Chapter 8: Using Risk Management Tools

Question 1

A ____ is the likelihood that a threat will exploit a vulnerability.

Answer 1

risk

Question 2

A ____ is a potential danger that can compromise confidentiality, integrity, or availability of data or a system.

Answer 2

threat

Question 3

A ____ is a weakness.

Answer 3

vulnerability

Question 4

____ refers to the magnitude of harm that can be caused if a threat exercises a vulnerability.

Answer 4

Impact

Question 5

___ ____ help an organization identify and categorize threats.

Answer 5

Threat assessments

Question 6

An____ threat assessment evaluates the likelihood of an environmental threat, such as a natural disaster, occurring.

Answer 6

environmental

Question 7

____ threat assessments evaluate threats from humans.

Answer 7

Manmade

Question 8

____ threat assessments evaluate threats from within an organization.

Answer 8

Internal

Question 9

____ threat assessment evaluates threats from outside an organization.

Answer 9

External

Question 10

A _____ is a flaw or weakness in software or hardware, or a weakness in a process that a threat could exploit, resulting in a security breach.

Answer 10

vulnerability

Question 11

Risk management attempts to reduce risk to a level that an organization can accept, and the remaining risk is known as ____ risk.

Answer 11

residual

Question 12

You can avoid a risk by not providing a service or participating in a risky activity. Purchasing insurance, such as fire insurance, transfers the risk to another entity. Security controls mitigate, or reduce, risks. When the cost of a control outweighs a risk, it is common to ____ ___ ____.

Answer 12

accept the risk

Question 13

A ___ _____ quantifies or qualifies risks based on different values or judgments. It starts by identifying asset values and prioritizing high-value items.

Answer 13

risk assessment

Question 14

____ risk assessments use numbers, such as costs and asset values.

Answer 14

Quantitative

Question 15

The ___ ___ ___ is the cost of any single loss.

Answer 15

single loss expectancy (SLE)

Question 16

The ____ __ ___ ____ indicates how many times the loss will occur annually.

Answer 16

annual rate of occurrence (ARO)

Question 17

You can calculate the annual loss expectancy (ALE) as ___ x ____

Answer 17

SLE × ARO.

Question 18

_____risk assessments use judgments to prioritize risks based on likelihood of occurrence and impact. These judgments provide a subjective ranking.

Answer 18

Qualitative

Question 19

A ____ ____ is a detailed document listing information about risks. It typically includes risk scores along with recommended security controls to reduce the risk scores.

Answer 19

risk register

Question 20

A ____ ____ assessment evaluates a supply chain needed to produce and sell a product. It includes raw materials and all the processes required to create and distribute a finished product.

Answer 20

supply chain

Question 21

A ___ ___ scans systems for open ports and attempts to discover what services and protocols are running.

Answer 21

port scanner

Question 22

____ ____ identifies the IP addresses of hosts within a network.

Answer 22

Network mapping

Question 23

____ scanners expand on network mapping. They identify the operating system running on each host. They can also identify services and protocols running on each host.

Answer 23

Network

Question 24

____ scanners can detect rogue access points (APs) in a network. Many can also crack passwords used by the APs.

Answer 24

Wireless

Question 25

____ _____ queries remote systems to detect their operating system, along with services, protocols, and applications running on the remote system.

Answer 25

Banner grabbing

Question 26

_____ scanners passively test security controls to identify vulnerabilities, a lack of security controls, and common misconfigurations. They are effective at discovering systems susceptible to an attack without exploiting the systems.

Answer 26

Vulnerability

Question 27

A ___ positive from a vulnerability scan indicates the scan detected a vulnerability, but the vulnerability doesn’t exist.

Answer 27

false

Question 28

_____ scans run under the context of an account and can be more accurate than non- credentialed scans, giving fewer false positives.

Answer 28

Credentialed

Question 29

_____ testers should gain consent prior to starting a penetration test. A rules-of- engagement document identifies the boundaries of the test.

Answer 29

Penetration

Question 30

A ____ ___ is an active test that attempts to exploit discovered vulnerabilities. It starts with a vulnerability scan and then bypasses or actively tests security controls to exploit vulnerabilities.

Answer 30

penetration test

Question 31

_____ ____ gathers information from open-source intelligence. Active reconnaissance uses scanning techniques to gather information.

Answer 31

Passive reconnaissance

Question 32

After initial exploitation, a penetration tester uses ____ ____ techniques to gain more access.

Answer 32

privilege escalation

Question 33

____ during a penetration test is the process of using an exploited system to access other systems.

Answer 33

Pivoting

Question 34

In____ box testing, testers perform a penetration test with zero prior knowledge of the environment.____ box testing indicates that the testers have full knowledge of the environment, including documentation and source code for tested applications. ____ box testing indicates some knowledge of the environment.

Answer 34

black
White
Gray

Question 35

Scans can be either intrusive or non-intrusive.____ testing is intrusive (also called invasive) and can potentially disrupt operations.____ testing is non-intrusive (also called non-invasive).

Answer 35

Penetration

Vulnerability

Question 36

____frameworks store information about security vulnerabilities. They are often used by penetration testers (and attackers) to detect and exploit software.

Answer 36

Exploitation

Question 37

___ ____ (sniffers) can capture and analyze data sent over a network. Testers (and attackers) use protocol analyzers to capture cleartext data sent across a network.

Answer 37

Protocol analyzers

Question 38

Administrators use protocol analyzers for troubleshooting communication issues by inspecting protocol____ to detect manipulated or fragmented packets.

Answer 38

headers

Question 39

Captured_____ show the type of traffic (protocol), source and destination IP addresses, source and destination MAC addresses, and flags.

Answer 39

packets

Question 40

_____is a command-line protocol analyzer. Captured packet files can be analyzed in a graphical protocol analyzer such as Wireshark.

Answer 40

Tcpdump

Question 41

____is a sophisticated network scanner run from the command line. ____ is a command-line tool used to remotely administer servers; it can also be used for banner grabbing.

Answer 41

Nmap

Netcat

Question 42

Logs record events and by monitoring logs, administrators can detect event anomalies. Security logs track ___ and ___ activity on systems. System logs identify when services ___ and ___.

Answer 42

logon and logoff

start and stop

Question 43

Firewall and router logs identify the ___ and ____ of traffic.

Answer 43

source and destination

Question 44

A ____ ____ ____ ____ system can aggregate and correlate logs from multiple sources in a single location. It also provides continuous monitoring and automated alerting and triggers.

Answer 44

security information and event management (SIEM)

Question 45

_____ security monitoring helps an organization maintain its security posture, by verifying that security controls continue to function as intended.

Answer 45

Continuous

Question 46

____ auditing records user activities. These auditing reviews examine user activity.

Answer 46

User

Question 47

____ auditing reviews help ensure that users have only the rights and permissions they need to perform their jobs, and no more.

Answer 47

Permission