Section 22 - Vulnerability Management

Question 1

What is a vulnerability assessment?

Answer 1

Seeks to identify any issues in a network, application, database, or other systems prior to it being used that might compromise the system

Question 2

Vulnerability assessments are a formalized process that ____, _____, and _____ the security holes in an enterprise network architecture.

Answer 2

define, identify and classify

Question 3

What is vulnerability management?

Answer 3

Practice of finding and mitigating the vulnerabilities in computers and networks

** This is the oversight process of vulnerability assessments

Question 4

Vulnerability management is a cyclical process. Sometimes you’ll hear it referred to as…?

Answer 4

Scan, Patch, Scan

*** This is because you’ll scan the network for vulnerabilities to identify them (SCAN) then you’ll prioritize, fix and patch them (PATCH) and you’ll scan again. You repeat this until there are no vulnerabilities left.

Question 5

How is a vulnerability assessment conducted?

Answer 5

Most commonly, a vulnerability management program will be used inside of an organization ad they’ll choose what software you’re going to use.

Question 6

What are the five basic concepts you need to know to summarize the vulnerability management process?

Answer 6

1. Define the desired state of security
2. Create a baseline
3. Prioritize the vulnerabilities
4. Mitigate vulnerabilities
5. Monitor the network and systems and conduct future scans

Question 7

What is a penetration test?

Answer 7

A test conducted by a team of professionals to simulate an attack on your network, its systems or its applications

Question 8

What is the difference between black box, gray box and white box testing?

Answer 8

Black box = zero knowledge (the pentesters have to hunt for any information that they need in order to be able to penetrate the network’s defenses)

Gray box = Some knowledge

White box = Full knowledge

Question 9

What is the difference between a penetration test and a vulnerability assessment?

Answer 9

A vulnerability assessment is conducted as a credentialed scan, where the tool can be provided with a username and password for the systems.

Penetration tests are going to be conducted in the form of a test (black, white or gray) where pentesters will simulate being an attacker who will attempt to get into your network and after the test is complete they will provide a report telling you what vulnerabilities were found.

Question 10

Penetration tests follow five basic steps. What are they?

Answer 10

1. Get permission and document info
2. Conduct reconnaissance
3. Enumerate the targets
4. Exploit the targets
5. Document the results

Question 11

What is a tabletop exercise (TTX)?

Answer 11

Exercise that uses an incident scenario against a framework of controls or a red team

*** This is a discussion of simulated emergency situations and security incidents

Question 12

What is a red team vs a blue team?

Answer 12

Red team = attacking your system in a penetration test

Blue team = defending your system in a penetration test

*** Teams can be external or internal meaning they can either be employees (internal) conducting the test or a third party (external.)

Question 13

What is a red team?

Answer 13

The hostile or attacking team in a penetration test or incident response exercise

Question 14

What is a blue team?

Answer 14

The defensive team in a penetration test or incident response exercise

Question 15

What is a white team?

Answer 15

Staff administering, evaluating, and supervising a penetration test or incident response exercise

Question 16

What is OVAL?

Answer 16

Open Vulnerability and Assessment Language

A standard designed to regulate the transfer of secure public information across networks and the internet utilizing any security tools and services available

*** This is an attempt to create a standard way for vulnerability management software, scanners, and other tools to share their data with each other and with other programs.

Question 17

OVAL is compromised of two different parts. What are they?

Answer 17

Language
Interpreter

Question 18

What is OVAL language?

Answer 18

An XML schema used to define and describe the information being created by OVAL to be shared among the various programs and tools

Question 19

What is an OVAL interpreter?

Answer 19

A reference developed to ensure the information passed around by these programs complies with the OVAL schemas and definitions used by the OVAL language

Question 20

What are the tools used to conduct vulnerability assessments?

Answer 20

Network mapping
Vulnerability scanning
Network sniffing
Password Analysis

Question 21

What is network mapping?

Answer 21

Discovery and documentation of physical and logical connectivity that exists in the network

Question 22

What does vulnerability scanning do?

Answer 22

A technique that identifies threats on the network without exploiting them

Question 23

What is banner grabbing?

Answer 23

A technique used to gain information about servers and inventory the systems or services

Question 24

What is Network Sniffing?

Answer 24

The process of finding and investigating other computers on the network by analyzing the network traffic or capturing the packets being sent

Question 25

Network sniffing tools is also called…?

Answer 25

Packet Sniffers

Question 26

What are protocol analyzers?

Answer 26

Software tool that allows for the capture, reassembly, and analysis of packets from the network

Question 27

What is Nmap?

Answer 27

A tool that can be used to determine what hosts are on your network, so in that respect it is a network mapping tool.

It can also be used to determine what services are running on what open ports and what versions of those services are being run. This makes Nmap a vulnerability scanner as well.

Question 28

What is password analysis?

Answer 28

A tool used to test the strength of your passwords to ensure your password policies are being followed

Question 29

What is password cracker?

Answer 29

Uses comparative analysis to break passwords and systematically continues guessing until the password is determined

Question 30

What are the two most well known password crackers?

Answer 30

Cain and Abel
John the Ripper

Question 31

What are the four different methods of doing password cracking and analysis?

Answer 31

Password Guessing
Dictionary Attack
Brute Force Attack
Cryptanalysis Attack

Question 32

What is password guessing?

Answer 32

Occurs when a weak password is simply figured out by a person

Question 33

What is a dictionary attack?

Answer 33

Method where a program attempts to guess the password by using a list of possible passwords

Question 34

What is a Brute-Force Attack?

Answer 34

Method where a program attempts to try every possible combination until it cracks the password

Question 35

What is a cryptanalysis password?

Answer 35

This attack relies on comparing a precomputed encrypted password to a value in a lookup table

Question 36

What is a rainbow table?

Answer 36

List of precomputed values used to more quickly break a password since values don’t have to be calculated for each password being guessed

*** This is what a cryptanalysis password refers to in order to work

Question 37

What is a yellow team?

Answer 37

The team responsible for building tools and architectures in which the exercise will be performed