Implementing Vulnerability Scanning Methods

Question 1

International Organization for Standardization(ISO)

Answer 1

Develops many standards and frameworks governing the use of computers, networks, and telecommunications, including ones for information security (27K series) and risk management (31K series).

Question 2

Open Web Application Security Project(OWASP)

Answer 2

A charity and community publishing a number of secure application development resources.

Question 3

Center of Internet Security(CIS)

Answer 3

A not-for-profit organization (founded partly by SANS). It publishes the well-known “Top 20 Critical Security Controls” (or system design recommendations).

Question 4

Payment Card Industry Data Security Standard(PCI DSS)

Answer 4

Information security standard for organizations that process credit or bank card payments.

Question 5

CIS Benchmarks

Answer 5

These best practices are maintained by a group of public and private sector security experts working with organizations to improve their information systems security.

Question 6

Vulnerability Scanner

Answer 6

Hardware or software configured with a list of known weaknesses and exploits and can scan for their presence in a host OS or particular application.

Question 7

Fingerprinting

Answer 7

Identifying the type and version of an operating system (or server application) by analyzing its responses to network scans.

Question 8

Static Analysis

Answer 8

The process of reviewing uncompiled source code either manually or using automated tools.

Question 9

Dynamic Analysis

Answer 9

Software testing that examines code behavior during runtime. It helps identify potential security issues, potential performance issues, and other problems.

Question 10

Fuzzing

Answer 10

A dynamic code analysis technique that involves sending a running application random and unusual input so as to evaluate how the app responds.

Question 11

Reverse Engineering

Answer 11

The process of analyzing the structure of hardware or software to reveal more about how it functions.

Question 12

Configuration Baseline

Answer 12

details the recommended settings for services and policy configuration for a device or software operating in a specific role.

Question 13

Operational Technology(OT)

Answer 13

Communications network designed to implement an industrial control system rather than data networking.

Question 14

Industrial Control Systems(ICSs)

Answer 14

Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function).

Question 15

Human-Machine Interfaces(HMIs)

Answer 15

Input and output controls on a PLC to allow a user to configure and monitor the system.

Question 16

Supervisory Control and Data Acquisition(SCADA)

Answer 16

Type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer.

Question 17

Programmable Logic Controllers(PLCs)

Answer 17

Type of processor designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems.