Security Content Automation and Protocol (SCAP)

Question 1

What is SCAP?

Answer 1

Security Content Automation and Protocol

open standards that enhances the automation of vulnerability management, measurement and policy compliance, evaluation of systems that are deployed across your organization

Question 2

What is OVAL?

Answer 2

Open Vulnerability and Assessment Language

Language of SCAP

XML schema for describing system security states and querying vulnerability reports and information

Question 3

What is XCCDF?

Answer 3

Extensible Configuration Checklist Description Format

Language of SCAP

XML schema, but this one is used for developing and auditing best-practice configuration checklist and rules

Question 4

What is ARF?

Answer 4

Asset Reporting Format

Language of SCAP

XML schema being used to express information about the assets and the relationships between the assets and the reports.

Question 5

What is CCE?

Answer 5

Common Configuration Enumeration

method of enumerating our assets

scheme for provisioning secure configuration checks across multiple sources.

Question 6

What is CPE?

Answer 6

Common Platform Enumeration

method of enumerating our assets

scheme for identifying hardware devices, operating systems and applications.

cpe : /

Question 7

What is CVE?

Answer 7

Common Vulnerabilities and Exposures

method of enumerating our assets

list of records where each item contains a unique identifier that’s used to describe a publicly known vulnerability.

Question 8

What is CVSS?

Answer 8

Common Vulnerability Scoring System

used to provide a numerical score to reflect the severity of a given vulnerability

Scores:
0.1 - 0.39 = low
4.0 - 6.9 = Medium
7.0 - 8.9 = High
9.0 - 10.0 = Critical

Question 9

What is Benchmarking?

Answer 9

set of configuration rules for some specific set of products to provide a detailed checklist that can be used to secure the systems back to a specific baseline.