Comparing Scanning and Testing Tools Flashcards
Fill in the two steps of the 4 high level vulnerability assessment steps
1) identify assets and capabilities
2)
3) Identify vulnerabilities and prioritize them
4)
1) identify assets and capabilities
2) Prioritize assets based on value
3) Identify vulnerabilities and prioritize them
4) Recommend controls to mitigate serious vulnerabilities.
Network scanners can detect the operating system, services and protocols running on each host, true or false?
TRUE
how is network mapping and network scanning different?
mapping focuses just on connectivity
network scanning identifies open ports, running services and OS details
if a wireless scanner just LISTENS to the traffic across 2.4 and 5ghz frequencies, what type of scanner is it?
Passive
Acrylic Wi-Fi professional is a what?
wireless scanner
Netcat can be used for what scanning purpose?
Banner grabbing
Which organization maintains a list of the publicly known vulnerabilities? What’s the list called?
The MITRE Corporation
It’s called the Common Vulnerabilities and Exposures
(CVE) list
Some vulnerability scanners include data loss prevention techniques to detect sensitive data sent over the network, true or false?
TRUE
How can vulnerability scans be made more accurate and reduce false positives?
By carrying out the scan using the credentials of a valid user account
To get the most accurate results, configuration compliance scans should be run as..
credentialed-scan
What document does a company use when they engage outside security professional to pen test the company?
They use a rules-of-engagement document that sets the boundaries of the pen test
open source intelligence methods is associated with passive or active reconnaissance?
Passive reconnaissance
Initial Exploitation involves escalating privileges, true or false?
FALSE. It involves exploiting the vulnerability to gain initial access to the system before any other malware is installed on the system
What is the name given to when an exploited system is used to gather information about the network?
Pivoting
Black box testers often use what to check for application vulnerabilities?
Fuzzing
invasive/non-invasive testing broadly correlates with active/passive scanning tools, true or false
TRUE
What ‘tool’ is used to store information about security vulnerabilities? What does it do?
an Exploitation Framework
It contains tools used to check for vulnerabilities and execute exploits on any discovered vulnerabilities
BeEF and w3af are examples of what? Name them.
They’re examples of Exploitation Frameworks
BeEF = browser exploitation framework
w3af = web application attack and audit framework)
Which type of pen testing starts with the testers having full knowledge of the environment?
White Box testing
Which type of Pen testing involves the testers knowing some knowledge about the environment?
Grey Box testing
What characterizes “intrusive” when applied to pen testing or vulnerability scanning?
when intrusive testing or scanning is carried out it is characterized by a degree of disruption of the target system
what scanner verifies the configuration of systems?
What does it need to be run as?
configuration compliance scanner
run as a credentialed scan so they can accurately read the configuration of systems during the scan
what should you do before you start vulnerability/pen testing?
obtain authorization
