Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

-- > Domain 6 - Security Assessment > Flashcards

Domain 6 - Security Assessment Flashcards

1
Q

Three components of a security testing program

A
  1. Security tests: such as automated scans, and tool assisted penetrtion testing
  2. Security assessments:
  3. Security audits:
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Categories of vulnerability scans

A
  1. Network discovery scans
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

network discovery scanning

A

Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Network vulnerability

A

Nessus, Qualys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Web Vulnerability

A

Nessus, Wapti

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Database vulnerability scanning

A

SQLMap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerability Management Workflow

A
  1. Detection: initial identification
  2. Validation: admins confirm a detected vulnerability is not a false positive
  3. Remediation: such as applying a vendor supplied security patch.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Penetration Test Process

A
  1. Planning: includes scoping the engagment, and defining the rules of the engagement
  2. Information gathering and discovery: Uses manual and automated tools to collect information about the targeted environment. This includes basic reconnaissance to determine system function, conduct network discovery tests.
  3. Vulnerability scanning: perform vulnerability scan
  4. Exploitation: Look to defeat security
  5. Reporitng: Summarise results of the test and make recommendations for improvements to system security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

White box testing

A

Bypasses many of the reconnaissance steps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Grey box testing

A

Commonly used when black box results are desired but costs or time constraints mean that ome knowledge is needed to complete the testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Black box testing

A

Does not provide attackers with any information prior to attack, other than publically available information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Fuzz Testing

A

Provides many different types of input to stress test and find previously undetected flaws. Supplies invalid input,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Mutation (dumb) Fuzzing

A

Takes previous input values and mutates it to create fuzzed input. Such as alter the characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Generational (smart) fuzzing

A

Develops data models, and creates new fuzzed input based on an understanding of the types of data used by the programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Limitations of fuzz testing

A

Does test full code, and limited to detecting simple vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Test Coverage

A

Number of use cases tested / total number of use cases

17
Q

Attack methodology

A
  1. Reconnaissance: whois database, company website
  2. Footprinting: all about learning the network, including NMap scans for mapping the network
  3. Fingerprinting: identifying host information, port scanning
  4. Vulnerability assessment: identifying weakness in system configuration
  5. Attack: Penetration, including privilege escalation and rootkits.
18
Q

Port state

A

Open: an application is actively accepting connections on that port.
Closed: Port is accessible, meaning firewall is granting access, but no application is accepting connections on that port.
Filtered: Nmap is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt.

19
Q

Penetration Test Output

A

Should determine effectiveness of safeguards and identify areas of improvment, not recommendatons.

20
Q

IDS

A

Needs an interface in ‘promiscuous mode’. Port mirroring/span needs to be enabled to view traffic on a switch.

21
Q

Where should you put a NIDS

A

In the DMZ, behind the firewall and router.

22
Q

Disadvantages of NIDS

A
  1. Data must be unencrypted
  2. if only on the perimeter, it can miss things on the inside
  3. It does not see what’s going on a server directly.
23
Q

Profile Matching

A

Create baseline, and look for changes in “normal” behaviour. The anamoly based system will then look for traffic types and volume that is outside of the normal behaviour.

24
Q

Attacks to bypass IDS

A
  • Evasion attack: many small attacks from different directions
  • Insertion attack (for signature based system): adding meaningless information (without modifying the payload) to a known attack.
25
Q

Disadvantages of profile matching

A
  • Lots of false positives

- Requires a much more skilled analyst

26
Q

Entrapment

A

When someone is persuaded to commit a crime they had no intention to commit and is then charged with it.

  • Openly advertising sensitive data and then charging people when they access them.
  • Entrapment is a solid legal defense.
27
Q

Enticement

A
  • Making committing a crime more enticing, but the person has already broken the law or at least has decided to do so. Honeypots can be a good way to use Enticement.
  • Have open ports or services on a server that can be attacked.
  • Enticement is not a valid defense.
28
Q

Padded cell

A

Similar to honeynet, a fake environment that the IPS transfers you to

-- (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions