Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH V11 > MOD5: Vulnerability Analysis > Flashcards

MOD5: Vulnerability Analysis Flashcards

1
Q

Vulnerabilities are classified based on:

a) severity level (high, medium, low)
b) exploit range (local or remote)
c) all of the above

A

c) all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When will an administrator need vulnerability research?

a) to gather info regarding trends, threats, attack surfaces, attack vendors, techniques
b) gather info to aid in prevention of security issues
c) to know how to recover from a network attack
d) to discover weaknesses in the OS and applications and alert the network administrator before a network attack
e) all of the above

A

e) all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is vulnerability assessment?

A

An in-depth examination of the ability of a system or application, including security procedures and controls, to withstand the exploitation.
It recognizes, measure and classifies security vulnerabilities in a computer system, network and communication channels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of info can be obtained from a vulnerability scanner?

a) network vulnerabilities
b) open ports and running services
c) application and services vulnerabilities
d) application and services configuration errors
e) all of the above

A

e) all of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Vulnerability-Management life cycle?

A
  1. Identify Assets and create a baseline
  2. Vulnerability scan
  3. Risk Assessment
  4. Remediation
  5. Verification
  6. Monitor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What can vulnerabilities be classified under?

A
  1. Misconfiguration
  2. Default installations
  3. Buffer overflows
  4. Unpatched servers
  5. Design Flaws
  6. OS flaws
  7. Application flaws
  8. Open services
  9. Default passwords
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What types of vulnerability assessments are there?

A
  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Uses a network scanner to find hosts, services and vulnerabilities is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Active Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Scans the internal infrastructure to discover exploits an vulnerabilities is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Internal Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Determines possible network security attacks that may occur on the organization’s system is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Network-based Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Used to sniff the network traffic to discover present active systems, network services, applications, and vulnerabilities present is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Passive Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Focuses on testing databases, such as MYSQL, MSSQL, ORACLE, POSTGRESQL, etc., for the presence of data exposure or injection type vulnerabilities is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Database assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Assess the network form a hacker’s perspective to discover exploits and vulnerabilities that are accessible to the outside world, is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. External Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Conducts a configuration-level check to identify system configurations, user directories, file systems, registry settings, etc., to evaluate the possibility of compromise, is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Host-based Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Tests and analyzes all elements of the web infrastructure for any misconfigurations, outdated content, or known vulnerabilities, is an example of what kind of vulnerability assessment?

  1. Active Assessment
  2. Passive Assessment
  3. External Assessment
  4. Internal Assessment
  5. Host-based Assessment
  6. Network-based Assessment
  7. Application Assessment
  8. Database Assessment
A
  1. Application Assessment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Name a vulnerability assessment tool.

A

OpenVAS

Nikto

17
Q

What type of information do vulnerability assessment reports contain?

a) disclosing the risks detected after scanning a network
b) the report alerts the organization of possible attacks and suggests countermeasures
c) info available in the reports is used to fix security flaws
d) all of the above

A

d) all of the above

18
Q

What 3 key pieces of information are listed in a vulnerability assessment report?

A

scan info
target info
results

CEH V11 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions