Endpoint Vulnerability Flashcards
In profiling a server, what defines what an application is allowed to do or run on a server?
Service Accounts
Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability?
Impact
Which statement describes the threat-vulnerability (T-V) pairing?
It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.
When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?
Service Account
What are the steps in the vulnerability management life cycle?
Discover, prioritize assets, assess, report, remediate, verify
Which security management function is concerned with the inventory and control of hardware and software configurations of systems?
Configuration Management
In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?
Risk Reduction
Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
Discover
What are the core functions of the NIST Cybersecurity Framework?
Identify, protect, detect, respond, recover
Which security management function is concerned with the implementation of systems that track the location and configuration of networked devices and software across an enterprise?
Asset Management
When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?
Session Duration
Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
Exploitability
