Module 23 Endpoint Vulnerability Assessment

Question 1

What is network profiling?

Answer 1

Session duration, total throughput, typical traffic type, critical asset address space

Question 2

What is a server profile?

Answer 2

Listening ports, logged in users and accounts, service accounts, software environment

Question 3

What is Network Anomaly Detection?

Answer 3

Network behavior - large amount of data such as packet flow, features of the packet, etc.
- Big data analytics techniques can be used to analyze data and detect variations

Question 4

What does network vulnerability testing include?

Answer 4

Risk analysis, vulnerability assessment and penetration testing

Question 5

What is penetration testing?

Answer 5

Use of hacking techniques and tools to penetrate network defenses

Question 6

What is vulnerability assessments?

Answer 6

Patch management, host scans, port-scanning and other scans

Question 7

What is risk analysis

Answer 7

Individuals conduct comprehensive analysis of impacts of attacks on core company assets and functioning

Question 8

What is CVSS

Answer 8

Common Vulnerability Scoring Sys is a risk assessment tool

Question 9

What are the CVSS Metric Groups

Answer 9

Base, temporal and environmental metric group

Question 10

What is the base Metric group

Answer 10

Represents the characteristics of a vulnerability that are constant over time

Question 11

What is Temporal Metric

Answer 11

Measures the characteristics of a vuln that may change over time, but not environments

Question 12

What is envir metric group

Answer 12

Measures aspects of a vuln that are rooted in a specific organizations envir

Question 13

What is considered a high severity rating?

Answer 13

Any vuln that exceeds 3.9

Question 14

What are some vulnerability information sources?

Answer 14

NVD - National Vulnerability Database , CVE (Common Vulnerabilities and Exposures),

Question 15

What is risk management?

Answer 15

Selection and Specification of security controls for an organization

Question 16

What are the ways to respond to risk?

Answer 16

Risk tolerance, risk reduction, risk sharing and risk retention

Question 17

What are the steps in the vulnerability management life cycle?

Answer 17

Discover, prioritize assets, assess,

Question 18

What is the discover process?

Answer 18

Develop a network baseline - identify security vulnerabilities

Question 19

What is prioritizing assets?

Answer 19

Categorize assets into group or business units and assign a business value

Question 20

What is assessing?

Answer 20

Determine a baseline risk profile to eliminate risks based on asset criticality, threats, vulnerabilities and asset classification

Question 21

What is report?

Answer 21

Measure the level of business risk associated with your assets according to security policies. Document a security plan, monitor activity, describe vuln

Question 22

What is remediate

Answer 22

Prioritize according to business risk and add vuln in order of risk

Question 23

What is verify

Answer 23

Verify that threats have been eliminated

Question 24

What is the NIST cybersecurity framework?

Answer 24

Set of standards designed to integrate existing standards, guidelines and practices to help manage and reduce risk

Question 25

What are some of the functions

Answer 25

Identify, Protect, Detect, Respond and Recover

Question 26

What are some tools for asset management?

Answer 26

Automation of inventory, identification of non-compliant authorized assets, specify desired state for those devices using policies, plans in the org information security plan…remediation or acceptance of device state

Question 27

Provide an example of asset management - specifying a desire state

Answer 27

Desired state - windows env, we have active directory, within ad we have group policies which are an articulation of a desired state

Question 28

Mobile device management - what is out there?

Answer 28

Increase in device management - cisco Meraki Systems Manager which can configure, monitor and update mobile clients

Question 29

What is configuration management?

Answer 29

Maintaining integrity of systems, through control of the processes for changing, initializing and monitoring the configs of those products

Question 30

What are some configuration tools?

Answer 30

Puppet, Chef, Ansible, SaltStack

Question 31

What is enterprise patch management?

Answer 31

Involves all aspects of software patching, identifying required patches, acquiring and installing.

Question 32

What are some Patch Management Techniques

Answer 32

Agent based - requires a software agent to be running on each host. Communicates with patch management server - preferred for mobile DEVICES!

Question 33

What is passive network monitoring?

Answer 33

Devices requiring patching are identified through monitoring of traffic on a network.

Question 34

What is a ISMS within Security Management Systems?

Answer 34

Information Security Management System consists of a management framework to identify, analyze and address information security risks.

Question 35

ISO-27001 - what are the 4 pillars

Answer 35

Plan, Do, Check, Act