Security

Question 1

Prereq for AppSec

Answer 1

Supported version of Dynatrace
Deep monitoring enabled

Question 2

3 Modules of AppSec

Answer 2

RVA Runtime Vulnerability Analytics
RAP Runtime Application Protection
SPM Security Posture Management

Question 3

2 submodules of RVA

Answer 3

Code-level vulnerability detection
Third-party vulnerability detection

Question 4

Dependency between RAP and RVA

Answer 4

If RAP is enabled, RVA is also automatically enabled

Question 5

How is consumption tracked for RVA and RAP if you use DPS?

Answer 5

GiB-hour cosumned by hosts with the feature enabled

Question 6

How is consumption tracked for classic licensing model?

Answer 6

Application Security Units

Question 7

How are ASUs defined?

Answer 7

RAM in GB / 16 x number of activated features (RVA/RAP) x 24 x 365

Question 8

Why does RAP need RVA?

Answer 8

Because RAP uses RVA to analyse the vulnerability that the attack is based on

Question 9

3 locations to check consumption for RVA and RAP if you use DPS?

Answer 9

Account management
Data explorer
Environment API

Question 10

How is KSPM licensed?

Answer 10

Host hours

Question 11

2 types of SPM?

Answer 11

VSPM
CSPM

Question 12

How is VSPM licensed?

Answer 12

CPU sockets per year

Question 13

How is CSPM licensed?

Answer 13

host per year

Question 14

A host in the CSPM context applies to what kind of resources?

Answer 14

compute, database, and function

Question 15

What are users of the Security admin group allowed to do?

Answer 15

View and manage vulnerabilities if RVA is enabled and attacks if RAP is enabled

Question 16

How can i fine tune permissions for users?

Answer 16

Assign view rights per environment or management zone

Question 17

Which modules are affected if full stack monitoring is not used and why?

Answer 17

Code vulnerability and third party vulnerability because not sufficient environmental information, such as reachable data assets or public internet exposure

Question 18

To detect third-party vulnerabilities in your environment what components are evaluated?

Answer 18

Software components
Runtime components

Question 19

What attributes of the component or library are checked by application security?

Answer 19

Name and version

Question 20

What providers are used for Third-party vulnerabilitie feed and how often are they checked?

Answer 20

Snyk and NVD (National Vulnerability Database)
Once every 5 min

Question 21

For what kind of components is Snyk used for?

Answer 21

Software components (libraries)
Kube runtime components

Question 22

For what kind of components is NVD used for?

Answer 22

Java runtime components
.NET runtime components
Node.JS runtime components

Question 23

What is the resolution time for a Third-party vulnerabilitie?

Answer 23

2h

Question 24

What could cause the resoultion of a Third-party vulnerabilitie? (5)

Answer 24

Affected process was stopped
Vulnerable component was updated or removed
App is not using the vulnerable component
After a restart there is no traffic to the app so the component doesnt load
Vulnerability has been fixed in the code

Question 25

What is the severity of a code level vulnerability?

Answer 25

Critical

Question 26

Resolution reasons for code level vulnerabilities? (4)

Answer 26

Has been fixed in the code
Has been fixed outside the app
Affected process doesnt receive any traffic
Affected process was stopped

Question 27

How can you enable RVA on a more granular level?

Answer 27

enable/disable per supported technology

Question 28

Overriding monitoring rules for third party vulnerabilities can be defined for which entity properties?

Answer 28

Host tag
Process tag
Management zone

Question 29

From where and how can you enable RVA?

Answer 29

Enable RVA Application Security > Vulnerability Analytics > General settings.
Enable technology
Enable OneAgent feature flag code-level vulnerability evaluation

Question 30

What does the name of a vulnerability contain?

Answer 30

Dynatace ID
Then depends on feed:
Snyk: Snyk ID
CVE:vulnerability id
CWE: vulnerability name

Question 31

What are the 4 Risk assessment properties of a vulnerability?

Answer 31

Public internet exposure
Reachable data assets
Vulnerable function in use
Public exploit published

Question 32

4 statuses of a vulnerability

Answer 32

Open
Resolved
Muted Open
Muted Resolved

Question 33

7 reasons for a status change of a vulnerability

Answer 33

Opend or resolved
Muted or unmuted
The number of affected process groups has decreased or increased
The risk assessment has changed
The Davis Security Score has changed
The CVSS has changed
A new software component is detected

Question 34

What are the 4 metrics based on which the DSS is calculated?

Answer 34

CVSS Score
Attack vector
Confidentiality
Integrity

Question 35

Why is DSS more precise than CVSS?

Answer 35

CVSS assumes worst case scenario while DSS analyses the context as well based on public internet exposure and reachable data assets

Question 36

6 types of entities that can be related to a vulnerability

Answer 36

App
Service
Database
Host
Kube cluster
Kube workload

Question 37

What views is a MZ filter affecting on the vulnerability details page?

Answer 37

Related entities
Vulnerable components

Question 38

How many MZ can be associated with a vulnerability at max?

Answer 38

1000

Question 39

What are the 4 attributes of a recommendation from the security advisor?

Answer 39

Library that needs to be upgraded
Library tech logo
number of highest critical vulnerabilities solved
total vulnerabilities solved

Question 40

What happens to existing vulnerabilities if you define a “do not monitor” rule that targets them?

Answer 40

They get “Resolved”

Question 41

4 code vulnerabilities that Dynatrace detects and their context?

Answer 41

SQL Injection - SQL statement
Command injection - command
SSRF - request URL
Improper input validation - JNDI lookup name

Question 42

When is an attack path shown?

Answer 42

When RVA is activated
When there are fewer than 500 attacks on a vulnerability

Question 43

What does the attack path contain?

Answer 43

Source IP
Entry point
Vulnerability
Target

Question 44

What are the 3 notification integrations for vulnerabilities?

Answer 44

Webhook
Jira
Email

Question 45

When is a notification triggered?

Answer 45

Open resolved
New process group affected

Question 46

What are the 6 properties of attacks that can be used when you define an allow rule?

Answer 46

Attacker IP
Attack type
Entry point payload
Entry point domain
Entry point port
Entry point path

Question 47

What are the standards supported for SPM?

Answer 47

CIS
DORA
NIST
STIG

Question 48

What is the component used to capture compliance data for SPM?

Answer 48

Kube Node config collector

Question 49

How can i fix vulnerabilities in DT? (2)

Answer 49

Set up tracking links
Update version according to davis security advisor

Question 50

Are restarts required for 3rd party vulnerabilities? If so, when?

Answer 50

No

Question 51

Are restarts required for code level vulnerabilities? If so, when?

Answer 51

Yes.
Enable Global
Enable per tech
Enable OA feature
New monitoring rule

Question 52

Are restarts required for attacks? If so, when?

Answer 52

Yes.
Enable Global
Enable per tech
Enable OA feature
New monitoring rule

Question 53

How long are vulnerabilities stored?

Answer 53

365 days if resolved within a year
Next anniversary after resolution if resolved after a year

Question 54

How long are attacks stored?

Answer 54

550 days