Module 5 - Vulnerability Analysis Flashcards
While scanning a network, which step comes immediately before using a Vulnerability Scanner?
A) Firewall detection
B) OS detection
C) Check to see if the remote host is alive.
D) TCP / UDP port scanning
B
Note: It helps to know the OS before doing a vulnerability scan because entering the target’s Operating System will help tune the vuln scanner so it can find more information and run scans relevant to that particular OS.
What is the order for scanning a network?
The order of scanning would be:
Check for live systems (ping sweeps, etc)
Check for open ports (this tells you the likely services listening on the target)
Banner grabbing (tells you the OS)
Vulnerability scanning (looks for vulns & flaws on the target)
What’s the range for a medium vulnerability in the CVSS v3 scoring system?
A) 3.0-6.9
B) 3.9-6.9
C) 4.0-6.0
D) 4.0-6.9
D
Note:
None - 0.0
Low: 0.1 - 3.9
Medium: 4.0 - 6.9
High: 7.0 - 8.9
Critical: 9.0 - 10.0
These are the steps in the Vulnerability Management Life Cycle, but they are out of order. Arrange them in the proper order below.
1 - Risk assessment
2 - Monitor
3 - Identify assets and create a baseline.
4 - Remediation
5 - Vulnerability scan
6 - Verification
A) 2, 4, 5, 3, 6, 1
B) 1, 2, 3, 4, 5, 6
C) 3, 5, 1, 4, 6, 2
D) 3, 1, 2, 6, 5, 4
C
An employee left the company, and now you want to give his laptop to another employee. Before you do, however, you assess it for vulnerabilities. You find vulnerabilities such as native configurations, incorrect registry settings and file permissions, and software configuration errors. What type of vulnerability assessment did you perform here?
A) Host-based assessment
B) Database assessment
C) Credentialed assessment
D) Distributed assessment
A
Which of the following statements about vulnerability scanners is NOT correct?
A) Vulnerability scanners attempt to identify vulnerabilities in the hosts scanned.
B) Vulnerability scanners can help identify out-of-date software versions, missing patches, or system upgrades
C) They can validate compliance with or deviations from the organization’s security policy
D) Vulnerability scanners can identify weakness and automatically fix and patch the vulnerabilities without user intervention.
D
Which of the following business challenges could be solved by using a vulnerability scanner?
A) Auditors want to discover if all systems are following a standard naming convention.
B) There is an emergency need to remove administrator access from multiple machines for an employee that quit.
C) A Web server was compromised and management needs to know if any further systems were compromised.
D) There is a monthly requirement to test corporate compliance with host application usage and security policies.
D
Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
A) NMAP
B) Metasploit
C) Nessus
D) BeEF
C
Analyst Alice is doing a vulnerability test on your network. She starts by building an inventory of protocols running on your machines. Using that, she detects which ports are attached to services like web, mail, and database services. After identifying these services and ports, she then selects vulnerabilities on each service, and runs only the relevant tests for each. Which type of vulnerability assessment is she performing here?
A) Product-Based assessment
B) Service-Based assessment
C) Tree-Based assessment
D) Inference-Based assessment
D
Which is the best way to find vulnerabilities on a Windows-based computer?
A) Check MITRE.org for the latest list of CVE findings
B) Use the built-in Windows Update tool
C) Create a disk image of a clean Windows installation
D) Use a scan tool like Nessus
D
In which phase of the Vulnerability Management Life Cycle would you apply fixes to vulnerable systems?
A) Identify Assets and Create a Baseline
B) Vulnerability Scan
C) Risk Assessment
D) Remediation
E) Verification
F) Monitor
D
Nessus found a vulnerability on your server. You investigated, but you find that the vulnerability does not actually exist on the server. Which type of alert did Nessus really give you then?
A) True Positive
B) True Negative
C) False Positive
D) False Negative
C
Which type of vulnerability assessment can find things like active systems, network services, applications, vulnerabilities, and users, merely by sniffing network traffic?
A) Passive assessment
B) Credentialed assessment
C) Internal assessment
D) External assessment
A
Which type of vulnerability assessment analyzes the network from a hacker’s perspective to discover exploits and vulnerabilities that are accessible to the outside world?
A) Host-based assessment
B) Passive assessment
C) Database assessment
D) Application assessment
E) External assessment
F) Internal assessment
E
Which severity level for a vulnerability would a CVSS score of a 7.2 be?
A) None
B) Low
C) Medium
D) High
E) Critical
D
Note:
None - 0.0
Low: 0.1 - 3.9
Medium: 4.0 - 6.9
High: 7.0 - 8.9
Critical: 9.0 - 10.0
