Module 1: Vulnerability Response Overview Flashcards
What is focused on the triage exposure of VR which includes the identification, validation, and prioritization of the vulnerabilities for the organization?
Security Operations
Who focuses on coordinating workflows to remediate or fix the risk by assigning tasks, managing workflow, and remediating the vulnerability?
IT Operations team
_______________________ covers the proactive activities.
Vulnerability Response
_______________________ covers the reactive activities.
Security Incident Response
What simplifies the process of identifying critical incidents by applying powerful workflows and automation tools that speed up remediation?
Security Incident Response
How many VR application menus are there?
6
What are the different VR application menus?
Vulnerability Response
Application Vulnerability Response
Container Vulnerability Response
Configuration Compliance
Security Operations
Scanner Menus
ServiceNow’s Vulnerability Response application manages which of the following vulnerabilities? (Select 4)
a. Infrastructure
b. Cloud
c. Application
d. Configuration
e. Containerized Application
f. Compliance
ABCE
What does IVR stand for?
Infrastructure Vulnerability Response
What is Infrastructure Vulnerability Reponse (IVR)?
Manages vulnerabilities on networked assets including servers and network devices
What does AVR stand for?
Application Vulnerability Response
What is Application Vulnerability Response (AVR)?
Manages vulnerabilities on custom-developed applications
What is Vulnerability Response?
The process of identifying, classifying, and prioritizing vulnerabilities, as well as, deciding upon an appropriate response (remediate vs. no remediation)
Although vulnerabilities are flaws that affects business assets, this vulnerability must itself be exploited by a _____________.
Threat
T/F: The core vulnerability response application includes application menus for both host vulnerability response and application vulnerability response
True
What does CVR stand for?
Container Vulnerability Response
What is Container Vulnerability Response (CVR)?
Manages vulnerabilities on applications developed and deployed via containers
What is Configuration Compliance?
Manages vulnerabilities on misconfigured software via tests
What manages vulnerabilities on OT assets at the site level?
Operational Technology Vulnerability Response (OTVR)
What are defined within ServiceNow to help organize all the noise generated by Vulnerability integrations?
Automation rules
What can be used to automate actions such as patching, making configuration changes, or sending requests to security products, such as blocking an IP in the firewall?
Orchestration tools
What core application are included with VR?
Vulnerability Response
Security Support Common
Security Integration Framework
Security Support Orchestration
What application allows security users to compare security data pulled from internal and external sources and, if CIs or software are found to be vulnerable, changes and security incidents can be created using Remediation Tasks?
Vulnerability Response [sn_vul]
What application enables common functionality including integrations, email processing, filter groups, security tags, workflows, and more?
Security Support Common [sn_sec_cmn]
What application enables core orchestration used by Security Operations applications?
Security Support Orchestration [sn_sec_cmn_orch]
What application enables common functionality for Security Operations integrations?
Security Integration Framework [sn_sec_int]
What applications are supplement to the Core?
Configuration Compliance
Container Vulnerability Response
Vulnerability Solution Management
Performance Analytics for Vulnerability Response
What ServiceNow application is a Secure Configuration Assessment (SCA) application that aggregates scan results from integrations with third-party configuration scanning applications?
Configuration Compliance [sn_vulc]
What tightly integrates with the IT Change Management process to remediate your non-compliant configurations?
Configuration Compliance [sn_vulc]
What application imports recommendations and solutions from third-party software to help you remediate vulnerabilities?
Vulnerability Solution Management [sn_vul_solution]
What table is associated with Container Vulnerability Response?
[sn_vulc_container]
What table is associated with Performance Analytics for Vulnerability Response?
[sn_vul_analytics]
What two workspaces are shipped with Vulnerability Reponse?
Vulnerability Manager Workspace
IT Remediation Workspace
How many tables are in the Vulnerability scope?
~140
How many tables are in the Security Support Common scope?
98
What is the table for Remediation Tasks?
[sn_vul_vulnerability]
What are configuration records that extend application functionality?
Application Files
How many Script Includes are in the Vulnerability application scope?
~130
What is the Configuration Compliance table?
[sn_vulc]
What provide a level of control and protection for access, data modification, and API definition that’s incorporated into the architecture from the start?
Scoped Applications
What role is required to assign users to the Application Vulnerability Response default user groups, using the User Administration module?
system admin [admin]
What are the four OOTB user persona groups associated with Container Vulnerability Response?
Container Remediation Owner
Container False Positive Approver
Container Exception Approver - Level 1
Container Exception Approver - Level 2
What are vulnerabilities?
Weaknesses that are targeted by attackers to compromise and/or infiltrate a system and further reduce its security posture.
If a device found by the scanner cannot be matched to a CI in the CMDB, what happens?
A temporary CI is created
A Vulnerable Item is created from the ___________ record
Scanner
Vulnerable Item records might be enriched by data from what integrations?
Shodan
Microsoft Security Response Center
Red Hat Solution Integration
What is Common Weakness Enumeration (CWE)?
A universal online dictionary of weaknesses (flaws) that have been found in code, design, or system architecture.
What are Common Vulnerabilities and Exposures (CVE)?
A catalog of known security threats that are divided into two categories: vulnerabilities and exposures
What is the National Vulnerability Database (NVD)?
A repository of standards-based vulnerability information including a list of CVEs.
