Security Assessment and Testing (ANT)

Question 1

Active Security Testing

Answer 1

Security testing that involves direct interaction with a target, such as sending packets to a target

Question 2

Banner Grabbing

Answer 2

The process of capturing banner information - such as application type and version - that is transmitted by a remote port when a connection is initiated

Question 3

Computer Security Log Management

Answer 3

Log management for computer security log data only

Question 4

Covert Testing

Answer 4

Testing performed using covert methods and without the knowledge of the organization’s IT staff, but with full knowledge and permission of upper management

Question 5

Event

Answer 5

Something that occurs within a system or network

Question 6

Event Aggregation

Answer 6

The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event

Question 7

Event Correlation

Answer 7

Finding relationships between two or more log entries

Question 8

Event Filtering

Answer 8

The suppression of log entries from analysis, reporting, or long-term storage because their characteristics indicate that they are unlikely to contain information of interest

Question 9

Event Reduction

Answer 9

Removing unneeded data fields from all log entries to create a new log that is smaller

Question 10

External Security Testing

Answer 10

Security testing conducted from outside the organization’s security perimeter

Question 11

Facility

Answer 11

The message type for a syslog message

Question 12

False Positive

Answer 12

An alert that incorrectly indicates that a vulnerability is present

Question 13

File Integrity Checking

Answer 13

Software that generates, stores, and compares message digests for files to detect changes made to the files

Question 14

Information Security Testing

Answer 14

The process of validating the effective implementation of security controls for information systems and networks, based on the organization’s security requirements

Question 15

Internal Security Testing

Answer 15

Security testing conducted from inside the organization’s security perimeter

Question 16

Log

Answer 16

A record of the events occurring within an organization’s systems and network

Question 17

Log Analysis

Answer 17

Studying log entries to identify events of interest or suppress log entries for insignificant events

Question 18

Log Archival

Answer 18

Retaining logs for an extended period of time, typically on removable media, a storage area network (SAN), or a specialized log archival appliance or server

Question 19

Log Clearing

Answer 19

Removing all log entries from a log that precede a certain date and time

Question 20

Log Compression

Answer 20

Storing a log file in a way that reduces the amount of storage space needed for the file without altering the meaning of its contents

Question 21

Log Conversion

Answer 21

Parsing a log in one format and storing its entries in a second format

Question 22

Log Entry

Answer 22

An individual record within a log

Question 23

Log File Integrity Checking

Answer 23

Comparing the current message digest for a log file to the original message digest to determine if the log file has been modified

Question 24

Log Management

Answer 24

The process for generating, transmitting, storing, analyzing and disposing of log data

Question 25

Log Management Infrastructure

Answer 25

The hardware, software, networks, and media used to generate, transmit, analyze, and dispose of log data

Question 26

Log Normalization

Answer 26

Converting each log data field to a particular data representation and categorizing it consistently

Question 27

Log Parsing

Answer 27

Extracting data from a log so that the parsed values can be used as input for another logging process

Question 28

Log Preservation

Answer 28

Keeping logs that would normally be discarded, because they contain records of activity of particular interest

Question 29

Log Reduction

Answer 29

Removing unneeded entries from a log to create a new log that is smaller

Question 30

Log Reporting

Answer 30

Displaying the results of log analysis

Question 31

Log retention

Answer 31

Archiving logs on a regular basis as part of standard operational activities

Question 32

Log Rotation

Answer 32

Closing a log file and opening a new log file when the first log file is considered complete

Question 33

Log Viewing

Answer 33

displaying log entries in a human-readable format

Question 34

Message Digest

Answer 34

A digital signature that uniquely identifies data and has the property that changing a single bit in the data will cause a completely different message digest to be generated

Question 35

Network Discovery

Answer 35

The process of discovering active and responding hosts on a network, identifying weaknesses, and learning how the network operates

Question 36

Network Sniffing

Answer 36

A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest. It is both a review technique and a target identification and analysis technique

Question 37

Operating System Fingerprinting

Answer 37

Analyzing characteristics of packets sent by a target, such as packet headers or listening ports, to identify the operating system in use on the target

Question 38

Overt Testing

Answer 38

Security testing performed with the knowledge and consent of the organization’s IT staff

Question 39

Passive Security Testing

Answer 39

Security testing that does not involve any direct interaction with the targets, such as sending packets to a target

Question 40

Password Cracking

Answer 40

The process of recovering secret passwords stored in a computer system or transmitted over a network

Question 41

Penetration Testing

Answer 41

Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combination of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.

Question 42

Phishing

Answer 42

A digital form of social engineering that uses authentic-looking - but bogus - emails to request information from users or direct them to a fake website that requests information

Question 43

Plan of Actions and Milestones

Answer 43

A document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and schedule milestone completion dates.

Question 44

Port Scanner

Answer 44

A program that can remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

Question 45

Review Techniques

Answer 45

Passive information security testing techniques, generally conducted manually, that are used to evaluate systems, applications, networks, policies, and procedures to discover vulnerabilities. They include documentation, log, ruleset, and system configuration review; network sniffing, and file integrity checking.

Question 46

Rogue Device

Answer 46

An unauthorized node on a network

Question 47

Rule-Based Event Correlation

Answer 47

Correlating events by matching multiple log entries from a single source or multiple sources based on logged values, such as timestamps, IP addresses, and event types

Question 48

Rules of Engagement

Answer 48

Detailed guidelines and constraints regarding the execution of information security testing. The ROE is established before the start of a security test, and gives the test team authority to conduct defined activities without the need for additional permissions.

Question 49

Ruleset

Answer 49

A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take - such as forwarding or rejecting a packet, creating an alert, or allowing a system event.

Question 50

Security Information and Event Management Software

Answer 50

A program that provides centralized logging capabilities for a variety of log types

Question 51

Social Engineering

Answer 51

The process of attempting to trick someone into revealing information (e.g., a password)

Question 52

Syslog

Answer 52

a protocol that specifies a general log entry format and a log entry transport mechanism

Question 53

Target Identification and Analysis Techniques

Answer 53

Information security testing techniques, mostly active and generally conducted using automated tools, that are used to identify systems, ports, services, and potential vulnerabilities. Target identification and analysis techniques include network discovery, network port and service identification, vulnerability scanning, wireless scanning, and application security testing.

Question 54

Target Vulnerability Validation Techniques

Answer 54

Active information security testing techniques that corroborate the existence of vulnerabilities. They include password cracking, remote access testing, penetration testing, social engineering, and physical security testing.

Question 55

Version Scanning

Answer 55

The process of identifying the service application version currently in use

Question 56

Virtual Machine

Answer 56

Software that allows a single host to run one or more guest operating systems

Question 57

Vulnerability

Answer 57

Weakness in an information system, or in system security procedures, internal controls, or implementation, that could be exploited or triggered by a threat source

Question 58

Vulnerability Scanning

Answer 58

a technique used to identify hosts/host attributes and associated vulnerabilities

Question 59

Code Coverage Report

Answer 59

Information on the functions, statements, branches, and conditions covered in testing

Question 60

Mutation (Dumb) Fuzzing

Answer 60

Takes previous input values from actual operation of the software and manipulates it to create input. It might alter the characters of the content, append strings to the end of the content, or perform other data manipulation techniques

Question 61

Real User Monitoring

Answer 61

Aims to capture and analyze every transaction of a user

Question 62

Security Testing

Answer 62

Verifies that a control is functioning properly using automated scans, tool-assisted and manual attempts to undermine security controls

Question 63

STRIDE

Answer 63

Often used in relation to assessing threats against applications or operating systems, threat categorization scheme. Stands for spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege

Question 64

Synthetic Performance Monitoring

Answer 64

User scripted or recorded data such as traffic capture, database performance, website performance not to be confused with User Session Monitoring