Chapter 8: Using Risk Management Tools Flashcards
A ____ is the likelihood that a threat will exploit a vulnerability.
risk
A ____ is a potential danger that can compromise confidentiality, integrity, or availability of data or a system.
threat
A ____ is a weakness.
vulnerability
____ refers to the magnitude of harm that can be caused if a threat exercises a vulnerability.
Impact
___ ____ help an organization identify and categorize threats.
Threat assessments
An____ threat assessment evaluates the likelihood of an environmental threat, such as a natural disaster, occurring.
environmental
____ threat assessments evaluate threats from humans.
Manmade
____ threat assessments evaluate threats from within an organization.
Internal
____ threat assessment evaluates threats from outside an organization.
External
A _____ is a flaw or weakness in software or hardware, or a weakness in a process that a threat could exploit, resulting in a security breach.
vulnerability
Risk management attempts to reduce risk to a level that an organization can accept, and the remaining risk is known as ____ risk.
residual
You can avoid a risk by not providing a service or participating in a risky activity. Purchasing insurance, such as fire insurance, transfers the risk to another entity. Security controls mitigate, or reduce, risks. When the cost of a control outweighs a risk, it is common to ____ ___ ____.
accept the risk
A ___ _____ quantifies or qualifies risks based on different values or judgments. It starts by identifying asset values and prioritizing high-value items.
risk assessment
____ risk assessments use numbers, such as costs and asset values.
Quantitative
The ___ ___ ___ is the cost of any single loss.
single loss expectancy (SLE)
The ____ __ ___ ____ indicates how many times the loss will occur annually.
annual rate of occurrence (ARO)
You can calculate the annual loss expectancy (ALE) as ___ x ____
SLE × ARO.
_____risk assessments use judgments to prioritize risks based on likelihood of occurrence and impact. These judgments provide a subjective ranking.
Qualitative
A ____ ____ is a detailed document listing information about risks. It typically includes risk scores along with recommended security controls to reduce the risk scores.
risk register
A ____ ____ assessment evaluates a supply chain needed to produce and sell a product. It includes raw materials and all the processes required to create and distribute a finished product.
supply chain
A ___ ___ scans systems for open ports and attempts to discover what services and protocols are running.
port scanner
____ ____ identifies the IP addresses of hosts within a network.
Network mapping
____ scanners expand on network mapping. They identify the operating system running on each host. They can also identify services and protocols running on each host.
Network
____ scanners can detect rogue access points (APs) in a network. Many can also crack passwords used by the APs.
Wireless
____ _____ queries remote systems to detect their operating system, along with services, protocols, and applications running on the remote system.
Banner grabbing
_____ scanners passively test security controls to identify vulnerabilities, a lack of security controls, and common misconfigurations. They are effective at discovering systems susceptible to an attack without exploiting the systems.
Vulnerability
A ___ positive from a vulnerability scan indicates the scan detected a vulnerability, but the vulnerability doesn’t exist.
false
_____ scans run under the context of an account and can be more accurate than non- credentialed scans, giving fewer false positives.
Credentialed
_____ testers should gain consent prior to starting a penetration test. A rules-of- engagement document identifies the boundaries of the test.
Penetration
A ____ ___ is an active test that attempts to exploit discovered vulnerabilities. It starts with a vulnerability scan and then bypasses or actively tests security controls to exploit vulnerabilities.
penetration test
_____ ____ gathers information from open-source intelligence. Active reconnaissance uses scanning techniques to gather information.
Passive reconnaissance
After initial exploitation, a penetration tester uses ____ ____ techniques to gain more access.
privilege escalation
____ during a penetration test is the process of using an exploited system to access other systems.
Pivoting
In____ box testing, testers perform a penetration test with zero prior knowledge of the environment.____ box testing indicates that the testers have full knowledge of the environment, including documentation and source code for tested applications. ____ box testing indicates some knowledge of the environment.
black
White
Gray
Scans can be either intrusive or non-intrusive.____ testing is intrusive (also called invasive) and can potentially disrupt operations.____ testing is non-intrusive (also called non-invasive).
Penetration
Vulnerability
____frameworks store information about security vulnerabilities. They are often used by penetration testers (and attackers) to detect and exploit software.
Exploitation
___ ____ (sniffers) can capture and analyze data sent over a network. Testers (and attackers) use protocol analyzers to capture cleartext data sent across a network.
Protocol analyzers
Administrators use protocol analyzers for troubleshooting communication issues by inspecting protocol____ to detect manipulated or fragmented packets.
headers
Captured_____ show the type of traffic (protocol), source and destination IP addresses, source and destination MAC addresses, and flags.
packets
_____is a command-line protocol analyzer. Captured packet files can be analyzed in a graphical protocol analyzer such as Wireshark.
Tcpdump
____is a sophisticated network scanner run from the command line. ____ is a command-line tool used to remotely administer servers; it can also be used for banner grabbing.
Nmap
Netcat
Logs record events and by monitoring logs, administrators can detect event anomalies. Security logs track ___ and ___ activity on systems. System logs identify when services ___ and ___.
logon and logoff
start and stop
Firewall and router logs identify the ___ and ____ of traffic.
source and destination
A ____ ____ ____ ____ system can aggregate and correlate logs from multiple sources in a single location. It also provides continuous monitoring and automated alerting and triggers.
security information and event management (SIEM)
_____ security monitoring helps an organization maintain its security posture, by verifying that security controls continue to function as intended.
Continuous
____ auditing records user activities. These auditing reviews examine user activity.
User
____ auditing reviews help ensure that users have only the rights and permissions they need to perform their jobs, and no more.
Permission
