANNING

Answer 14

STATIC
DYNAMIC
INTERACTIVE

Question 15

ntw vul. scanner

Answer 15

1 NESSUS
2 QUALYS (SaaS mgmt console - on premises+in the cloud)
3 RAPID7’ NEXPOSE
4 OPENVAS

Question 16

XSS

Answer 16

cross-site scripting

Question 17

CSRF

Answer 17

cross-site request forgery

Question 18

web app scanners

Answer 18

NIKTO - open source
ARACHNI - open source
ACUNETIX - commercial
=========================
most orgs use web app scanning capabilities of traditional ntw vuln scanners:
NESSUS
QUALYS
NEXPOSE

Question 19

ntw vuln scanners

Answer 19

NESSUS
QUALYS
RAPID7’s NEXPOSE
OPENVAS

Question 20

CVSS SEVERITY RATING SCALE

Answer 20

0.0 NONE
0.1 - 3.9 LOW
4 - 6.9 MEDIUM
7 - 8.9 HIGH
9 - 10 CRITICAL

Question 21

SOC

Answer 21

security
operations
center