Information Gathering and Vulnerability Identification

Question 1

• Focuses on security breach and denial of service incidents, providing alerts and incident-handling and avoidance guidelines.
• Also conducts an ongoing public awareness campaign and engages in research aimed at improving security systems.

Answer 1

Computer Emergency Response Team (CERT)

Question 2

Database contains a list of publicly known cybersecurity vulnerabilities associated with software in general instead of a specific product.

Answer 2

Common Weakness Enumeration (CWE)

Question 3

Website has a database of publicly known vulnerabilities for various OS (i.e. Windows, Mac, Linux)

Answer 3

Common Vulnerabilities and Exposures (CVE)

Question 4

Database contains information about known attack patterns used to exploit weaknesses, including physical security vulnerabilities.

Answer 4

The Common Attack Pattern Enumeration and Classification (CAPEC)

Question 5

Website provides a summary of current security vulnerabilities ranked by their severity

Answer 5

National Vulnerability Database (NVD)

Question 6

Tool used on a wireless network to capture the authentication handshake

Answer 6

AiroDump-ng

Question 7

• A utility that you can use to gather metadata from an organization’s documents, such as Word, PowerPoint, OpenOffice, and Adobe Reader files
• Searches popular search engines, such as Google and Bing, for these files and extracts any metadata they may contain

Answer 7

Fingerprinting Organizations with Collected Archives (FOCA)

Question 8

An open source research source that is published by the same organization that produces the nmap utility

Answer 8

Full Disclosure