COMPTIA SECURITY + WEEK 3 CHAPTER 5 & 6 Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the main focus of Domain 4.0 in the CompTIA Security+ exam?

A

Security Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the identification methods associated with vulnerability management.

A
  • Vulnerability scan
  • Penetration testing
  • Responsible disclosure program
  • Bug bounty program
  • System/process audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Common Vulnerability Scoring System (CVSS) do?

A

It provides a standardized method for rating the severity of vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the key components of vulnerability response and remediation?

A
  • Patching
  • Insurance
  • Segmentation
  • Compensating controls
  • Exceptions and exemptions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is included in the validation of remediation?

A
  • Rescanning
  • Audit
  • Verification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What tools are used for security alerting and monitoring?

A
  • Security Content Automation Protocol (SCAP)
  • Vulnerability scanners
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of threat hunting?

A

To proactively search for and identify potential security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the types and purposes of audits and assessments?

A
  • Attestation
  • Internal (Compliance, Audit committee, Self-assessments)
  • External (Regulatory, Examinations, Assessment, Independent third-party audit)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What role do vulnerability management programs play?

A

They identify, prioritize, and remediate vulnerabilities in environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What factors influence the determination of scan frequency?

A
  • Organization’s risk appetite
  • Regulatory requirements
  • Technical constraints
  • Business constraints
  • Licensing limitations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the significance of asset inventory in vulnerability management?

A

It helps guide decisions about scan types, frequency, and prioritization of remediation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference between credentialed and noncredentialed scanning?

A

Credentialed scanning uses login credentials to access and verify configurations, while noncredentialed scanning does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or False: Credentialed scans can make changes to the target server.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a potential issue with intrusive plug-ins during vulnerability scanning?

A

They may disrupt activity on a production system or damage content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the benefits of using agent-based scanning?

A
  • Provides an ‘inside-out’ view of vulnerabilities
  • Conducts scans of server configurations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the purpose of conducting scans from various perspectives?

A

To provide different views into vulnerabilities from multiple network locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What should administrators regularly maintain in vulnerability management solutions?

A

The scanning software and vulnerability feeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the Security Content Automation Protocol (SCAP)?

A

A standardized approach for communicating security-related information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Fill in the blank: The _______ is used to assess the severity of vulnerabilities.

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the role of vulnerability plug-in feeds?

A

To ensure that scanners are updated with the latest vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is one method to improve the efficiency of vulnerability scans?

A

Disabling unnecessary plug-ins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How can organizations ensure that vulnerability management solutions are effective?

A

By regularly updating the scanner and its vulnerability feeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What should administrators do when configuring vulnerability scans?

A

Conduct regular configuration reviews to match current requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What does the term ‘scan sensitivity levels’ refer to?

A

Settings that determine the types of checks performed by the scanner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the Security Content Automation Protocol (SCAP)?

A

An effort led by NIST to create a standardized approach for communicating security-related information

SCAP facilitates automation between security components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

List the components of SCAP standards.

A
  • Common Configuration Enumeration (CCE)
  • Common Platform Enumeration (CPE)
  • Common Vulnerabilities and Exposures (CVE)
  • Common Vulnerability Scoring System (CVSS)
  • Extensible Configuration Checklist Description Format (XCCDF)
  • Open Vulnerability and Assessment Language (OVAL)

These components provide standard nomenclature for various aspects of security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the purpose of the Common Vulnerabilities and Exposures (CVE)?

A

To provide a standard naming system for security-related software flaws

The term CVE is often confused with Common Vulnerability Enumeration, an older definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What types of vulnerability scanners should a cybersecurity toolkit include?

A
  • Network vulnerability scanner
  • Application scanner
  • Web application scanner

These scanners are essential for preventive scanning and testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is the primary function of network vulnerability scanners?

A

To probe network-connected devices for known vulnerabilities

They identify device types and configurations before launching targeted tests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Name a well-known commercial network vulnerability scanner.

A

Tenable’s Nessus

Nessus was one of the earliest products in this field.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the function of application testing tools?

A

To analyze custom-developed software for common security vulnerabilities

They help ensure security during the software development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What are the three techniques used in application testing?

A
  • Static testing
  • Dynamic testing
  • Interactive testing

Each technique has its own approach to identifying vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What do web application vulnerability scanners test for?

A

Web-specific vulnerabilities such as SQL injection, XSS, and CSRF

They combine network scans with detailed probing of web applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is the purpose of reviewing and interpreting vulnerability scan reports?

A

To gain detailed information about identified vulnerabilities

The reports assist analysts in understanding and addressing vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does the attack vector metric (AV) describe in CVSS?

A

How an attacker would exploit a vulnerability

It is scored based on the criteria of physical, local, adjacent, or network access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the CVSS score range for assessing vulnerability severity?

A

0 to 10

Higher scores indicate more severe vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What metric describes the difficulty of exploiting a vulnerability in CVSS?

A

Attack complexity metric (AC)

It is scored as high or low based on the conditions required to exploit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What does the privileges required metric (PR) indicate in CVSS?

A

The type of account access needed to exploit a vulnerability

It can be high, low, or none.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

True or False: The user interaction metric (UI) indicates whether another human’s action is needed for exploitation.

A

True

This metric can be categorized as none or required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What does the confidentiality metric (C) in CVSS assess?

A

The type of information disclosure that might occur

It is scored as none, low, or high.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What does the integrity metric (I) measure in CVSS?

A

The type of information alteration that might occur if exploited

It is scored similarly to confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What does the availability metric (A) indicate in CVSS?

A

The type of disruption that might occur if exploited

It is assessed as none, low, or high.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the scope metric (S) in CVSS?

A

It describes whether the vulnerability affects resources beyond the managing security authority

The metric is categorized as unchanged or changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What version of CVSS is currently in use?

A

Version 3.1

This version is a minor update from version 3.0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is the main difference between a vulnerability that affects resources managed by the same security authority versus one that affects resources beyond that scope?

A

The first affects only resources managed by the same authority, while the second can impact resources beyond that authority’s management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is the current version of CVSS discussed in the text?

A

CVSS version 3.1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What does the CVSS vector convey?

A

It conveys the ratings of a vulnerability across eight metrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What are the nine components of a CVSS vector?

A

CVSS version, Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality, Integrity, Availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is the score for the Attack Vector rated as ‘Network’ in the example?

A

0.85.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is the formula used to calculate the Impact Sub-Score (ISS)?

A

The ISS summarizes the three impact metrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

How do you calculate the Impact Score when the Scope metric is Unchanged?

A

Multiply the ISS by 6.42.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is the highest possible CVSS base score?

A

10.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is a common method to summarize CVSS results?

A

Using risk categories based on the CVSS Qualitative Severity Rating Scale.

55
Q

What CVSS score range is categorized as ‘High’ risk?

A

7.0–8.9.

56
Q

What is a false positive in the context of vulnerability scanning?

A

When a scanner reports a vulnerability that does not exist.

57
Q

What kind of reports can a vulnerability scanner generate?

A

Positive reports (true positives or false positives) and negative reports (true negatives or false negatives).

58
Q

In vulnerability verification, what might analysts need to do?

A

Simulate an exploit or verify that a patch is missing.

59
Q

What should analysts consult alongside vulnerability scan reports?

A

Log reviews, SIEM systems, and configuration management systems.

60
Q

What is a common alert from a vulnerability scan regarding security patches?

A

That one or more systems are running an outdated version of an operating system or application.

61
Q

What is the typical solution for unsupported operating systems?

A

Upgrade to a version that is currently supported.

62
Q

What are examples of weak configuration settings highlighted by vulnerability scans?

A
  • Default settings posing security risks
  • Default credentials or unsecured accounts
  • Open service ports
  • Open permissions violating the principle of least privilege.
63
Q

What security risk is associated with debug modes in applications?

A

They can provide attackers with detailed information about the application structure.

64
Q

What is an example of an insecure protocol mentioned in the text?

65
Q

What are secure alternatives to Telnet and FTP?

A
  • Secure Shell (SSH) for Telnet
  • Secure File Transfer Protocol (SFTP)
  • FTP-Secure (FTPS).
66
Q

What are the two critical choices to make when implementing encryption?

A
  • The algorithm for encryption and decryption
  • The encryption key to use.
67
Q

What is the consequence of using a weak encryption algorithm?

A

It may be easily defeated by an attacker.

68
Q

What are the two important choices to make when implementing encryption?

A

The algorithm to use to perform encryption and decryption, and the encryption key to use with that algorithm.

69
Q

What is the impact of using a weak encryption algorithm?

A

It may be easily defeated by an attacker.

70
Q

What is penetration testing?

A

Authorized, legal attempts to defeat an organization’s security controls and perform unauthorized activities.

71
Q

What mindset do penetration testers adopt?

A

The hacker mindset.

72
Q

What is the primary goal of penetration testing?

A

To gain a complete picture of an organization’s security vulnerability.

73
Q

List examples of physical security controls that could be evaluated in a security assessment.

A
  • Security cameras in high-risk areas
  • Auditing of cash register receipts
  • Theft detectors at the main entrance/exit
  • Exit alarms on emergency exits
  • Burglar alarm wired to detect openings
74
Q

True or False: Penetration testers need to evaluate the effectiveness of every security control.

75
Q

What does a penetration tester need to find to succeed?

A

One flaw in the existing controls or one scenario that was overlooked.

76
Q

What is the significance of the hacker mindset in penetration testing?

A

It allows testers to think like a criminal to find vulnerabilities.

77
Q

Why do organizations perform penetration testing despite having security controls?

A

It provides visibility into the organization’s security posture that isn’t available by other means.

78
Q

What knowledge does penetration testing provide about an organization’s defenses?

A

Whether an attacker with equivalent skills could penetrate the defenses.

79
Q

What is the presumption of compromise in threat hunting?

A

The assumption that attackers have already successfully breached an organization.

80
Q

What are the four major categories of penetration testing?

A
  • Physical penetration testing
  • Offensive penetration testing
  • Defensive penetration testing
  • Integrated penetration testing
81
Q

What are the three typical classifications used to describe penetration testing?

A
  • Known environment tests
  • Unknown environment tests
  • Partially known environment tests
82
Q

What is a known environment test?

A

Tests performed with full knowledge of the underlying technology, configurations, and settings of the target.

83
Q

What is an unknown environment test?

A

Tests intended to replicate what an attacker would encounter, without prior access to information about the environment.

84
Q

What is a partially known environment test?

A

A blend of known and unknown environment testing, providing some information to testers without full access.

85
Q

What are the key elements of the rules of engagement (RoE) in penetration testing?

A
  • Timeline for the engagement
  • Locations, systems, applications included or excluded
  • Data handling requirements
  • Expected behaviors from the target
  • Resources committed to the test
  • Legal concerns
  • Communication methods
86
Q

What must be obtained before conducting a penetration test?

A

Appropriate permission in the form of a signed agreement or similar documentation.

87
Q

Fill in the blank: Penetration testing complements and builds on other cybersecurity activities, providing __________ into an organization’s security posture.

A

[knowledge]

88
Q

What do penetration tests provide in terms of remediation?

A

An important blueprint for remediation if attackers are successful.

89
Q

What do threat hunters search for in an organization’s infrastructure?

A

Artifacts of a successful attack.

90
Q

What is the main goal of threat hunting?

A

To search for evidence of successful attacks.

91
Q

What is the relationship between penetration testing and threat hunting?

A

Both adopt the attacker’s mindset but have different objectives.

92
Q

What must penetration testers obtain before conducting a test?

A

Appropriate permission

This should be documented in a signed agreement or memo from senior management.

93
Q

What is the purpose of a ‘get out of jail free’ card in penetration testing?

A

To provide documentation that helps avoid legal trouble if something goes wrong

This document proves that permission was granted by the appropriate authority.

94
Q

What should scoping agreements and rules of engagement define?

A

The testing limitations and methodologies

It should clarify what will be tested and what will not.

95
Q

What is the primary goal of the reconnaissance phase in penetration testing?

A

To gather information about the target organization

This includes both known and unknown-environment tests.

96
Q

What are passive reconnaissance techniques?

A

Techniques that gather information without directly engaging the target

Examples include DNS lookups and web searches.

97
Q

What are active reconnaissance techniques?

A

Techniques that directly engage the target in intelligence gathering

Examples include port scanning and vulnerability scanning.

98
Q

What technique do penetration testers use to identify wireless networks?

A

War driving

This involves driving by facilities to eavesdrop on or connect to wireless networks.

99
Q

What is privilege escalation in penetration testing?

A

Shifting from initial access to more advanced privileges

This may include gaining root access on a system.

100
Q

What is pivoting in the context of a penetration test?

A

Lateral movement to gain access to other systems on the target network

This follows the initial compromise of a system.

101
Q

What do penetration testers do at the conclusion of a test?

A

Conduct close-out activities, including presenting results and cleaning up traces

This involves removing tools and persistence mechanisms.

102
Q

What are the three major components of a security assessment program?

A
  • Security tests
  • Security assessments
  • Security audits
103
Q

What is the purpose of security tests?

A

To verify that a control is functioning properly

These tests include automated scans and manual penetration tests.

104
Q

What factors should be considered when scheduling security controls for review?

A
  • Availability of testing resources
  • Criticality of systems
  • Sensitivity of information
  • Likelihood of technical failure
  • Risk of attack
105
Q

What is a responsible disclosure program?

A

A program that allows researchers to share information about vulnerabilities with vendors

This fosters collaboration for timely identification and remediation of security vulnerabilities.

106
Q

What is the main work product of a security assessment?

A

An assessment report addressed to management

It contains results and recommendations in nontechnical language.

107
Q

What distinguishes security audits from security assessments?

A

Audits must be performed by independent auditors

Audits aim to provide an unbiased view of security controls.

108
Q

What are the three main types of audits?

A
  • Internal audits
  • External audits
  • Independent third-party audits
109
Q

What is the role of the chief audit executive (CAE) in internal audits?

A

To report directly to the president or governing board

This ensures independence from the functions they evaluate.

110
Q

Which firms are considered the ‘Big Four’ for external audits?

A
  • Ernst & Young
  • Deloitte
  • PricewaterhouseCoopers (PwC)
  • KPMG
111
Q

What is the Statement on Standards for Attestation Engagements document 18 (SSAE 18)?

A

A standard for auditors performing assessments of service organizations

It allows organizations to conduct an external assessment instead of multiple third-party audits.

112
Q

What is one common framework for conducting audits?

A

Control Objectives for Information and related Technologies (COBIT)

COBIT outlines common requirements for information systems.

113
Q

What is the first stage in the vulnerability life cycle?

A

Vulnerability Identification

This stage involves becoming aware of vulnerabilities in the environment.

114
Q

What is the first stage of the vulnerability life cycle?

A

Vulnerability Identification

This stage involves becoming aware of vulnerabilities through various sources.

115
Q

Name three sources from which vulnerabilities can be identified.

A
  • Vulnerability scans
  • Penetration tests
  • Reports from bug bounty programs
116
Q

What is the purpose of vulnerability analysis?

A

To confirm the existence of the vulnerability and prioritize it using tools like CVSS and CVE

This analysis includes organization-specific details.

117
Q

What does CVSS stand for?

A

Common Vulnerability Scoring System

118
Q

What is one method cybersecurity professionals can use to respond to a vulnerability?

A

Apply a patch or other corrective measure

Other methods include network segmentation and implementing compensating controls.

119
Q

What is the purpose of validating remediation?

A

To ensure that the vulnerability is no longer present in the system

This is typically done by rescanning the affected system.

120
Q

What does the reporting stage of the vulnerability life cycle involve?

A

Communicating findings, actions taken, and lessons learned to relevant stakeholders

This ensures decision-makers are informed about the organization’s security posture.

121
Q

True or False: Vulnerability scanning can only identify issues in applications, not in systems or devices.

122
Q

What is the significance of penetration testing?

A

It places security professionals in the role of attackers to discover security issues

Results provide a roadmap for improving security controls.

123
Q

Fill in the blank: When a scan detects a vulnerability that does not exist, it is known as a _______.

A

false positive

124
Q

What is the goal of threat hunting?

A

To discover existing compromises within an organization

125
Q

List two types of vulnerability reports.

A
  • False positives
  • False negatives
126
Q

What is the role of bug bounty programs?

A

To incentivize vulnerability reporting by providing financial rewards

This encourages ethical behavior from hackers.

127
Q

What is one key activity performed during the vulnerability analysis stage?

A

Prioritizing and categorizing the vulnerability

128
Q

What are the stages of the vulnerability life cycle?

A
  • Vulnerability Identification
  • Vulnerability Analysis
  • Vulnerability Response and Remediation
  • Validation of Remediation
  • Reporting
129
Q

What do security audits assess?

A

The adequacy and effectiveness of an organization’s security controls

Audits can be conducted by internal or third-party auditors.

130
Q

What is one consequence of improper patch management?

A

It can lead to vulnerabilities that attackers exploit

131
Q

What is the purpose of the Common Vulnerabilities and Exposures (CVE) standard?

A

To consistently describe vulnerabilities

132
Q

What is one of the first actions taken during penetration testing?

A

Conduct reconnaissance efforts

133
Q

What does the term ‘lateral movement’ refer to in penetration testing?

A

Expanding access to other systems after gaining initial access

134
Q

True or False: Remediation actions can include purchasing insurance.