chapter 5 - Security Assesment and Testing Flashcards

Question 1

Q

SCAP

Answer

A

Security
Content
Automation
Protocol

Question 2

Q

CVE

Answer

A

Common Vulnerabilities & Exposures

Question 3

Q

CVSS

Answer

A

Common
Vulnerability
Scoring
System

Question 4

Q

ASV

Answer

A

approved
scanning
vendor

Question 5

Q

NIST

Answer

A

national
institute
of
standards
and
technology

Question 6

Q

ASV

Answer

A

approved
scanning
vendor

Question 7

Q

SCAP (elements)

Answer

A

CPE
CCE
CVE
XCCDF
CVSS
OVAL

Question 8

Q

CPE

Answer

A

common
platform
enumeration

Question 9

Q

CCE

Answer

A

common
configuration
enumeration

Question 10

Q

XCCDF

Answer

A

extensible
configuration
checklist
description
format

Question 11

Q

OVAL

Answer

A

OPEN
VULNERABILITIES
AND
ASSESMENT
LANGUAGE

Question 12

Q

vulnerability scanners

Answer

A

web
app
ntw

Question 13

Q

WEB APP SCANNING

Answer

A

SQL INJECTION
CROSS-SITE SCRIPTING (XSS)
CROSS-SITE REQUEST FORGERY (CSRF)

Question 14

Q

APP SCANNING

Answer

A

STATIC
DYNAMIC
INTERACTIVE

Question 15

Q

ntw vul. scanner

Answer

A

1 NESSUS
2 QUALYS (SaaS mgmt console - on premises+in the cloud)
3 RAPID7’ NEXPOSE
4 OPENVAS

Question 16

Q

XSS

Answer

A

cross-site scripting

Question 17

Q

CSRF

Answer

A

cross-site request forgery

Question 18

Q

web app scanners

Answer

A

NIKTO - open source
ARACHNI - open source
ACUNETIX - commercial
=========================
most orgs use web app scanning capabilities of traditional ntw vuln scanners:
NESSUS
QUALYS
NEXPOSE

Question 19

Q

ntw vuln scanners

Answer

A

NESSUS
QUALYS
RAPID7’s NEXPOSE
OPENVAS

Question 20

Q

CVSS SEVERITY RATING SCALE

Answer

A

0.0 NONE
0.1 - 3.9 LOW
4 - 6.9 MEDIUM
7 - 8.9 HIGH
9 - 10 CRITICAL

Question 21

Q

SOC

Answer

A

security
operations
center

Brainscape's Knowledge GenomeTM

chapter 5 - Security Assesment and Testing Flashcards

Brainscape's Knowledge Genome^TM