Lesson 8: Explain Vulnerability Management Flashcards

1
Q

Define ‘Vulnerability management’

A

Identifying/reporting, evaluating, and remediating, security vulnerabilities in OSs, applications, and other components of IT operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define ‘Vulnerability scanning’

A

Utilized to identify potential weaknesses in an organization’s digital assets automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define a ‘Vulnerability’

A

Flaws in the operating system’s design, errors in code, or insecure default settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are typical vulnerabilities found in Microsoft Windows OS’?

A

Buffer overflows, lack of input validation, and privilege flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are typical vulnerabilities found in Mac OS?

A

Weak access controls, insecure boot processes, and third-party software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are typical vulnerabilities found in Linux OS?

A

Kernel vulnerabilities, misconfigurations, and unpatched systems are common issues in Linux.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define a ‘Legacy and End-of-Life (EOL) System’

A

The manufacturer or vendor no longer supports EOL systems, so they do not receive updates, including critical security patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the difference between a ‘legacy system’ and an ‘‘End-of-life system’?

A

Legacy systems typically describe outdated software methods, technology, computer systems, or application programs that continue to be used despite their shortcomings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define ‘firmware’

A

Software that controls hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define ‘VM escape’

A

An attacker with access to a VM breaks out of its isolated environment and gains access to the host system or other VMs running on the same host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define a ‘Zero-day vulnerability’

A

Previously unknown software or hardware flaws that attackers can exploit before developers or vendors become aware of or have a chance to fix them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define ‘responsible disclosure’

A

A procedure followed by ethical hackers after a zero day is found, to privately inform the vendor so a patch can be developed before the vulnerability is publicly disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can misconfiguration of infrastructure lead to vulnerabilities?

A

Unauthorized access, data leaks, or even full-system compromises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the most common form of misconfiguration?

A

Leaving default configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can troubleshooting lead to vulnerabilities?

A

Disabling security features or loosening access controls to help isolate a problem without changing back to secure configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define a ‘Cryptographic vulnerability’

A

Weaknesses in cryptographic systems, protocols, or algorithms that can be exploited to compromise data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define ‘Rooting’

A

Gaining superuser-level access over an Android-based mobile device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define ‘Jailbreaking’

A

Describes gaining full access to an iOS device by removing the limitations imposed by Apple’s iOS operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define ‘Sideloading’

A

Installing applications from sources other than the official app store of the platform

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How can an organization prevent rooting/jailbreaking/sideloading?

A

By disabling access to unverified app stores or installing apps from unofficial sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Define an ‘Application race condition’ vulnerability

A

Software flaws associated with the timing or order of events within a software program, which can be manipulated, causing undesirable or unpredictable outcomes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the outcome of an Application race condition vulnerability?

A

Data corruption or unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define a ‘time-of-check to time-of-use (TOCTOU)’ vulnerability

A

Type of application race condition; A system state changes between the time an app performs the check (verification) stage and the use (execution) stage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Define a ‘memory injection’ vulnerability

A

Type of security flaw where an attacker can introduce (inject) malicious code into a running application’s process memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is a direct outcome of an attacker exploiting a memory injection vulnerability?

A

Threat actor can run malicious code with the same privilege level as the vulnerable process that can lead to full system compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the desired goal of a threat actor once a memory injection is successful?

A

To provide unauthorized access or control over the system; Install malware, exfiltrate sensitive data, or create a backdoor for future access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What contorts are used to mitigate memory injection vulnerabilities?

A

Secure coding practices; Input/output validation, encoding, type-casting, access controls, application testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Define a ‘buffer’

A

An area of memory that the application reserves to store expected data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Define a ‘buffer overflow’ vulnerability

A

A form of memory injection; An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

How does a threat actor perform a buffer overflow attack?

A

The attacker passes data that deliberately overfills the buffer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What does a buffer overflow allow an attacker to do?

A

Change the return address, allowing the attacker to run arbitrary code on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What 3 controls have been developed to mitigate buffer overflow vulnerabilities?

A
  1. Address space layout randomization (ASLR)
  2. Data Execution Prevention (DEP)
  3. Type-safe programming languages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Define a ‘Type-safe programming language’

A

Program that enforces strict type-checking during compilation and ensures variables and data are used correctly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the purpose of using a type-safe programming language?

A

Prevents memory-related vulnerabilities and injection attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Define a ‘Malicious update’

A

An update that appears legitimate but contains harmful code; A vulnerability in software repository or supply chain that a threat actor can exploit to add malicious code to a package.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Define an ‘evaluation scope’

A

The product, system, or service being analyzed for potential security vulnerabilities or the intended target or an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Define a distinct different between a web application attack and other attacks

A

Must navigate the client-server model; Requiring the attacker to bypass network and application-level security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Define a ‘cross-site scripting (XSS)’ attack

A

A malicious script injected into a web site designed to compromise clients browsing the site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Define a ‘nonpersistent cross-site scripting (XSS)’ attack

A

The malicious script is obfuscated in a spoofed URL that reflects back to the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Define a ‘stored/persistent cross-site scripting (XSS)’ attack

A

The script is injected and permanently stored on the target servers, such as in a database or content management system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Define a ‘Document Object Model (DOM) cross-site scripting (XSS)’ attack

A

Attacker injects malicious script into a JavaScript Document Object Model (DOM) to execute their attack solely on the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the difference between an overflow attack and an injection attack?

A

Overflow attack works against the way a process performs memory management while an injection attack exploits some unsecure way in which the application processes requests and queries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Define a ‘SQL injection’ attack

A

Injection of a malicious/unauthorized SQL query via the input data from a client to the application/server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Define a ‘side-channel’ attack

A

Attacker observes the implementation and operation of a system, looking for information to use to exploit the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

How can cloud services be manipulated by an attacker?

A

Setup fake websites on cloud services for phishing and malware distribution; Cryptojacking cloud resources for cryptomining.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Define a ‘cloud access security broker (CASB)’

A

Enterprise management software designed to manage, mediate, and monitor access to cloud services by users across all types of devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What are the 3 methods of implementing a cloud access security broker (CASB)?

A
  1. Forward proxy
  2. Reverse proxy
  3. Application programming interface (API)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Define a forward proxy cloud access security broker (CASB)

A

Requires configuration of users’ devices; Inspects all traffic in real time, even if that traffic is not bound for sanctioned cloud applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Define a reverse proxy cloud access security broker (CASB)

A

Positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with a policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Define an Application programming interface (API) cloud access security broker (CASB)

A

Brokers connections between the cloud service and the cloud consumer rather than placing a CASB appliance or host inline with cloud consumers and the cloud services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Define a ‘software bill of materials (SBOM)’

A

Inventory containing details like component names, versions, and information about the suppliers in a software product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is the purpose of a software bill of materials (SBOM)?

A

Provide transparency and visibility into the software supply chain and potential vulnerabilities; Enables developers, security teams, and end users to understand the functional components of their software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is the role of a software bill of materials (SBOM) after a vulnerability has been discolsed?

A

Supports rapid response and remediation; Security teams can quickly determine whether their software is affected by a disclosed vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Define a software dependency check

A

A Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What is the purpose of utilizing a software dependency check?

A

Detecting outdated or vulnerable components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Define a ‘HTTP referrer’

A

Indicates the URL that forwarded a request to the target URL.

57
Q

What is a ‘network vulnerability scanner’

A

Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a client PC, Server, application, or network device.

58
Q

Define a ‘non-credentialed scan’

A

A scan that uses fewer permissions and many times can only find missing patches or updates.

59
Q

What is the purpose of a non-credentialed scan?

A

Appropriate technique for external assessment of the network perimeter or when performing web application scanning to mimic view of an unprivileged attacker with limited network access.

60
Q

What are typical findings from a non-credentialed scan?

A

Default passwords for service accounts and device management interfaces.

61
Q

Define a ‘credentialed’ scan

A

A scan that uses credentials with some form of privileged access to allow for a more in-depth analysis, especially in detecting when applications or security settings may be misconfigured.

62
Q

What is the purpose of a credentialed scan?

A

Shows what an insider attack, or an attack with a compromised user account, may be able to achieve.

63
Q

Define an ‘application vulnerability scanning’

A

Designed to identify issues with application code and platform configuration, including web servers and web applications.

64
Q

Define ‘static analysis’

A

Reviewing application code without executing it; Either manually or using automated tools.

65
Q

Define ‘dynamic analysis’

A

Testing running applications; Examines code behavior during runtime.

66
Q

What can be discovered through dynamic analysis?

A

Unvalidated inputs/outputs, broken access controls, and injection vulnerabilities.

67
Q

Define ‘package monitoring’

A

Techniques and tools designed to mitigate risks from application vulnerabilities in third-party code, such as libraries and dependencies.

68
Q

What is the role of package monitoring in vulnerability management?

A

Tracks and assesses the security of third-party software packages, libraries, and dependencies used within an organization.

69
Q

What mechanism is used to achieve package monitoring at an enterprise level?

A

Automated software composition analysis (SCA).

70
Q

Define ‘Automated software composition analysis (SCA)’

A

Identifies outdated packages or packages with known vulnerabilities and suggests updates or replacements.

71
Q

Define a ‘threat feed’

A

Aggregate data from various real-time sources, are integrated into vulnerability scanning tools to improve their detection capabilities.

72
Q

Define ‘Tactics, Techniques, and Procedures (TTPs)’

A

Term to describe the behaviors, processes, actions, and strategies used by a threat actor to develop threats and engage in cyberattacks.

73
Q

What data does a threat feed contain?

A

Signatures and pattern-matching rules; Latest vulnerabilities, exploits, and threat actors.

74
Q

What are the most common threat feeds?

A

AlienVault’s Open Threat Exchange (OTX), IBM’s X-Force Exchange, and Recorded Future.

75
Q

Define ‘cyber threat intelligence (CTI)’

A

Process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources.

76
Q

What are the 3 types of cyber threat intelligence (CTI)?

A
  1. Behavioral Threat Research
  2. Reputational threat intelligence
  3. Threat Data
77
Q

Define ‘Behavioral Threat Research’

A

Commentary describing examples of attacks and TTPs gathered through primary research sources.

78
Q

Define ‘Reputational threat intelligence’

A

Blocklists of known threat sources, such as malware signatures, IP address ranges, and DNS domains.

79
Q

Define ‘Threat Data’

A

Data from networks and logs that can correlate events with known TTPs, Behavioral threat research, and reputation threat intelligence.

80
Q

What can cyber threat intelligence (CTI) be coupled with to produce actionable intelligence?

A

All 3 types of CTI aggregated into a Security Information Event Management (SIEM).

81
Q

Define a ‘proprietary treat feed’

A

Threat research and CTI data is available as a paid subscription to a commercial threat intelligence platform.

82
Q

Define ‘Open-source intelligence (OSINT)’

A

Publicly available information plus the tools used to aggregate and search it.

83
Q

What is the function of Open-source intelligence (OSINT)?

A

Used to identify vulnerabilities and threat information by gathering data from many sources such as blogs, forums, social media platforms, and even the dark web.

84
Q

Define ‘Shodan’

A

OSINT tool for investigating Internet-connected devices.

85
Q

Define ‘Maltego’

A

OSINT tool for visualizing complex networks of information.

86
Q

Define ‘Recon-ng’

A

OSINT tool or web-based reconnaissance activities.

87
Q

Define ‘theHarvester’

A

OSINT tool for gathering emails, subdomains, hosts, and employee names from different public sources.

88
Q

Define the ‘deep web’

A

Any part of the World Wide Web that is not indexed by a search engine.

89
Q

What are parts of the deep web?

A

Dark net, Dark web.

90
Q

Define the ‘dark net’

A

Network established as an overlay to Internet infrastructure by software.

91
Q

What is the purpose of the dark net?

A

Acts to anonymize usage and prevent a third party from knowing about the existence of the network or analyzing any activity taking place over the network.

92
Q

What are examples of dark net software?

A

Onion Router (TOR), Freenet, or I2P.

93
Q

Define ‘onion routing/onion router(TOR(‘

A

Uses multiple layers of encryption and relays between nodes to achieve this anonymity.

94
Q

Define the ‘dark web’

A

Sites, content, and services accessible only over a dark net.

95
Q

What are benefits of the dark web?

A

Privacy and anonymity, access to censored information, and research/information sharing.

96
Q

Define ‘penetration testing’

A

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system.

97
Q

What is the purpose of a pen test?

A

To verify that a threat exists; Will actively test and bypass security controls, and will finally exploit vulnerabilities on the system.

98
Q

What is the difference between penetration testing and vulnerability scanning?

A

Penetration testing involves human ingenuity and creativity, manipulating an application’s functionality to perform actions in ways not intended by its developers, leading to exploitation.

99
Q

Define ‘Unknown environment (previously known as black box) testing’

A

When the consultant/attacker has no privileged information about the network and its security systems; Requires the consultant/attacker to perform an extensive reconnaissance phase.

100
Q

What is the purpose of black box testing?

A

Useful for simulating the behavior of an external threat.

101
Q

Define ‘Known environment (previously known as white box) testing’

A

The consultant/attacker has complete access to information about the network.

102
Q

What is the purpose of white box testing?

A

Useful for simulating the behavior of a privileged insider threat.

103
Q

Define ‘Partially known environment (previously known as gray box) testing’

A

When the consultant/attacker has some information; Requires partial reconnaissance.

104
Q

Define a ‘Bug bounty’

A

Reward scheme operated by software and web services vendors for reporting vulnerabilities.

105
Q

Define an ‘audit’

A

Comprehensive reviews/assessment of security controls, policies, and procedures designed to ensure an organization’s security posture aligns with established standards and best practices.

106
Q

Define a ‘compliance audit’

A

Assess adherence to regulations; Examining areas like network security, access controls, and data protection measures.

107
Q

Define ‘Payment Card Industry Data Security Standard (PCI DSS)’

A

Information security standard for organizations that process credit or bank card payments.

108
Q

Define ‘Vulnerability analysis’

A

Evaluating vulnerabilities for their potential impact and exploitability; Considering ease of exploitation, the potential damage from a successful exploit, the value of the vulnerable asset, and the current threat landscape.

109
Q

Define ‘remediation’

A

The process of identifying and addressing cyber threats with to mitigate their potential risk.

110
Q

Define ‘mitigation’

A

Applying patches, changing configurations, updating software, or replacing vulnerable systems.

111
Q

Define a ‘Compensating control’

A

Measures put in place to mitigate the risk of a vulnerability when security teams cannot directly eliminate it or when direct remediation is not immediately possible.

112
Q

Define the purpose of the ‘Security Content Automation Protocol (SCAP)’

A

Enables automated vulnerability management, and policy compliance evaluation of systems deployed in an organization.

113
Q

What is the function of the Security Content Automation Protocol (SCAP)?

A

Defines ways to compare the live configuration of a system to a target-secure baseline.

114
Q

Define a ‘Common Vulnerabilities and Exposures (CVE)’

A

A scheme for identifying vulnerabilities developed by MITRE and adopted by NIST.

115
Q

How is a CVE identified?

A

CVE-(year vulnerability was discovered-(order the vulnerability was discovered in the given year); CVE-YYYY-####

116
Q

Define the ‘Common Vulnerability Scoring System (CVSS)’

A

Quantifies vulnerability data and then takes into account the degree of risk to different types of systems or information.

117
Q

What is the scale of the Common Vulnerability Scoring System (CVSS)?

A

CVSS metrics generate a score from 0 to 10 based on the characteristics of the vulnerability.

118
Q

What characteristics are used to determine the Common Vulnerability Scoring System (CVSS) of a Common Vulnerabilities and Exposures (CVE)?

A

whether it can be triggered remotely or needs local access, whether user intervention is required, privileged access, and so on.

119
Q

Define a ‘false positive’

A

An instance where a scanner or another assessment tool incorrectly identifies a vulnerability.

120
Q

Define a ‘false negative’

A

A vulnerability that is not reported when it should be; Potential vulnerabilities that go undetected in a scan.

121
Q

How can false negatives be avoided?

A

By running repeat scans periodically and employing scanners from different vendors.

122
Q

How does vulnerability analysis support ‘prioritization’ of an organizations security strategy?

A

By identifying the most critical vulnerabilities that pose the most significant risk to an organization helps an organization focus limited resources on addressing the most significant threats first.

123
Q

What is ‘prioritization’ in an organizations security strategy based on?

A

Common Vulnerability Scoring System (CVSS); Factors such as the vulnerability severity, the ease of exploitation, and the potential impact of an attack.

124
Q

How does vulnerability analysis support the ‘classification’ of an organizations security strategy?

A

Categorizing vulnerabilities based on their characteristics, to help clarify the scope and nature of an organization’s threats.

125
Q

Define ‘Exposure factor (EF)’

A

In risk calculation, represents the extent to which an asset is susceptible to being compromised or impacted by a specific vulnerability.

126
Q

How does vulnerability analysis support the ‘Exposure Factor’ of an organizations security strategy?

A

Helps assess the potential impact or loss that could occur if the vulnerability is exploited.

127
Q

What is the ‘Exposure Factor’ in an organizations security strategy based on?

A

The likelihood of a vulnerability being exploited and directly impact its overall risk level; Weak authentication mechanisms, inadequate network segmentation, or insufficient access control methods.

128
Q

Define ‘vulnerability impact’

A

The potential organizational impact of vulnerabilities; Financial loss, reputational damage, operational disruption, or regulatory penalties.

129
Q

Define the role of ‘vulnerability impact’ in an organizations security strategy

A

Crucial for making informed decisions about risk mitigation and disaster recovery.

130
Q

Define an ‘environmental variables’

A

The organization’s IT infrastructure and assets; Hardware, software, networks, and systems in use.

131
Q

What are external environmental variables?

A

External threat landscape based on industry; Regulatory and compliance.

132
Q

Define ‘Risk tolerance’

A

The level of risk an organization is willing to accept.

133
Q

What does vulnerability response and remediation practices encompass?

A

Patching, insurance, segmentation, compensating controls, exceptions, and exemptions.

134
Q

What are typical forms of compensating controls?

A

Additional monitoring, secondary authentication mechanisms, or enhanced encryption.

135
Q

Define ‘remediation validation’ and its purpose

A

Ensures that the remediation actions have been implemented correctly and function as intended.

136
Q

When examining the website for potential XSS and SQLi vulnerabilities, what are common indicators a cybersecurity analyst should look for?

A

Input fields that do not sanitize user input and error messages that disclose database information.

137
Q

What issue poses the highest risk related to unauthorized data access in cloud-hosted applications?

A

Misconfigured cloud storage access controls.

138
Q

Based on common operating system vulnerabilities what has insufficient or missing data validation mechanisms that lead to the system interpreting unintended command execution?

A

Buffer overflow.

139
Q

When leveraging dependency analysis and SBOM tools in a software development environment, which key factors should the security team prioritize to address potential vulnerabilities more efficiently?

A

Recognizing outdated software dependencies and Identifying undisclosed open-source components.