Comparing Scanning and Testing Tools Flashcards
Fill in the two steps of the 4 high level vulnerability assessment steps
1) identify assets and capabilities
2)
3) Identify vulnerabilities and prioritize them
4)
1) identify assets and capabilities
2) Prioritize assets based on value
3) Identify vulnerabilities and prioritize them
4) Recommend controls to mitigate serious vulnerabilities.
Network scanners can detect the operating system, services and protocols running on each host, true or false?
TRUE
how is network mapping and network scanning different?
mapping focuses just on connectivity
network scanning identifies open ports, running services and OS details
if a wireless scanner just LISTENS to the traffic across 2.4 and 5ghz frequencies, what type of scanner is it?
Passive
Acrylic Wi-Fi professional is a what?
wireless scanner
Netcat can be used for what scanning purpose?
Banner grabbing
Which organization maintains a list of the publicly known vulnerabilities? What’s the list called?
The MITRE Corporation
It’s called the Common Vulnerabilities and Exposures
(CVE) list
Some vulnerability scanners include data loss prevention techniques to detect sensitive data sent over the network, true or false?
TRUE
How can vulnerability scans be made more accurate and reduce false positives?
By carrying out the scan using the credentials of a valid user account
To get the most accurate results, configuration compliance scans should be run as..
credentialed-scan
What document does a company use when they engage outside security professional to pen test the company?
They use a rules-of-engagement document that sets the boundaries of the pen test
open source intelligence methods is associated with passive or active reconnaissance?
Passive reconnaissance
Initial Exploitation involves escalating privileges, true or false?
FALSE. It involves exploiting the vulnerability to gain initial access to the system before any other malware is installed on the system
What is the name given to when an exploited system is used to gather information about the network?
Pivoting
Black box testers often use what to check for application vulnerabilities?
Fuzzing