COMPTIA SECURITY + WEEK 3 CHAPTER 5 & 6 Flashcards
What is the main focus of Domain 4.0 in the CompTIA Security+ exam?
Security Operations
List the identification methods associated with vulnerability management.
- Vulnerability scan
- Penetration testing
- Responsible disclosure program
- Bug bounty program
- System/process audit
What does the Common Vulnerability Scoring System (CVSS) do?
It provides a standardized method for rating the severity of vulnerabilities.
What are the key components of vulnerability response and remediation?
- Patching
- Insurance
- Segmentation
- Compensating controls
- Exceptions and exemptions
What is included in the validation of remediation?
- Rescanning
- Audit
- Verification
What tools are used for security alerting and monitoring?
- Security Content Automation Protocol (SCAP)
- Vulnerability scanners
What is the purpose of threat hunting?
To proactively search for and identify potential security threats.
What are the types and purposes of audits and assessments?
- Attestation
- Internal (Compliance, Audit committee, Self-assessments)
- External (Regulatory, Examinations, Assessment, Independent third-party audit)
What role do vulnerability management programs play?
They identify, prioritize, and remediate vulnerabilities in environments.
What factors influence the determination of scan frequency?
- Organization’s risk appetite
- Regulatory requirements
- Technical constraints
- Business constraints
- Licensing limitations
What is the significance of asset inventory in vulnerability management?
It helps guide decisions about scan types, frequency, and prioritization of remediation.
What is the difference between credentialed and noncredentialed scanning?
Credentialed scanning uses login credentials to access and verify configurations, while noncredentialed scanning does not.
True or False: Credentialed scans can make changes to the target server.
False
What is a potential issue with intrusive plug-ins during vulnerability scanning?
They may disrupt activity on a production system or damage content.
What are the benefits of using agent-based scanning?
- Provides an ‘inside-out’ view of vulnerabilities
- Conducts scans of server configurations
What is the purpose of conducting scans from various perspectives?
To provide different views into vulnerabilities from multiple network locations.
What should administrators regularly maintain in vulnerability management solutions?
The scanning software and vulnerability feeds.
What is the Security Content Automation Protocol (SCAP)?
A standardized approach for communicating security-related information.
Fill in the blank: The _______ is used to assess the severity of vulnerabilities.
Common Vulnerability Scoring System (CVSS)
What is the role of vulnerability plug-in feeds?
To ensure that scanners are updated with the latest vulnerabilities.
What is one method to improve the efficiency of vulnerability scans?
Disabling unnecessary plug-ins.
How can organizations ensure that vulnerability management solutions are effective?
By regularly updating the scanner and its vulnerability feeds.
What should administrators do when configuring vulnerability scans?
Conduct regular configuration reviews to match current requirements.