Impact Associated With Vulnerabilities Flashcards

1
Q

The behavior of software, electronic or another system’s output is dependent on the timing, sequence of events or a factor out of the users control

A

Race conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Race condition vulnerability

No longer receives updates and at a high risk to compromise

A

End of life systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Race condition vulnerability

Programs added for automation and/or monitoring and can allow for malicious programs to gain access through the added programs.

A

Embedded systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Race condition vulnerability

Vendor does not support the product: does not update, improve, or protect the product

A

Lack of vendor support

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The system does not properly validate data, allows for an attacker to create an input that is not expected – allows for parts of the system vulnerable to unintended data.

A

Improper input handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Error message display sensitive or private information that give the user too much data.

A

Improper error handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Uses the unsecure out-of-box settings

A

Default config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A denial of service occurs, the amount of resources to execute an action are expended, making it unable for the action to be performed.

A

Resource exhaustion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Users are not properly informed on how to use the systems and that means that mistakes will more likely occur and that the system’s resources may be abused

A

Untrained users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Users should only be allowed to access the parts that they need to complete their work

A

Improperly configured accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

All tasks, procedures and functions should be properly assessed and the most valuable and vulnerable should be heavily protected

A

Vulnerable business processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Uses older or less robust cryptographic algorithms – DES, WEP

A

Weak cipher suites and implementations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Memory/Buffer Vulnerability

Leaves system unresponsive

A

Memory leak

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Memory/Buffer Vulnerability

Large integer exceeds data storage capacity

A

Integer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Memory/Buffer Vulnerability

Too much data for the computer’s memory to buffer

A

Buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Memory/Buffer Vulnerability

Failed deference can cause memory corruption and the application to crash

A

Pointer dereference

17
Q

Memory/Buffer Vulnerability

Allows for the running of outside code

A

DLL injection

18
Q

: Lack of internal inventory and allowing unsecure devices and
systems to connect to the network.

A

System sprawl/undocumented assets

19
Q

An insecure and poorly designed network. Ex. Not segmenting the
systems or internal network.

A

Architecture/design weakness

20
Q

A zero-day threat, is a flaw that is unknown to the teams patching and fixing
flaws.

A

New threats/zero day

21
Q

Allowing for unauthorized access to certificates and keys,
which allows for sensitive data to be decrypted. And allowing for certificates to expire.

A

. Improper certificate and key management: