Security Content Automation and Protocol (SCAP) Flashcards

1
Q

What is SCAP?

A

Security Content Automation and Protocol

open standards that enhances the automation of vulnerability management, measurement and policy compliance, evaluation of systems that are deployed across your organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is OVAL?

A

Open Vulnerability and Assessment Language

Language of SCAP

XML schema for describing system security states and querying vulnerability reports and information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is XCCDF?

A

Extensible Configuration Checklist Description Format

Language of SCAP

XML schema, but this one is used for developing and auditing best-practice configuration checklist and rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is ARF?

A

Asset Reporting Format

Language of SCAP

XML schema being used to express information about the assets and the relationships between the assets and the reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is CCE?

A

Common Configuration Enumeration

method of enumerating our assets

scheme for provisioning secure configuration checks across multiple sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is CPE?

A

Common Platform Enumeration

method of enumerating our assets

scheme for identifying hardware devices, operating systems and applications.

cpe : /

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is CVE?

A

Common Vulnerabilities and Exposures

method of enumerating our assets

list of records where each item contains a unique identifier that’s used to describe a publicly known vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is CVSS?

A

Common Vulnerability Scoring System

used to provide a numerical score to reflect the severity of a given vulnerability

Scores:
0.1 - 0.39 = low
4.0 - 6.9 = Medium
7.0 - 8.9 = High
9.0 - 10.0 = Critical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Benchmarking?

A

set of configuration rules for some specific set of products to provide a detailed checklist that can be used to secure the systems back to a specific baseline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly