Lesson 5: Analyzing Vulnerability Scans

Question 1

dpkg -l | grep chkrootkit is used to

Answer 1

find if the chkrootkit file is installed on the system.

Question 2

locate chkrootkit is used to

Answer 2

find the chkrootkit file.

Question 3

echo $PATH is used to check if the /usr/sbin:

Answer 3

path is known to the command interpreter.

Question 4

chkrootkit is used to

Answer 4

detect rootkits.

Question 5

The Common Vulnerability Scoring System (CVSS) is an industry-standard for

Answer 5

assessing the severity of security vulnerabilities. It provides a technique for scoring each vulnerability on a variety of measures.

Question 6

The attack vector metric describes how an attacker would exploit the vulnerability there are 4 of them?

Answer 6

Physical (P)
Local (L)
Adjacent Network (A)
Network (N)

Question 7

The attack complexity metric describes

Answer 7

the difficulty of exploiting the vulnerability

Question 8

The privileges required metric describes the type of

Answer 8

account access that an attacker would need to exploit a vulnerability

Question 9

The user interaction metric describes whether the attacker needs to

Answer 9

involve another human in the attack

Question 10

The confidentiality metric describes the type of

Answer 10

information disclosure that might occur if an attacker successfully exploits the vulnerability

Question 11

The integrity metric describes the type of

Answer 11

information alteration that might occur if an attacker successfully exploits the vulnerability.

Question 12

When a scanner reports a vulnerability that does not exist, this is known as a

Answer 12

false positive error.

Question 13

When a vulnerability scanner reports a vulnerability, this is known as a positive report. This report may either be an accurate

Answer 13

(true positive report) or inaccurate (a false positive report).

Question 14

When a scanner reports that a vulnerability is not present, this is know as a

Answer 14

negative report.

Question 15

Buffer overflow: when an attacker manipulates a program into placing

Answer 15

more data into an area of memory than is allocated for that program’s use.

Question 16

The goal of Buffer Overflow is to overwrite other information in memory with

Answer 16

instructions that may be executed by a different process running on the system.

Question 17

Privilege escalation attacks exploit vulnerabilities that allow the

Answer 17

transformation of a normal user account into a more privileged account, such as the root superuser account.

Question 18

Rootkits are hacking tools designed to automate

Answer 18

privilege escalation attacks.

Question 19

Remote code execution allows the attacker to exploit the vulnerabilities over

Answer 19

a network connection without having physical or logical access to the target system.

Question 20

Insecure Protocol Use

Answer 20

THIS IS WHERE YOU STOPPED

Question 21

When an attacker has access to a single virtual host and then manages to leverage that access to intrude on resources assigned to a different virtual machine.

Answer 21

VM escape attack

Question 22

When an attacker embeds scripting commands on a website that will later be executed by an unsuspecting visitor accessing the site.

Answer 22

Cross-site scripting (XSS) attack