Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v12 Exam Prep "Hard" > Module 05 - Vulnerability Analysis ( EC Mode ) > Flashcards

Module 05 - Vulnerability Analysis ( EC Mode ) Flashcards

1
Q

Which of the following phases of the vulnerability management lifecycle provides clear visibility into a firm and allows security teams to check whether all the previous phases have been perfectly employed?

A. Monitoring
B. Verification
C. Remediation
D. Risk Assessment

A

Answer: B. Verification

Explanation:
Remediation: Remediation is the process of applying fixes on vulnerable systems in order to reduce the impact and severity of vulnerabilities

Monitoring: Organizations need to performed regular monitoring to maintain system security. Continuous monitoring identifies potential threats and any new vulnerabilities that have evolved.

Verification: This phase provides clear visibility into the firm and allows the security team to check whether all the previous phases have been perfectly employed or not.

Risk Assessment: All serious uncertainties that are associated with the system are assessed and prioritized, and remediation is planned to permanently eliminate system flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following online resources helps an attacker in performing vulnerability research?

A. EZGif
B. GNUnet
C. AOL
D. MITRE CVE

A

Answer: D. MITRE CVE (Common Vulnerabilities and Exposures)

Explanation:

AOL: AOL is a major search engine tool.

MITRE CVE: MITRE maintains a CVE databas
e that contains details of the latest vulnerabilities. Attackers can search MITRE CVE to discover vulnerabilities that exist in the target system.

EZGif: EZGif is an online GIF maker, image editor, and video analysis tool.

GNUnet: GNUnet is an online deep and dark web searching tool.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Given below are the different steps involved in the post-assessment phase of vulnerability management.

  1. Remediation
  2. Monitoring
  3. Risk assessment
  4. Verification

What is the correct sequence of steps involved in the post-assessment phase?

A. 2 -> 1 -> 3 -> 4
B. 1 -> 2 -> 3 -> 4
C. 3 -> 1 -> 4 -> 2
D.3 -> 2 -> 4 -> 1

A

Answer: C. 3 -> 1 -> 4 -> 2

Explanation:
The post-assessment phase of vulnerability management includes the following steps

Risk Assessment
Remediation
Verification
Monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system?

A. Exploit
B. Zero-day attack
C. Hacking
D. Vulnerability

A

Answer: D. Vulnerability

Explanation:
Exploit refers to a breach in a system. Attackers take advantage of a vulnerability or weakness in the system to exploit it. Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources. A zero-day attack is an attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A newly discovered flaw in a software application would be considered as which kind of security vulnerability?

A. Zero-day vulnerability
B. HTTP header injection vulnerability
C. Input validation flaw
D. Time-to-check to a time-to-use flaw

A

Answer: A. Zero-day vulnerability

Explanation:
A zero-day vulnerability is a flaw that leaves software, hardware, or firmware defenseless against an attack that occurs the very same day the vulnerability is discovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)?

A. Environmental metrics
B. Base metrics
C. Temporal metrics
D. Active metrics

A

Answer: D. Active metrics

Explanation:
CVSS assessment consists of three metrics for measuring vulnerabilities:

Base metrics: It represents the inherent qualities of a vulnerability.

Temporal metrics: It represents the features that keep on changing during the lifetime of a vulnerability.

Environmental metrics: It represents the vulnerabilities that are based on a particular environment or implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following terms is referred to as a weakness in the design or implementation of a system or software that can be exploited to compromise its security?

A. Footprinting
B. Vulnerability
C. Information assurance
D. Natural threat

A

Answer: B. Vulnerability

Explanation:
Natural Threats: Natural factors such as fires, floods, power failures, lightning, meteor, and earthquakes are potential threats to the assets of an organization.

Vulnerability: A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication.

Footprinting: Footprinting, the first step in ethical hacking, refers to the process of collecting information about a target network and its environment.

Information assurance: IA refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during the usage, processing, storage, and transmission of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Williams, a professional hacker, targeted an organization’s network to cause data loss at a massive scale. To achieve his goal, he exploited a system running an older version of a web browser. Williams implanted a Trojan on the target browser, through which he made a lateral movement in the target network.

Identify the type of vulnerability exploited by Williams in the above scenario.

A. Insecure or poor design of the network and application
B. Intentional end-user acts
C. End-user carelessness
D. Inherent technology weaknesses

A

Answer: D. Inherent technology weaknesses

Explanation:
End-user carelessness: End-user carelessness considerably impacts network security. Human behavior is fairly susceptible to various types of attacks and can be exploited to effect serious outcomes, including data loss and information leakage.

Intentional end-user acts: Ex-employees who continue to have access to shared drives can misuse them by revealing the company’s sensitive information. Such an act is called an intentional end-user act and can lead to heavy data and financial losses for the company.

Internet service misconfiguration: Misconfiguring internet services can pose serious security risks. For example, enabling JavaScript and misconfiguring IIS, Apache, FTP, and Terminal services, can create security vulnerabilities in the network.

Inherent technology weaknesses: If the hardware or software is not capable of defending the network against certain types of attacks, the network will be vulnerable to those attacks. Certain hardware, applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-middle attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Finch, a security professional, was tasked with assessing their organizational network. In this process, Finch identified that one of the servers connected to the corporate network used the insecure FTP for file transmission, which can pose serious security risks.

Identify the type of vulnerability identified by Finch in the above scenario.

A. TCP/IP protocol vulnerability
B. Operating system vulnerability
C. Network device vulnerability
D. User account vulnerabilities

A

Answer: A. TCP/IP protocol vulnerability

Explanation:

Here are some technological vulnerabilities:

TCP/IP protocol vulnerabilities:
HTTP, FTP, ICMP, SNMP, SMTP are inherently insecure

Operating system vulnerabilities:
An OS can be vulnerable because:
It is inherently insecure
It is not patched with the latest updates

Network device vulnerabilities:
Various network devices such as routers, firewall, and switches can be vulnerable due to:
Lack of password protection
Lack of authentication
Insecure routing protocols
Firewall vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Clark, an IT professional, was hired by an MNC on a contract basis. After a few months, the management became dissatisfied with Clark’s performance and asked him to serve a notice period. Clark decided to seek revenge on the company after serving the notice period. On the last working day, he accessed the company’s shared drive and revealed secrets to a third party, causing huge financial loss to the company.

Identify the cause of the vulnerability discussed in the above scenario.

A. Inherent technology weaknesses
B. Hardware or software misconfiguration
C. Intentional end-user acts
D. End-user carelessness

A

Answer: C. Intentional end-user acts

Explanation:
Hardware or software misconfiguration: The insecure configuration of the hardware or software in a network can lead to security loopholes. For example, a misconfiguration or the use of an unencrypted protocol may lead to network intrusions, resulting in the leakage of sensitive information.

Inherent technology weaknesses: If the hardware or software is not capable of defending the network against certain types of attacks, the network will be vulnerable to those attacks. Certain hardware, applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-middle attacks.

End-user carelessness: End-user carelessness considerably impacts network security. Human behavior is fairly susceptible to various types of attacks and can be exploited to effect serious outcomes, including data loss and information leakage.

Intentional end-user acts: Ex-employees who continue to have access to shared drives can misuse them by revealing the company’s sensitive information. Such an act is called an intentional end-user act and can lead to heavy data and financial losses for the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the correct order for vulnerability management life cycle?

A. Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment
B. Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment
C. Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment
D. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor

A

Answer: D. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor

Explanation:

Vulnerability management life cycle is an important process that helps in finding and remediating security weaknesses before they are exploited. The correct order of vulnerability management life cycle is

Creating baseline → vulnerability assessment →risk assessment → remediation →verification →monitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following terms refers to the process of reducing the severity of vulnerabilities in the vulnerability management life cycle?

A. Risk assessment
B. Vulnerability assessment
C. Remediation
D. Verification

A

Answer: C. Remediation

Explanation:
Vulnerability management life cycle is an important process that helps in finding and remediating security weaknesses before they are exploited. This includes defining the risk posture and policies for an organization, creating a complete asset list of systems, scanning and assessing the environment for vulnerabilities and exposures, and taking action to mitigate the vulnerabilities that are found.

The phases involved in vulnerability management are:

Creating Baseline
In this phase, critical assets are identified and prioritized to create a good baseline for the vulnerability management.

Vulnerability Assessment
This is a very crucial phase in vulnerability management. In this step, the security analyst identifies the known vulnerabilities in the organization infrastructure.

Risk Assessment
In this phase, all the serious uncertainties that are associated with the system are assessed, fixed, and permanently eliminated for ensuring a flaw free system.

Remediation
Remediation is the process of reducing the severity of vulnerabilities. This phase is initiated after the successful implementation of the baseline and assessment steps.

Verification
This phase provides a clear visibility into the firm and allows the security team to check whether all the previous phases are perfectly employed or not.

Monitor
Regular monitoring needs to be performed for maintaining the system security using tools such as IDS/IPS, firewalls, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Don, a professional hacker, was attempting to access an organization’s systems from a remote location. Don scanned the target environment and identified a security loophole in the firewall implementation. He exploited this loophole to intrude into and gain access to all the interconnected systems within the environment.

Identify the type of vulnerability exploited by Don in the above scenario.

A. Inherent technology weaknesses
B. Insecure or poor design of the network and application
C. End-user carelessness
D. Intentional end-user acts

A

Answer: B. Insecure or poor design of the network and application

Explanation:

End-user carelessness: End-user carelessness considerably impacts network security. Human behavior is fairly susceptible to various types of attacks and can be exploited to effect serious outcomes, including data loss and information leakage.

Intentional end-user acts: Ex-employees who continue to have access to shared drives can misuse them by revealing the company’s sensitive information. Such an act is called an intentional end-user act and can lead to heavy data and financial losses for the company.

Insecure or poor design of network and application: An improper and insecure design of a network may make it susceptible to various threats and potential data loss. For example, if firewalls, IDS, and virtual private network (VPN) technologies are not implemented securely, they can expose the network to numerous threats.

Inherent technology weaknesses: If the hardware or software is not capable of defending the network against certain types of attacks, the network will be vulnerable to those attacks. Certain hardware, applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-middle attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Steve, an administrator, installed new software on an employee’s system but forgot to change the credentials provided by the vendor. Greg, an attacker, browsed online resources and obtained vendor-provided software credentials to gain remote access to the employee’s system.

Identify the type of vulnerability exploited by Greg in the above scenario.

A. TCP protocol vulnerabilities
B. Default password and settings
C. Operating system vulnerabilities
D. IP protocol vulnerabilities

A

Answer: B. Default password and settings

Explanation:

Here are the two types of vulnerabilities listed and their descriptions:

Configuration Vulnerabilities:

Default password and settings:
Leaving the network devices/products with their default passwords and settings can lead to unauthorized access to the device and the network.

Network device misconfiguration:
Misconfiguring the network device

Technological Vulnerabilities:
TCP/IP protocol vulnerabilities: HTTP, FTP, ICMP, SNMP, SMTP are inherently insecure

Operating System vulnerabilities:
An OS can be vulnerable because:
It is inherently insecure
It is not patched with the latest updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Peter, a security professional, was tasked with performing a vulnerability assessment on an organization’s network. During the assessment, Peter identified that an Apache server was improperly configured, potentially posing serious threats to the organization.

Identify the type of vulnerability identified by Peter in the above scenario.

A. Default password and settings
B. Internet service misconfiguration
C. User account vulnerabilities
D. Network device misconfiguration

A

Answer: B. Internet service misconfiguration

Explanation:

Here are the Configuration Vulnerabilities and their descriptions:

User account vulnerabilities:
Originating from the insecure transmission of user account details such as usernames and passwords, over the network

System account vulnerabilities:
Originating from setting of weak passwords for system accounts

Internet service misconfiguration:
Misconfiguring internet services can pose serious security risks. For example, enabling JavaScript and misconfiguring IIS, Apache, FTP, and Terminal services, can create security vulnerabilities in the network

Default password and settings :
Leaving the network devices/products with their default passwords and settings

Network device misconfiguration:
Misconfiguring the network device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following types of software vulnerability occurs due to coding errors and allows attackers to gain access to the target system?

A. Misconfiguration
B. Unpatched servers
C. Buffer overflow
D. Open services

A

Answer: C. Buffer overflow

Explanation:

Open services: Open ports and services may lead to the loss of data or DoS attacks and allow attackers to perform further attacks on other connected devices.

Unpatched Servers: Unpatched servers are a hub for the attackers, they serve as an entry point into the network. This can lead to the exposure of private data, financial loss, and discontinuation of operations.

Buffer overflow: Buffer overflows are common software vulnerabilities that happen due to coding errors that allow attackers to gain access to the target system.

Misconfiguration: Misconfiguration is the most common vulnerability and is mainly caused by human error, which allows attackers to gain unauthorized access to the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following types of vulnerability assessment sniffs the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities?

A. Credentialed assessment
B. Active assessment
C. Passive assessment
D. Distributed assessment

A

Answer: C. Passive assessment

Explanation:

Active Assessment: A type of vulnerability assessment that uses network scanners to identify the hosts, services, and vulnerabilities present in a network. Active network scanners can reduce the intrusiveness of the checks they perform.

Passive Assessment: Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently accessing the network.

Credentialed Assessment: In this type of assessment, the ethical hacker possesses the credentials of all machines present in the assessed network.

Distributed Assessment: This type of assessment, employed by organizations that possess assets like servers and clients at different locations, involves simultaneously assessing the distributed organization assets, such as client and server applications, using appropriate synchronization techniques.

18
Q

In which of the following types of vulnerability assessment does an ethical hacker assess an enterprise network without possessing any privileges for the assets present in the network?

A. Distributed assessment
B. Non-credentialed assessment
C. Manual assessment
D. Credentialed assessment

A

Answer: B. Non-credentialed assessment

Explanation:

Distributed Assessment: This type of assessment, employed by organizations that possess assets like servers and clients at different locations, involves simultaneously assessing the distributed organization assets, such as client and server applications, using appropriate synchronization techniques

Credentialed Assessment: Credentialed assessment is also called authenticated assessment. In this type of assessment, the ethical hacker possesses the credentials of all machines present in the assessed network. The chances of finding vulnerabilities related to operating systems and applications are higher in credential assessment than in non-credential assessment

Non-Credentialed Assessment: Non-credentialed assessment, also called unauthenticated assessment, provides a quick overview of weaknesses by analyzing the network services that are exposed by the host. Since it is a non-credential assessment, an ethical hacker does not require any credentials for the assets to perform their assessments

Manual Assessment: After performing footprinting and network scanning and obtaining crucial information, if the ethical hacker performs manual research for exploring the vulnerabilities or weaknesses, they manually rank the vulnerabilities and score them by referring to vulnerability scoring standards like CVSS and vulnerability databases like CVE and CWE

19
Q

Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications.

As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The company is concerned about the potential vulnerabilities that could exist on their devices.

What would be the best type of vulnerability assessment for the employees’ smartphones?

A. Wireless network assessment
B. Active assessment
C. Passive assessment
D. Host-based assessment

A

Answer: D. Host-based assessment

Explanation:

Host-based assessment looks at the vulnerabilities of the devices.

Active assessment means we are using a network scanner to look for hosts.

Passive assessment means we are sniffing packets in a network.

Wireless network assessment looks for vulnerabilities in the wireless network, not the phone.

20
Q

Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system?

A. Active footprinting
B. Banner grabbing
C. Port scanning
D. Buffer overflows

A

Answer: D. Buffer overflows

Explanation:
Buffer overflows
Buffer overflows are common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system. In a buffer overflow attack, attackers undermine the functioning of programs and try to take the control of the system by writing content beyond the allocated size of the buffer. Insufficient bounds checking in the program is the root cause because of which the buffer is not able to handle data beyond its limit, causing the flow of data to adjacent memory locations and overwriting their data values. Systems often crash or become unstable or show erratic program behavior when buffer overflow occurs.

Active footprinting
Active footprinting involves gathering information about the target with direct interaction. In active footprinting, information is gathered by querying published name servers, extracting metadata, web spidering, Whois lookup, etc.

Port scanning
Port scanning is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in. Port scanning involves connecting to or probing TCP and UDP ports on the target system to determine if the services are running or are in a listening state.

Banner grabbing
Banner grabbing, or “OS fingerprinting,” is a method used to determine the operating system that is running on a remote target system.

21
Q

Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum?

A. Network-based assessment
B. Internal assessment
C. Host-based assessment
D. External assessment

A

Answer: C. Host-based assessment

Explanation:
Host-based Assessment
Host-based assessments are a type of security check that involves carrying out a configuration-level check through the command line. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Host-based assessment can use many commercial and open-source scanning tools.

External Assessment
External assessment assesses the network from a hacker’s point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers.

Network based Assessments
Network assessments determine the possible network security attacks that may occur on an organization’s system. These assessments evaluate the organization’s system for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption.

Internal Assessment
An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities.

22
Q

Which assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems?

A. Wireless network assessment
B. Passive assessment
C. Application assessment
D. Active assessment

A

Answer: C. Application assessment

Explanation:
Application Assessments
An application assessment focuses on transactional Web applications, traditional client server applications, and hybrid systems. It analyzes all elements of an application infrastructure, including deployment and communication within the client and server. This type of assessment tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Security professionals use both commercial and open-source tools to perform such assessments.

Passive Assessment
Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently using the network.

Active Assessment
Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.

Wireless Network Assessments
Wireless network assessment determines the vulnerabilities in an organization’s wireless networks. Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access. This type of assessment tests wireless networks and identifies rogue wireless networks that may exist within an organization’s perimeter. These assessments audit client-specified sites with a wireless network.

23
Q

Henry, an employee of an organization, faced issues with a newly allocated system, which was purchased from a refurbished market. When he raised a complaint, the security team analyzed the system components and identified that the vendor did not properly sanitize the system’s drive.

Identify the third-party risk demonstrated in the above scenario?

A. Data storage
B. Supply-chain risk
C. Unpatched firmware
D. Design flaws

A

Answer: B. Supply-chain risk

Explanation:
Supply-chain risks: Proper security controls must be implemented for the equipment/devices or software that organizations purchase or borrow from a third party. For instance, the software or hardware purchased from a third party may not be properly sanitized. In such cases, malware concealed inside the previously provisioned equipment can infect the new systems deployed in the organization and spread to all other devices connected to the network.

Data storage: With the emergence of cloud technology, organizations are storing large amounts of data in third-party storage spaces, where vendors may also have access to organizations’ data. Therefore, the data should be frequently inspected for security concerns to protect sensitive information related to customers, employees, or users.

Unpatched firmware: Firmware vulnerabilities allow attackers to inject malicious code, infect legitimate updates, delete data stored on the hard drive, or even control the system hardware from a remote location in some cases. To mitigate such vulnerabilities, security professionals must regularly check and update the firmware.

Design flaws: Design vulnerabilities such as incorrect encryption or the poor validation of data refer to logical flaws in the functionality of the system that attackers exploit to bypass the detection mechanism and acquire access to a secure system.

24
Q

Which of the following vulnerabilities is caused by obsolete or familiar code that is usually not supported when patching technical assets?

A. DLL injection
B. Legacy platform vulnerability
C. Race conditions
D. Third-party risk

A

Answer: B. Legacy platform vulnerability

Explanation:
Third-Party Risks: A third party can become another potential threat to enterprises. Third-party services or products can have access to privileged systems and applications, through which financial information, customer and employee data, and processes in the enterprise’s supply chain can be compromised.

Legacy Platform Vulnerability: Legacy platform vulnerabilities are caused by obsolete or familiar codes. Legacy platforms are usually not supported when patching technical assets such as smartphones, computers, IoT devices, OSes, applications, databases, firewalls, intrusion detection systems (IDSs), or other network components. This type of vulnerabilities could cause costly data breaches for organizations.

Race Conditions: A race condition is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs.

DLL Injection: When an application runs third-party code or untrusted code that loads an assembly or DLL file, an attacker may exploit this vulnerability to inject a malicious DLL into the current running process and execute malicious code.

25
Q

Sam, a newly joined security auditor, was tasked with deploying updates for all the devices connected to a network. Before deploying the updates, he analyzed the network and found many unknown devices connected to the organization’s LAN. He failed to understand the topology because the newly added assets were not documented properly.

Identify the type of vulnerability demonstrated in the above scenario?

A. Default passwords
B. Default installations
C. System sprawl
D. Misconfigurations

A

Answer: C. System sprawl

Explanation:
Misconfigurations/Weak Configurations: Misconfigurations/Weak Configurations: Misconfiguration is the most common vulnerability and is mainly caused by human error. It allows attackers to break into a network and gain unauthorized access to systems.

Default Installations/Default Configurations: Systems or devices with default configurations, if connected to the production or corporate network, enable attackers to perform advanced persistent attacks.

Default Passwords: Manufacturers provide users with default passwords to access the device during its initial set-up, which users must change for future use. When users forget to update the passwords and continue using the default passwords, they make devices and systems vulnerable to various attacks, such as brute force and dictionary attacks. Attackers exploit this vulnerability to obtain access to the system.

System Sprawl/Undocumented Assets: The system sprawl vulnerability arises within an organization network because of an increased number of system or server connections without proper documentation or the understanding of their maintenance. These assets are often neglected over time, making them susceptible to attacks.

26
Q

Which of the following functionalities is not an example of a misconfigured system?

A. Running old software on the system
B. Unnecessary administrative ports that are open for an application
C. Running only necessary services on a machine
D. Outbound connections to various Internet services

A

Answer: C. Running only necessary services on a machine

Explanation:
The following are some examples of misconfiguration:

An application running with debug enabled
Unnecessary administrative ports that are open for an application
Running outdated software on the system
Running unnecessary services on a machine
Outbound connections to various Internet services
Using misconfigured SSL certificates or default certificates
Improperly authenticated external systems
Incorrect folder permissions
Default accounts or passwords
Set up or configuration pages enabled
Disabling security settings and features

27
Q

Which of the following vulnerabilities is exploited by attackers before being acknowledged and patched by software developers or security analysts?

A. Zero-day vulnerability
B. Default installations
C. Legacy platform vulnerability
D. Supply-chain risks

A

Answer: A. Zero-day vulnerability

Explanation:
Race Conditions: A race condition is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs. This condition occurs when a system that handles events in a sequential format is coerced to perform multiple operations simultaneously.

Default Installations/Default Configurations: Failing to change the default settings while deploying the software or hardware allows the attacker to guess the settings to break into the system. Systems or devices with default configurations, if connected to the production or corporate network, enable attackers to perform advanced persistent attacks.

Zero-Day Vulnerability: Zero-day vulnerabilities are unknown vulnerabilities in software/hardware that are exposed but not yet patched. These Vulnerabilities are exploited by the attackers before being acknowledged and patched by the software developers or security analysts.

Supply-chain risks: The majority of network devices and systems in an organization are often purchased from a third party. The use of such equipment in each segment along the supply chain can potentially pose security risks due to improper maintenance or configuration.

28
Q

Which of the following terms is referred to as an undesirable incident that occurs when software or a system program depends on the execution of processes in a sequence and on the timing of the programs?

A. Race condition
B. Memory leaks
C. Integer overflows
D. Null pointer/object dereference

A

Answer: A. Race condition

Explanation:
Race Condition: A race condition is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs. This condition occurs when a system that handles events in a sequential format is coerced to perform multiple operations simultaneously.

Null pointer/Object Dereference: Also known as a null reference, a null pointer is a value stored to represent that the pointer is not designated to any valid object; it also indicates invalid memory location.

Memory Leaks: A memory leak or resource leak is an unintended class of memory consumption that occurs when a programmer fails to erase an assigned block of memory when no longer required.

Integer Overflows: An integer overflow occurs when an arithmetic function generates and attempts to store an integer value larger than the maximum value that the allocated memory space can store.

29
Q

Which of the following types of vulnerability assessment solutions relies on the administrator providing a starting shot of intelligence and then scanning continuously without incorporating any information found at the time of scanning?

A. Service-based solutions
B. Product-based solutions
C. Tree-based assessment
D. Inference-based assessment

A

Answer: C. Tree-based assessment

Explanation:
Product-Based Solutions: These solutions are installed either on a private or non-routable space or on the Internet-addressable portion of an organization’s network

Tree-Based Assessment: In a tree-based assessment, the auditor (parent) selects different strategies for each machine or component (child nodes) of the information system. This approach relies on the administrator to provide a starting piece of intelligence and then to start scanning continuously without incorporating any information found at the time of scanning.

Service-Based Solutions: Service-based solutions are offered by third parties, such as auditing or security consulting firms. Some solutions are hosted inside the network, while others are hosted outside the network.

Inference-Based Assessment: In an inference-based assessment, scanning starts by building an inventory of the protocols found on the machine.

30
Q

Which of the following features is not a good characteristic of a vulnerability assessment solution?

A. Support for a single network
B. Use of a well-organized inference-based approach for testing
C. Imitation of the outside view of attackers to gain their objective
D. Automatic scanning and checks against continuously updated databases

A

Answer: A. Support for a single network

Explanation:
The characteristics of a good vulnerability assessment solution are as follows:

Ensures correct outcomes by testing the network, network resources, ports, protocols, and operating systems
Uses a well-organized inference-based approach for testing
Automatically scans and checks against continuously updated databases
Creates brief, actionable, customizable reports, including reports of vulnerabilities by severity level, and trend analysis
Supports multiple networks
Suggests appropriate remedies and workarounds to correct vulnerabilities
Imitates the outside view of attackers to gain its objective

31
Q

Which of the following types of vulnerability assessment solutions starts by building an inventory of the protocols, services, and vulnerabilities found on a machine and executes only the relevant tests?

A. Service-based solutions
B. Tree-based assessment
C. Inference-based assessment
D. Product-based solutions

A

Answer: C. Inference-based assessment

Explanation:
Service-Based Solutions: Service-based solutions are offered by third parties, such as auditing or security consulting firms. Some solutions are hosted inside the network, while others are hosted outside the network

Product-Based Solutions: Product-based solutions are installed in the organization’s internal network. They are installed either on a private or non-routable space or in the Internet-addressable portion of an organization’s network. If they are installed on a private network (behind the firewall), they cannot always detect outside attacks

Tree-Based Assessment: In a tree-based assessment, the auditor selects different strategies for each machine or component of the information system. For example, the administrator selects a scanner for servers running Windows, databases, and web services but uses a different scanner for Linux servers

Inference-Based Assessment: In an inference-based assessment, scanning starts by building an inventory of the protocols found on the machine. After finding a protocol, the scanning process starts to detect which ports are attached to services, such as an email server, web server, or database server. After finding services, it selects vulnerabilities on each machine and starts to execute only those relevant tests.

32
Q

Which of the following location and data examination tools allows ethical hackers to perform two or more scans on different machines in the network?

A. Network-based scanner
B. Agent-based scanner
C. Cluster scanner
D. Proxy scanner

A

Answer: C. Cluster scanner

Explanation:
Listed below are some of the location and data examination tools:

Network-Based Scanner: Network-based scanners are those that interact only with the real machine where they reside and give the report to the same machine after scanning.

Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network.

Proxy Scanner: Proxy scanners are the network-based scanners that can scan networks from any machine on the network.

Cluster scanner: Cluster scanners are similar to proxy scanners, but they can simultaneously perform two or more scans on different machines in the network.

33
Q

John, an ethical hacker, is performing a vulnerability assessment on an organization’s network. He used tools such as fuzzers to discover and identify previously unknown vulnerabilities in the system and tested whether a product is resistant to a known vulnerability.

Which of the following types of vulnerability assessment tools did John employ?

A. Application-layer vulnerability assessment tools
B. Scope assessment tools
C. Depth assessment tools
D. Host-based vulnerability assessment tools

A

Answer: C. Depth assessment tools

Explanation:
Application-Layer Vulnerability Assessment Tools: Application-layer vulnerability assessment tools are designed to serve the needs of all kinds of operating system types and applications. Various resources pose a variety of security threats and are identified by the tools designed for that purpose

Host-Based Vulnerability Assessment Tools: The host-based scanning tools are appropriate for servers that run various applications, such as the Web, critical files, databases, directories, and remote accesses. These host-based scanners can detect high levels of vulnerabilities and provide required information about the fixes (patches).

Depth Assessment Tools: Depth assessment tools are used to discover and identify previously unknown vulnerabilities in a system. Generally, tools such as fuzzers, which provide arbitrary input to a system’s interface, are used to identify vulnerabilities to an unstable depth. Many of these tools use a set of vulnerability signatures to test whether a product is resistant to a known vulnerability or not.

Scope Assessment Tools: Scope assessment tools provide an assessment of the security by testing vulnerabilities in the applications and operating system. These tools provide standard controls and a reporting interface that allows the user to select a suitable scan. These tools generate a standard report based on the information found

34
Q

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

A. Nessus
B. BeEF
C. NMAP
D. Metasploit

A

Answer: A. Nessus

Explanation:
Nessus is a vulnerability scanner developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment.

35
Q

Sanya is a security analyst in a multinational company who wants to schedule scans across multiple scanners, use wizards to easily and quickly create policies, and send results via email to her boss. Which vulnerability assessment tool should she use to get the best results?

A. Nessus Professional
B. Wireshark
C. Recon-ng
D. FOCA

A

Answer: A. Nessus Professional

Explanation:
Nessus Professional is an assessment solution for identifying vulnerabilities, configuration issues, and malware that attackers use to penetrate networks. It performs vulnerability, configuration, and compliance assessment. It supports various technologies such as operating systems, network devices, hypervisors, databases, tablets/phones, web servers, and critical infrastructure. Nessus is the vulnerability scanning platform for auditors and security analysts. Users can schedule scans across multiple scanners, use wizards to easily and quickly create policies, schedule scans, and send results via email.

Recon-ng and FOCA are footprinting tools used to collect basic information about the target systems in order to exploit them.

Wireshark is a traffic capturing tool that lets you capture and interactively browse the traffic running on a computer network. It captures live network traffic from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI networks.

36
Q

SecTech Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, SecTech does not have the required resources or capabilities to perform a vulnerability assessment. They decide to purchase a vulnerability assessment tool to test a host or application for vulnerabilities.

Which of the following factors should the organization NOT consider while purchasing a vulnerability assessment tool?

A. Test run scheduling
B. Functionality for writing own tests
C. Types of vulnerabilities being assessed
D. Links to patches

A

Answer: D. Links to patches

Explanation:
In the above scenario, the organization is planning to purchase a vulnerability assessment tool to test a host or application for vulnerabilities. There are several vulnerability assessment tools available that include port scanners, vulnerability scanners, and OS vulnerability assessment scanners. Organizations have to choose the right tools based on their test requirements.
The criteria to be followed at the time of choosing or purchasing any vulnerability assessment tool are as follows:
Types of vulnerabilities being assessed
Testing capability of scanning
Ability to provide accurate reports
Efficient and accurate scanning
Capability to perform smart search
Functionality for writing own tests
Test run scheduling

37
Q

Smith, an ethical hacker, was hired to perform a vulnerability analysis and security audit on an organization. He used a vulnerability management tool for the assessment and documented variations and findings including the final report, along with remediation steps to mitigate the identified risks.

Which of the following elements of the vulnerability report includes each host’s detailed information and contains the name and address of the host, operating system type, and date of the test?

A. Risk Assessment
B. Assessment scope and objectives
C. Findings
D. Recommendations

A

Answer: C. Findings

Explanation:
Vulnerability reports cover the following elements:

Risk Assessment: Classification of vulnerabilities based on the risk level: critical, high, moderate, or low.

Recommendations: Action plan to implement the recommendations/remediation for each identified vulnerability.

Assessment scope and objectives: Purpose of the vulnerability scanning and scope of the scannin

Findings: Scanned hosts, including each host’s detailed information:
: Name and address of the host
: Operating system type
: Date of the test
Vulnerable services: Network services by their names and ports.

38
Q

Which of the following components of a vulnerability assessment report contains action plans to implement remediations for each identified vulnerability?

A. Assessment overview
B. Recommendations
C. Risk assessment
D. Findings

A

Answer: B. Recommendations

Explanation:
Findings: Scanned hosts, including each host’s detailed information.

Recommendations: Contains action plan to implement the recommendations/remediation for each identified vulnerability

Risk Assessment: Classification of vulnerabilities based on the risk level: critical, high, moderate, or low.

Assessment Overview: Contains assessment methodology, scan information, and target information

39
Q

Which of the following types of vulnerability assessment tools provides security assessment by testing vulnerabilities in the applications and operating system by providing standard controls?

A. Host-based vulnerability assessment tools
B. Scope assessment tools
C. Depth assessment tools
D. Application-layer vulnerability assessment tools

A

Answer: B. Scope assessment tools

Explanation:
Depth Assessment Tools: Depth assessment tools are used to discover and identify previously unknown vulnerabilities in a system. Generally, tools such as fuzzers, which provide arbitrary input to a system’s interface, are used to identify vulnerabilities to an unstable depth.

Host-Based Vulnerability Assessment Tools: The host-based scanning tools are appropriate for servers that run various applications, such as the Web, critical files, databases, directories, and remote accesses. These host-based scanners can detect high levels of vulnerabilities and provide required information about the fixes (patches)

Scope Assessment Tools: Scope assessment tools provide an assessment of the security by testing vulnerabilities in the applications and operating system. These tools provide standard controls and a reporting interface that allows the user to select a suitable scan.

Application-Layer Vulnerability Assessment Tools: Application-layer vulnerability assessment tools are designed to serve the needs of all kinds of operating system types and applications. Various resources pose a variety of security threats and are identified by the tools designed for that purpose.

40
Q

After performing which of the following steps does a pen tester enumerate the open ports and services along with the operating system on the target systems?

A. Testing the OS
B. Service and OS discovery
C. Testing the services
D. Locating nodes

A

Answer: D. Locating nodes

41
Q

Jim, an ethical hacker, was hired to perform a vulnerability assessment on an organization to check the security posture of the organization and its vulnerabilities. Jim used a tool that helped him continuously identify threats and monitor unexpected changes in the network before they turn into breaches.

Which of the following tools did Jim employ in the above scenario?

A. Octoparse
B. Sherlock
C. theHarvester
D. Qualys VM

A

Answer: D. Qualys VM

CEH v12 Exam Prep "Hard" (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions