Security

Question 1

Prereq for AppSec

Answer 1

Supported version of Dynatrace (1.239+)
Deep monitoring enabled

Question 2

3 Modules of AppSec

Answer 2

RVA Runtime Vulnerability Analytics
RAP Runtime Application Protection
SPM Security Posture Management

Question 3

2 submodules of RVA

Answer 3

Code-level vulnerability detection
Third-party vulnerability detection

Question 4

Dependency between RAP and RVA

Answer 4

If RAP is enabled, RVA is also automatically enabled

Question 5

How is consumption tracked for RVA and RAP if you use DPS?

Answer 5

GiB-hour cosumned by hosts with the feature enabled

Question 6

How is consumption tracked for classic licensing model?

Answer 6

Application Security Units

Question 7

How are ASUs defined?

Answer 7

RAM in GB / 16 x number of activated features (RVA/RAP) x 24 x 365

Question 8

Why does RAP need RVA?

Answer 8

Because RAP uses RVA to analyse the vulnerability that the attack is based on

Question 9

3 locations to check consumption for RVA and RAP if you use DPS?

Answer 9

Account management
Data explorer
Environment API

Question 10

How is KSPM licensed?

Answer 10

Host hours

Question 11

2 types of SPM?

Answer 11

VSPM
CSPM

Question 12

How is VSPM licensed?

Answer 12

CPU sockets per year

Question 13

How is CSPM licensed?

Answer 13

host per year

Question 14

A host in the CSPM context applies to what kind of resources?

Answer 14

compute, database, and function

Question 15

What are users of the Security admin group allowed to do?

Answer 15

View and manage vulnerabilities if RVA is enabled and attacks if RAP is enabled

Question 16

How can i fine tune permissions for users?

Answer 16

Assign view rights per environment or management zone

Question 17

Which modules are affected if full stack monitoring is not used and why?

Answer 17

Code vulnerability and third party vulnerability because not sufficient environmental information, such as reachable data assets or public internet exposure

Question 18

To detect third-party vulnerabilities in your environment what components are evaluated?

Answer 18

Software components
Runtime components

Question 19

What attributes of the component or library are checked by application security?

Answer 19

Name and version

Question 20

What providers are used for Third-party vulnerabilitie feed and how often are they checked?

Answer 20

Snyk and NVD (National Vulnerability Database)
Once every 5 min

Question 21

For what kind of components is Snyk used for?

Answer 21

Software components (libraries)
Kube runtime components

Question 22

For what kind of components is NVD used for?

Answer 22

Java runtime components
.NET runtime components
Node.JS runtime components

Question 23

What is the resolution time for a Third-party vulnerabilitie?

Answer 23

2h

Question 24

What could cause the resoultion of a Third-party vulnerabilitie? (5)

Answer 24

Affected process was stopped
Vulnerable component was updated or removed
App is not using the vulnerable component
After a restart there is no traffic to the app so the component doesnt load
Vulnerability has been fixed in the code

Question 25

What is the severity of a code level vulnerability?

Answer 25

Critical

Question 26

Resolution reasons for code level vulnerabilities? (4)

Answer 26

Has been fixed in the code Has been fixed outside the app Affected process doesnt receive any traffic Affected process was stopped

Question 27

How can you enable RVA on a more granular level?

Answer 27

enable/disable per supported technology

Question 28

Overriding monitoring rules for third party vulnerabilities can be defined for which entity properties?

Answer 28

Host tag Process tag Management zone

Question 29

From where and how can you enable RVA?

Answer 29

Enable RVA Application Security > Vulnerability Analytics > General settings. Enable technology Enable OneAgent feature flag code-level vulnerability evaluation

Question 30

What does the name of a vulnerability contain?

Answer 30

Dynatace ID Then depends on feed: Snyk: Snyk ID CVE:vulnerability id CWE: vulnerability name

Question 31

What are the 4 Risk assessment properties of a vulnerability?

Answer 31

Public internet exposure Reachable data assets Vulnerable function in use Public exploit published

Question 32

4 statuses of a vulnerability

Answer 32

Open Resolved Muted Open Muted Resolved

Question 33

7 reasons for a status change of a vulnerability

Answer 33

Opend or resolved Muted or unmuted The number of affected process groups has decreased or increased The risk assessment has changed The Davis Security Score has changed The CVSS has changed A new software component is detected

Question 34

What are the 4 metrics based on which the DSS is calculated?

Answer 34

CVSS Score Attack vector Confidentiality Integrity

Question 35

Why is DSS more precise than CVSS?

Answer 35

CVSS assumes worst case scenario while DSS analyses the context as well based on public internet exposure and reachable data assets

Question 36

6 types of entities that can be related to a vulnerability

Answer 36

App Service Database Host Kube cluster Kube workload

Question 37

What views is a MZ filter affecting on the vulnerability details page?

Answer 37

Related entities Vulnerable components

Question 38

How many MZ can be associated with a vulnerability at max?

Answer 38

1000

Question 39

What are the 4 attributes of a recommendation from the security advisor?

Answer 39

Library that needs to be upgraded Library tech logo number of highest critical vulnerabilities solved total vulnerabilities solved

Question 40

What happens to existing vulnerabilities if you define a "do not monitor" rule that targets them?

Answer 40

They get "Resolved"

Question 41

4 code vulnerabilities that Dynatrace detects and their context?

Answer 41

SQL Injection - SQL statement Command injection - command SSRF - request URL Improper input validation - JNDI lookup name

Question 42

When is an attack path shown?

Answer 42

When RVA is activated When there are fewer than 500 attacks on a vulnerability

Question 43

What does the attack path contain?

Answer 43

Source IP Entry point Vulnerability Target

Question 44

What are the 3 notification integrations for vulnerabilities?

Answer 44

Webhook Jira Email

Question 45

When is a notification triggered?

Answer 45

Open resolved New process group affected

Question 46

What are the 6 properties of attacks that can be used when you define an allow rule?

Answer 46

Attacker IP Attack type Entry point payload Entry point domain Entry point port Entry point path

Question 47

What are the standards supported for SPM?

Answer 47

CIS DORA NIST STIG

Question 48

What is the component used to capture compliance data for SPM?

Answer 48

Kube Node config collector

Question 49

How can i fix vulnerabilities in DT? (2)

Answer 49

Set up tracking links Update version according to davis security advisor

Question 50

Are restarts required for 3rd party vulnerabilities? If so, when?

Answer 50

No

Question 51

Are restarts required for code level vulnerabilities? If so, when?

Answer 51

Yes. Enable Global Enable per tech Enable OA feature New monitoring rule

Question 52

Are restarts required for attacks? If so, when?

Answer 52

Yes. Enable Global Enable per tech Enable OA feature New monitoring rule

Question 53

How long are vulnerabilities stored?

Answer 53

365 days if resolved within a year Next anniversary after resolution if resolved after a year

Question 54

How long are attacks stored?

Answer 54

550 days