Domain 6: (Security Assessment and Testing) Flashcards
What are some tools of security assessment and testing programs for validating security controls?
Vulnerability Assessments
Penetration tests, Software testing
Audits
Security Management Tasks
What uses automated tools to search for known vulnerabilities in systems, apps, and networks?
Vulnerability Assessments
What uses the same tools as vulnerability assessment systems but supplements them with attack techniques where an assessor attempts to exploit vulnerabilities and gain access to the sys.
Penetration Tests
What are some penetration testing strategies?
War Dialing
Sniffing
Eavesdropping
Dumpster Diving
Social Engineering
What describes techniques to verify that code functions as designed and does not contain security flaws?
Software Testing
What uses a peer review process to formally or informally validate code before deploying it in production?
Code Review
What assesses the interactions between components and users with API testing, user interface testing, and physical interface testing?
Interface Testing
What technique includes code reviews, and evaluates the security of software without running it by analyzing either the source code or the compiled app?
Static Software Testing
What technique evaluates the security of software in a runtime environment and is often the only option for orgs deploying apps written by someone else?
Dynamic Software Testing
What uses modified inputs to test software performance, modifies known inputs to generate synthetic inputs that may trigger unexpected behavior, and develops inputs based on models of expected inputs to perform same tasks?
Fuzzing
What are some security management oversight techniques?
Log Reviews
Account Management Reviews
Backup Verification
Key Performance and Risk Indicators