COMPTIA SECURITY + WEEK 3 CHAPTER 5 & 6 Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the main focus of Domain 4.0 in the CompTIA Security+ exam?

A

Security Operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the identification methods associated with vulnerability management.

A
  • Vulnerability scan
  • Penetration testing
  • Responsible disclosure program
  • Bug bounty program
  • System/process audit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Common Vulnerability Scoring System (CVSS) do?

A

It provides a standardized method for rating the severity of vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the key components of vulnerability response and remediation?

A
  • Patching
  • Insurance
  • Segmentation
  • Compensating controls
  • Exceptions and exemptions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is included in the validation of remediation?

A
  • Rescanning
  • Audit
  • Verification
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What tools are used for security alerting and monitoring?

A
  • Security Content Automation Protocol (SCAP)
  • Vulnerability scanners
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of threat hunting?

A

To proactively search for and identify potential security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the types and purposes of audits and assessments?

A
  • Attestation
  • Internal (Compliance, Audit committee, Self-assessments)
  • External (Regulatory, Examinations, Assessment, Independent third-party audit)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What role do vulnerability management programs play?

A

They identify, prioritize, and remediate vulnerabilities in environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What factors influence the determination of scan frequency?

A
  • Organization’s risk appetite
  • Regulatory requirements
  • Technical constraints
  • Business constraints
  • Licensing limitations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the significance of asset inventory in vulnerability management?

A

It helps guide decisions about scan types, frequency, and prioritization of remediation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference between credentialed and noncredentialed scanning?

A

Credentialed scanning uses login credentials to access and verify configurations, while noncredentialed scanning does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True or False: Credentialed scans can make changes to the target server.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a potential issue with intrusive plug-ins during vulnerability scanning?

A

They may disrupt activity on a production system or damage content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the benefits of using agent-based scanning?

A
  • Provides an ‘inside-out’ view of vulnerabilities
  • Conducts scans of server configurations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the purpose of conducting scans from various perspectives?

A

To provide different views into vulnerabilities from multiple network locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What should administrators regularly maintain in vulnerability management solutions?

A

The scanning software and vulnerability feeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the Security Content Automation Protocol (SCAP)?

A

A standardized approach for communicating security-related information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Fill in the blank: The _______ is used to assess the severity of vulnerabilities.

A

Common Vulnerability Scoring System (CVSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the role of vulnerability plug-in feeds?

A

To ensure that scanners are updated with the latest vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is one method to improve the efficiency of vulnerability scans?

A

Disabling unnecessary plug-ins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How can organizations ensure that vulnerability management solutions are effective?

A

By regularly updating the scanner and its vulnerability feeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What should administrators do when configuring vulnerability scans?

A

Conduct regular configuration reviews to match current requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What does the term 'scan sensitivity levels' refer to?
Settings that determine the types of checks performed by the scanner.
26
What is the Security Content Automation Protocol (SCAP)?
An effort led by NIST to create a standardized approach for communicating security-related information ## Footnote SCAP facilitates automation between security components.
27
List the components of SCAP standards.
* Common Configuration Enumeration (CCE) * Common Platform Enumeration (CPE) * Common Vulnerabilities and Exposures (CVE) * Common Vulnerability Scoring System (CVSS) * Extensible Configuration Checklist Description Format (XCCDF) * Open Vulnerability and Assessment Language (OVAL) ## Footnote These components provide standard nomenclature for various aspects of security vulnerabilities.
28
What is the purpose of the Common Vulnerabilities and Exposures (CVE)?
To provide a standard naming system for security-related software flaws ## Footnote The term CVE is often confused with Common Vulnerability Enumeration, an older definition.
29
What types of vulnerability scanners should a cybersecurity toolkit include?
* Network vulnerability scanner * Application scanner * Web application scanner ## Footnote These scanners are essential for preventive scanning and testing.
30
What is the primary function of network vulnerability scanners?
To probe network-connected devices for known vulnerabilities ## Footnote They identify device types and configurations before launching targeted tests.
31
Name a well-known commercial network vulnerability scanner.
Tenable's Nessus ## Footnote Nessus was one of the earliest products in this field.
32
What is the function of application testing tools?
To analyze custom-developed software for common security vulnerabilities ## Footnote They help ensure security during the software development process.
33
What are the three techniques used in application testing?
* Static testing * Dynamic testing * Interactive testing ## Footnote Each technique has its own approach to identifying vulnerabilities.
34
What do web application vulnerability scanners test for?
Web-specific vulnerabilities such as SQL injection, XSS, and CSRF ## Footnote They combine network scans with detailed probing of web applications.
35
What is the purpose of reviewing and interpreting vulnerability scan reports?
To gain detailed information about identified vulnerabilities ## Footnote The reports assist analysts in understanding and addressing vulnerabilities.
36
What does the attack vector metric (AV) describe in CVSS?
How an attacker would exploit a vulnerability ## Footnote It is scored based on the criteria of physical, local, adjacent, or network access.
37
What is the CVSS score range for assessing vulnerability severity?
0 to 10 ## Footnote Higher scores indicate more severe vulnerabilities.
38
What metric describes the difficulty of exploiting a vulnerability in CVSS?
Attack complexity metric (AC) ## Footnote It is scored as high or low based on the conditions required to exploit.
39
What does the privileges required metric (PR) indicate in CVSS?
The type of account access needed to exploit a vulnerability ## Footnote It can be high, low, or none.
40
True or False: The user interaction metric (UI) indicates whether another human's action is needed for exploitation.
True ## Footnote This metric can be categorized as none or required.
41
What does the confidentiality metric (C) in CVSS assess?
The type of information disclosure that might occur ## Footnote It is scored as none, low, or high.
42
What does the integrity metric (I) measure in CVSS?
The type of information alteration that might occur if exploited ## Footnote It is scored similarly to confidentiality.
43
What does the availability metric (A) indicate in CVSS?
The type of disruption that might occur if exploited ## Footnote It is assessed as none, low, or high.
44
What is the scope metric (S) in CVSS?
It describes whether the vulnerability affects resources beyond the managing security authority ## Footnote The metric is categorized as unchanged or changed.
45
What version of CVSS is currently in use?
Version 3.1 ## Footnote This version is a minor update from version 3.0.
46
What is the main difference between a vulnerability that affects resources managed by the same security authority versus one that affects resources beyond that scope?
The first affects only resources managed by the same authority, while the second can impact resources beyond that authority's management.
47
What is the current version of CVSS discussed in the text?
CVSS version 3.1.
48
What does the CVSS vector convey?
It conveys the ratings of a vulnerability across eight metrics.
49
What are the nine components of a CVSS vector?
CVSS version, Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality, Integrity, Availability.
50
What is the score for the Attack Vector rated as 'Network' in the example?
0.85.
51
What is the formula used to calculate the Impact Sub-Score (ISS)?
The ISS summarizes the three impact metrics.
52
How do you calculate the Impact Score when the Scope metric is Unchanged?
Multiply the ISS by 6.42.
53
What is the highest possible CVSS base score?
10.
54
What is a common method to summarize CVSS results?
Using risk categories based on the CVSS Qualitative Severity Rating Scale.
55
What CVSS score range is categorized as 'High' risk?
7.0–8.9.
56
What is a false positive in the context of vulnerability scanning?
When a scanner reports a vulnerability that does not exist.
57
What kind of reports can a vulnerability scanner generate?
Positive reports (true positives or false positives) and negative reports (true negatives or false negatives).
58
In vulnerability verification, what might analysts need to do?
Simulate an exploit or verify that a patch is missing.
59
What should analysts consult alongside vulnerability scan reports?
Log reviews, SIEM systems, and configuration management systems.
60
What is a common alert from a vulnerability scan regarding security patches?
That one or more systems are running an outdated version of an operating system or application.
61
What is the typical solution for unsupported operating systems?
Upgrade to a version that is currently supported.
62
What are examples of weak configuration settings highlighted by vulnerability scans?
* Default settings posing security risks * Default credentials or unsecured accounts * Open service ports * Open permissions violating the principle of least privilege.
63
What security risk is associated with debug modes in applications?
They can provide attackers with detailed information about the application structure.
64
What is an example of an insecure protocol mentioned in the text?
Telnet.
65
What are secure alternatives to Telnet and FTP?
* Secure Shell (SSH) for Telnet * Secure File Transfer Protocol (SFTP) * FTP-Secure (FTPS).
66
What are the two critical choices to make when implementing encryption?
* The algorithm for encryption and decryption * The encryption key to use.
67
What is the consequence of using a weak encryption algorithm?
It may be easily defeated by an attacker.
68
What are the two important choices to make when implementing encryption?
The algorithm to use to perform encryption and decryption, and the encryption key to use with that algorithm.
69
What is the impact of using a weak encryption algorithm?
It may be easily defeated by an attacker.
70
What is penetration testing?
Authorized, legal attempts to defeat an organization's security controls and perform unauthorized activities.
71
What mindset do penetration testers adopt?
The hacker mindset.
72
What is the primary goal of penetration testing?
To gain a complete picture of an organization's security vulnerability.
73
List examples of physical security controls that could be evaluated in a security assessment.
* Security cameras in high-risk areas * Auditing of cash register receipts * Theft detectors at the main entrance/exit * Exit alarms on emergency exits * Burglar alarm wired to detect openings
74
True or False: Penetration testers need to evaluate the effectiveness of every security control.
False.
75
What does a penetration tester need to find to succeed?
One flaw in the existing controls or one scenario that was overlooked.
76
What is the significance of the hacker mindset in penetration testing?
It allows testers to think like a criminal to find vulnerabilities.
77
Why do organizations perform penetration testing despite having security controls?
It provides visibility into the organization's security posture that isn't available by other means.
78
What knowledge does penetration testing provide about an organization's defenses?
Whether an attacker with equivalent skills could penetrate the defenses.
79
What is the presumption of compromise in threat hunting?
The assumption that attackers have already successfully breached an organization.
80
What are the four major categories of penetration testing?
* Physical penetration testing * Offensive penetration testing * Defensive penetration testing * Integrated penetration testing
81
What are the three typical classifications used to describe penetration testing?
* Known environment tests * Unknown environment tests * Partially known environment tests
82
What is a known environment test?
Tests performed with full knowledge of the underlying technology, configurations, and settings of the target.
83
What is an unknown environment test?
Tests intended to replicate what an attacker would encounter, without prior access to information about the environment.
84
What is a partially known environment test?
A blend of known and unknown environment testing, providing some information to testers without full access.
85
What are the key elements of the rules of engagement (RoE) in penetration testing?
* Timeline for the engagement * Locations, systems, applications included or excluded * Data handling requirements * Expected behaviors from the target * Resources committed to the test * Legal concerns * Communication methods
86
What must be obtained before conducting a penetration test?
Appropriate permission in the form of a signed agreement or similar documentation.
87
Fill in the blank: Penetration testing complements and builds on other cybersecurity activities, providing __________ into an organization's security posture.
[knowledge]
88
What do penetration tests provide in terms of remediation?
An important blueprint for remediation if attackers are successful.
89
What do threat hunters search for in an organization's infrastructure?
Artifacts of a successful attack.
90
What is the main goal of threat hunting?
To search for evidence of successful attacks.
91
What is the relationship between penetration testing and threat hunting?
Both adopt the attacker's mindset but have different objectives.
92
What must penetration testers obtain before conducting a test?
Appropriate permission ## Footnote This should be documented in a signed agreement or memo from senior management.
93
What is the purpose of a 'get out of jail free' card in penetration testing?
To provide documentation that helps avoid legal trouble if something goes wrong ## Footnote This document proves that permission was granted by the appropriate authority.
94
What should scoping agreements and rules of engagement define?
The testing limitations and methodologies ## Footnote It should clarify what will be tested and what will not.
95
What is the primary goal of the reconnaissance phase in penetration testing?
To gather information about the target organization ## Footnote This includes both known and unknown-environment tests.
96
What are passive reconnaissance techniques?
Techniques that gather information without directly engaging the target ## Footnote Examples include DNS lookups and web searches.
97
What are active reconnaissance techniques?
Techniques that directly engage the target in intelligence gathering ## Footnote Examples include port scanning and vulnerability scanning.
98
What technique do penetration testers use to identify wireless networks?
War driving ## Footnote This involves driving by facilities to eavesdrop on or connect to wireless networks.
99
What is privilege escalation in penetration testing?
Shifting from initial access to more advanced privileges ## Footnote This may include gaining root access on a system.
100
What is pivoting in the context of a penetration test?
Lateral movement to gain access to other systems on the target network ## Footnote This follows the initial compromise of a system.
101
What do penetration testers do at the conclusion of a test?
Conduct close-out activities, including presenting results and cleaning up traces ## Footnote This involves removing tools and persistence mechanisms.
102
What are the three major components of a security assessment program?
* Security tests * Security assessments * Security audits
103
What is the purpose of security tests?
To verify that a control is functioning properly ## Footnote These tests include automated scans and manual penetration tests.
104
What factors should be considered when scheduling security controls for review?
* Availability of testing resources * Criticality of systems * Sensitivity of information * Likelihood of technical failure * Risk of attack
105
What is a responsible disclosure program?
A program that allows researchers to share information about vulnerabilities with vendors ## Footnote This fosters collaboration for timely identification and remediation of security vulnerabilities.
106
What is the main work product of a security assessment?
An assessment report addressed to management ## Footnote It contains results and recommendations in nontechnical language.
107
What distinguishes security audits from security assessments?
Audits must be performed by independent auditors ## Footnote Audits aim to provide an unbiased view of security controls.
108
What are the three main types of audits?
* Internal audits * External audits * Independent third-party audits
109
What is the role of the chief audit executive (CAE) in internal audits?
To report directly to the president or governing board ## Footnote This ensures independence from the functions they evaluate.
110
Which firms are considered the 'Big Four' for external audits?
* Ernst & Young * Deloitte * PricewaterhouseCoopers (PwC) * KPMG
111
What is the Statement on Standards for Attestation Engagements document 18 (SSAE 18)?
A standard for auditors performing assessments of service organizations ## Footnote It allows organizations to conduct an external assessment instead of multiple third-party audits.
112
What is one common framework for conducting audits?
Control Objectives for Information and related Technologies (COBIT) ## Footnote COBIT outlines common requirements for information systems.
113
What is the first stage in the vulnerability life cycle?
Vulnerability Identification ## Footnote This stage involves becoming aware of vulnerabilities in the environment.
114
What is the first stage of the vulnerability life cycle?
Vulnerability Identification ## Footnote This stage involves becoming aware of vulnerabilities through various sources.
115
Name three sources from which vulnerabilities can be identified.
* Vulnerability scans * Penetration tests * Reports from bug bounty programs
116
What is the purpose of vulnerability analysis?
To confirm the existence of the vulnerability and prioritize it using tools like CVSS and CVE ## Footnote This analysis includes organization-specific details.
117
What does CVSS stand for?
Common Vulnerability Scoring System
118
What is one method cybersecurity professionals can use to respond to a vulnerability?
Apply a patch or other corrective measure ## Footnote Other methods include network segmentation and implementing compensating controls.
119
What is the purpose of validating remediation?
To ensure that the vulnerability is no longer present in the system ## Footnote This is typically done by rescanning the affected system.
120
What does the reporting stage of the vulnerability life cycle involve?
Communicating findings, actions taken, and lessons learned to relevant stakeholders ## Footnote This ensures decision-makers are informed about the organization's security posture.
121
True or False: Vulnerability scanning can only identify issues in applications, not in systems or devices.
False
122
What is the significance of penetration testing?
It places security professionals in the role of attackers to discover security issues ## Footnote Results provide a roadmap for improving security controls.
123
Fill in the blank: When a scan detects a vulnerability that does not exist, it is known as a _______.
false positive
124
What is the goal of threat hunting?
To discover existing compromises within an organization
125
List two types of vulnerability reports.
* False positives * False negatives
126
What is the role of bug bounty programs?
To incentivize vulnerability reporting by providing financial rewards ## Footnote This encourages ethical behavior from hackers.
127
What is one key activity performed during the vulnerability analysis stage?
Prioritizing and categorizing the vulnerability
128
What are the stages of the vulnerability life cycle?
* Vulnerability Identification * Vulnerability Analysis * Vulnerability Response and Remediation * Validation of Remediation * Reporting
129
What do security audits assess?
The adequacy and effectiveness of an organization's security controls ## Footnote Audits can be conducted by internal or third-party auditors.
130
What is one consequence of improper patch management?
It can lead to vulnerabilities that attackers exploit
131
What is the purpose of the Common Vulnerabilities and Exposures (CVE) standard?
To consistently describe vulnerabilities
132
What is one of the first actions taken during penetration testing?
Conduct reconnaissance efforts
133
What does the term 'lateral movement' refer to in penetration testing?
Expanding access to other systems after gaining initial access
134
True or False: Remediation actions can include purchasing insurance.
True