Domain 1.5 - Explain vulnerability scanning concepts. Flashcards

1
Q

Intrusive testing

A

Involve actually trying to break into the network. Does not take up a lot of resources. (vulnerability scan)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Non-Intrusive tests

A

Involves passively testing of security controls—performing vulnerability scans and probing for weaknesses but not exploiting them. Takes a lot of resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a vulnerability Scan?

A

Vulnerability scan is a passive attempt to identify weaknesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Nessus?

A

A popular vulnerability Scanning software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Credentialed or authenticated scan

A

Uses actual network credentials to connect to systems and scan for vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Non-credentialed Or Unauthenticated scan

A

Although unauthenticated scans will show weaknesses in your perimeter, it will not show you what the attacker will exploit once breaching your perimeter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Benefits of unauthenticated scanning

A

– Not disrupting operations or consuming too many resources
– Definitive list of missing patches
– Client-side software vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

False positive

A

Occurs when the scan mistakenly identifies something as a vulnerability when it is not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following types of vulnerability scans uses actual network authentication to connect to systems and scan for vulnerabilities?

A. Credentialed
B. Validated
C. Endorsed
D. Confirmed

A

A. Credentialed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

False Negative

A

when a scan does not reveal a vulnerability that is there.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly