Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v11 > MODULE 5: Vulnerability Analysis > Flashcards

MODULE 5: Vulnerability Analysis Flashcards

1
Q

What term describes an in-depth examination of the ability of a system or application to withstand exploitation?

A

Vulnerability Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regarding CVSS severety ratings, which range is classified as “medium”?

  1. 0
  2. 1-3.9
  3. 0-6.9
  4. 0-8.9
  5. 0-10.0
A

4.0-6.9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a publicly available and free list or dictionary of standardized identifiers for common software vulnerabilities and exposures?

A

Common Vulnerabilities and Exposures (CVE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Arrange the following steps of the vulnerability management life cycle in order:

verification 
risk assessment
identify assets and create baseline
monitor
vulnerability scan
remediation
A
  1. identify assets and create baseline
  2. vulnerability scan
  3. risk assessment
  4. remediation
  5. verification
  6. monitor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The following actions should be taken during which step of the “Post Assessment Phase”

  • rescan of systems to identify if applied fix has remediated the vulnerability
  • perform dynamic analysis
  • review of attack surface

a. risk assessment
b. verification
c. remediation
d. monitoring

A

b. verification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of vulnerability assessment conducts a configuration-level check to identify system configs, user directories, file systems, registry settings, ect. to evaluate the possibility of compromise?

a. active assessment
b. external assessment
c. host-based assessment
d. application assessment
e. passive assessment
f. internal assessment
g. network based assessment
h. database assessment

A

c. host-based assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of vulnerability assessment is used to sniff the network traffic to discover present active systems, network services, applications, and vulnerabilities present?

a. active assessment
b. external assessment
c. host-based assessment
d. application assessment
e. passive assessment
f. internal assessment
g. network based assessment
h. database assessment

A

e. passive assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which type of vulnerability assessment determines possible network security attacks that may occur on the organization’s system?

a. active assessment
b. external assessment
c. host-based assessment
d. application assessment
e. passive assessment
f. internal assessment
g. network based assessment
h. database assessment

A

g. network based assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which type of vulnerability assessment determines the vulnerabilities in the organization’s wireless networks?

a. wireless network assessment
b. credentialed assessment
c. manual assessment
d. distributed assessment
e. non-credentialed assessment
f. automated assessment

A

a. wireless network assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which type of vulnerability assessment assesses the network by obtaining the credentials of all machines present in the network?

a. wireless network assessment
b. credentialed assessment
c. manual assessment
d. distributed assessment
e. non-credentialed assessment
f. automated assessment

A

b. credentialed assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of vulnerability assessment starts by building an inventory of protocols found on the machine, detects which ports are attached to services, and then selects vulnerabilities on each machine?

a. tree-based assessment
b. interface-based assessment

A

b. Interface-Based Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which vulnerability assessment type is the best approach for vulnerability assessment?

a. tree-based assessment
b. interface-based assessment

A

b. interface-based assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which category of vulnerability assessment tools finds and identifies the OS running on a particular host computer and tests it for known deficiencies and also searches for common applications and services?

a. scope assessment tools
b. active and passive tools
c. location and data examination tools
d. host based vulnerability assessment tools
e. depth assessment tools
f. application layer assessment tools

A

d. host based vulnerability assessment tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What vulnerability assessment tool is useful for identifying vulnerabilities, configuration issues, and malware?

a. GFI LanGuard
b. Nessus
c. OpenVAS

A

b. Nessus

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which vulnerability assessment tool is a web server assessment tool that examines a web server to discover potential problems and security vulnerabilities?

a. Nikto
b. OpenVAS
c. GFI LanGuard

A

a. Nikto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identify the UDP port that Network Time Protocol (NTP) uses as its primary means of communication?

A. 113
B. 69
C. 123
D. 161

A

C. 123

CEH v11 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions