Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity Exam Flashcards > Security Plus - Chapter 5 > Flashcards

Security Plus - Chapter 5 Flashcards

1
Q

Vulnerability Management

A

A program used to identify, prioritize, and remediate vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability Scanning

A

Tools used to detect new vulnerabilities as they arise and implement a remediation workflow that addresses the highest priority vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Asset Inventory

A

A list of all of the assets that are in an environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Asset Criticality

A

Determining the level of importance that an asset is to the organization and how the asset should be protected with security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Asset Map

A

The asset inventory as it is distributed throughout the organizations network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk Appetite

A

The willingness to tolerate risk within the environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Regulatory Requirements

A

Requirements imposed by governmental agencies to provide guidance on how to apply security controls to protect the organization’s data.
PCI
HIPAA
FISMA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Technical Constraints

A

The lack of technical resources that a tool may have to complete the requested task. Ex. The scanning system may only be capable of performing a certain number of scans per day, and organizations may need to adjust scanning frequency to ensure scans complete successfully.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Business Constraints

A

The lack of business resources that may cause a tool the inability to complete a task. Ex. Running a vulnerability scan may result in high usage of server resources that in turn may cause a slowdown of the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Licensing Limitations

A

Licensing of a scanning tool may either be a limitation of the amount of bandwidth the tool is permitted to use or a limit of the number of assets that the tool is permitted to scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Vulnerability Scan Configuration

A

All of the functions that are established to schedule, produce reports, determine the types of checks performed, provide credentials to access the targets, installation of scanning agents and conduct scans from a variety of network perspectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Scan Sensitivity Levels

A

These settings determine the types of checks that the scanner will perform and should be customized to ensure that the scan meets its objectives while minimizing the possibility of disrupting the target environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Credentialed Scanning

A

Scans of network assets with a provided network login to improve the accuracy of the vulnerability scans. These can provide the scanner with the ability to access operating systems, databases, and applications as well. This could cause some disruption to these systems though with this increased scanning ability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Server-Based Scanning

A

Vulnerability scanning performed by a tool installed on a server within the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Agent-Based Scanning

A

Administrators install small software agents on each target server which provides an inside out scan and report information back to vulnerability management platform for analysis and reporting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Scan Perspectives

A

Conducting scans from different locations within the network, providing a different view into vulnerabilities. Ex. External, Internal, Data Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Controls That May Affect Scan Results

A

Firewall Settings
Network segmentation
Intrusion Detection Systems
Intrusion Prevention Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Vulnerability Feeds

A

Updates of vulnerabilities that are sent to the vulnerability management platform on a regular basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Security Content Automation Protocol (SCAP)

A

An effort by the security community led by the National Institute of Standards (NIST), to create a standardized approach for communicating security-related information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

SCAP Standards

A

Common Configuration Enumeration (CCE)
Common Platform Enumeration (CPE)
Common Vulnerabilities and Exposures (CVE)
Common Vulnerability Scoring System (CVSS)
Extensible Configuration Checklist Description Format (XCCDF)
Open Vulnerability and Assessment Language (OVAL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Common Configuration Enumeration (CCE)

A

Provides a standard nomenclature for discussing system configuration issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Common Platform Enumeration (CPE)

A

Provides a standard nomenclature for describing product names and versions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Common Vulnerabilities and Exposures (CVE)

A

Provides a standard nomenclature for describing security-related software flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Common Vulnerability Scoring System (CVSS)

A

Provides a standardized approach for measuring and describing the severity of security-related software flaws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Extensible Configuration Checklist Description Format (XCCDF)

A

A language for specifying checklists and reporting checklist results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Open Vulnerability and Assessment Language (OVAL)

A

A language for specifying low-level testing procedures used by checklists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Network Vulnerability Scanner Examples

A

Tenable Nessus - Widely respected and one of the first products introduced
Qualys - Commercially available and more recent product
Rapid 7 Nexpose - Commercially available and more recent
OpenVAS free alternative to commercially available

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Static Application Testing

A

Analyzes code without executing the code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Dynamic Application Testing

A

Executes the code as part of the test, running the interfaces that the code exposes to the user with a variety of inputs, searching for vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Interactive Application Testing

A

Analyzes the source code while testers interact with the application through exposed interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Web Application Scanning

A

Tools that examine the security of web applications that test for web-specific vulnerabilities like SQL injection, cross site scripting (XSS), and cross-site request forgery (CSRF) vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Vulnerability Report Reviews

A

Nessus - Vulnerability Name, Overall Severity, Detailed Description, Solution, See Also (References), Output (Description of the remote section), Portal/Hosts (Details on the server that contains the vulnerability), Vulnerability Information (Miscellaneous information about the vulnerability, Risk Information (Useful information for assessing the severity of the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Common Vulnerability Scoring System (CVSS)

A

An industry standard for assessing the severity of security vulnerabilities. It scores vulnerabilities on a variety of measures:
Attack Vector Metric - Evaluates the exploitability
Attack Complexity Metric - Evaluates the exploitability
Privileges Required Metric - Evaluates the exploitability
User Interaction Metric - Evaluates the exploitability
Confidentiality Metric - Evaluates the impact of the vulnerability
CVSS Confidentiality Metric - Evaluates the impact of the vulnerability
Integrity Metric - Evaluates the impact of the vulnerability
Availability Metric - Evaluates the impact of the vulnerability
Scope Metric - Scope of the vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Attack Vector Metric

A

Describes how an attacker would exploit the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Attack Complexity Metric

A

Describes the difficulty of exploiting the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Privileges Required Metric

A

Describes the type of account access that an attacker needs to exploit the vulnerability.

37
Q

User Interaction Metric

A

Describes whether the attacker needs to involve another human in the attack.

38
Q

Confidentiality Metric

A

Describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability.

39
Q

Integrity Metric

A

Describes the type of information alteration that might occur if an attacker successfully exploits the vulnerability.

40
Q

Availability Metric

A

Describes the type of disruption that might occur if an attacker successfully exploits the vulnerability.

41
Q

Scope Metric

A

Describes whether the vulnerability can affect system components beyond the scope of the vulnerability.

42
Q

CVSS Vector

A

Single-line format to convey the ratings of a vulnerability on all eight of the metrics described.

43
Q

CVSS Severity Rating Scale

A

CVSS Score Rating
0.0 None
0.1-3.9 Low
4.0-6.9 Medium
7.0-8.9 High
9.0-10.0 Critical

44
Q

False Positives

A

When a scanner reports a vulnerability that does not exist.

45
Q

Positive Report

A

When a scanner reports a vulnerability.

46
Q

Negative Report

A

When a scanner reports there are no vulnerabilities.

47
Q

False Negative

A

When a scanner reports there are no vulnerabilities when there actually are some on the system.

48
Q

Information Sources for Interpreting Scan Reports

A

Log Reviews
Security Information and Event Management systems
Configuration Management systems

49
Q

Patch Management

A

The process of applying updates to operating systems, applications, and other systems and tools.

50
Q

Legacy Systems

A

Systems that are no longer supported by the vendors that produced those systems.

51
Q

Weak Configurations

A

A cause of vulnerabilities due to the below poor security practices:
-Using default settings for setup/configuration pages
-Using default credentials or unsecured accounts of standard user and administrator accounts
-Leaving open service ports that are not necessary to support normal system operations
-Leaving open permissions that allow users to access that violates the principle of least privilege

52
Q

Debug Mode

A

Gives the developer crucial error information needed to troubleshoot applications in the development process. This could provide an attacker the ability to gain information of the inner workings of an application, on the structure of a database, authentication mechanisms, or other details.

53
Q

Insecure Protocols

A

Early protocols utilized without security controls established. TelNet and FTP are two examples.

54
Q

Weak Encryption

A

Utilizing broken cryptographic algorithms which are easily defeated by an attacker.

55
Q

Penetration Testing

A

A review of an organizations systems to determine if the security controls established by the organization are sufficient enough to maintain the security while a sophisticated attacker attempts to defeat those controls.

56
Q

Adopting the Hacker Mindset

A

Understanding the process of an attacker, knowing that they only need one vulnerability to be able to compromise an entire network of an organization. To find these vulnerabilities, security professionals must think like the mind of an adversary.

57
Q

Benefits of Penetration Testing

A

-Provides the organization with an understanding of an attacker, if successful what security controls were not properly configured or established and if they are unsuccessful that we are confident that we have established the proper security controls to thwart the advances of an attacker.
-If the attackers are successful, it provides the blueprint for remediation of the attack. The organization would be able to trace the actions of the attacker through the network as they progressed and close the series of open doors and establish the necessary security controls to block future attacks.
-The tests can provide the organization with essential, focused information on specific attack targets.

58
Q

Threat Hunting

A

Searching the organizations technology infrastructure for the artifacts of a successful attack. This assumes attackers have already gained access to the system and the organization finding evidence of this successful attack.

59
Q

Physical Penetration Testing

A

Identifying and exploiting vulnerabilities in an organization’s physical security controls.

60
Q

Offensive Penetration Testing

A

A proactive approach where security professionals act as an attacker to identify and exploit vulnerabilities in an organization’s networks, systems, and applications.

61
Q

Defensive Penetration Testing

A

Evaluating an organization’s ability to defend against cyberattacks. Testing the defenses that are established.

62
Q

Integrated Penetration Testing

A

Combines both offensive and defensive testing to provide a comprehensive assessment of an organization’s security posture.

63
Q

Known Environment Testing

A

Performed with full knowledge of the underlying technology, configurations, and settings that make up the target.

64
Q

Unknown Environment Testing

A

Intends to replicate what an actual attacker would encounter.

65
Q

Partially Known Environment Testing

A

A blend of known and unknown testing. The tester may be provided some information about the environment without giving full access, credentials, of configurations.

66
Q

Rules Of Engagement (ROE)

A

The agreed upon testing process and permission that the testing firm is given to attack the organizations networks.

67
Q

Elements of the Rules of Engagement

A

Timeline - When the testing is permitted to be performed.
What targets - What locations, systems, applications, and other potential areas that are permitted to be tested.
Data handling requirements - How information gathered during the testing will be collected, maintained, provided to the organization, and destroyed at the end of the testing agreement.
Behaviors - What the organization can perform in regards to defensive controls for the testers to perform sufficient testing to the organizations satisfaction.
What Resources - Understanding what time commitment may be required from administrators, developers, engineers, operations center, and other experts of the targets that may be included in working through the testing.
Legal Concerns - Include a review of the laws that cover the target organization, any remote locations, and any service providers that may be in scope.
Communications - How often will the testing firm communicate with the organization engaging in the tests. How should testers respond if they are successful in breaching the organization. How should the testers respond in the case of finding evidence that a breach has already occurred.
Limitations - Including what systems or targets the testing firm is permitted to access and where they are not permitted to access.
Problem handling and resolution - Understanding how the testing firm will provide assistance in the case that the testing causes disruption to systems and services.

68
Q

Passive Reconnaissance

A

Techniques used to seek to gather information without directly engaging with the target.

69
Q

Active Reconnaissance

A

Techniques used that directly engage the target in intelligence gathering.
Port Scanning
Footprinting - Identifying operating systems and applications in use
Vulnerability Scanning

70
Q

War Driving or War Flying

A

The use of vehicles or unmanned vehicles to drive or fly near an organization to identify unsecured wireless network that the attacker may be able to utilize to gain access.

71
Q

Penetration Testing Steps

A

Initial Access - When the attacker exploits a vulnerability
Privilege Escalation - Using hacking techniques to shift from initial access to establishing advanced privileges.
Pivoting (Lateral Movement) - Occurs when the attacker moves from one system if the initial access to additional systems within the network.
Persistence - Attacker establishes backdoors into the systems and using other mechanisms to regain access to the network even if the initial vulnerability is patched.

72
Q

Major Components of a Security Assessment Program

A

Security tests
Security assessments
Security audits

73
Q

Security Tests

A

Verify that a control is functioning properly.
- Automated scans
- Tool-assisted penetration tests
- Manual attempts to undermine security

74
Q

Security Testing Factors

A
  • Availability of security testing resources
  • Criticality of systems and applications being protected by the controls.
  • Sensitivity of information contained on tested systems
  • Likelihood of a technical failure of the mechanism implementing the control
  • Likelihood of a misconfiguration of the control
  • Risk that the system will come under attack
  • Rate of change of the control configuration
  • Other changes in the technical environment that may affect performance
  • Difficulty and time required to perform a control test
  • Impact of the test on normal business operations
75
Q

Security Assessments

A

Comprehensive reviews of the security of a system, application, or other tested environment. This can be performed by internal staff members or an authorized external third-party.

76
Q

Security Audit

A

Comprehensive, impartial, and unbiased view of the security controls of a system, application, or other tested environment performed by an authorized third-party of independent auditors.

77
Q

Internal Audits

A

Audits performed by internal staff members that are members of the organizations audit team. The reports are intended for internal audiences.

78
Q

External Audits

A

Audits performed by an outside auditing firm who serves as an independent third party.

79
Q

Independent Third-Party Audits

A

Audits performed by an external firm on behalf of another organization. Example, a regulatory body may have the authority to initiate an audit of a regulated firm under contract or law.

80
Q

American Institute of Certified Public Accountants (AICPA)

A

Accounting group that provides a common standard to be used by auditors performing assessments of service organizations.

81
Q

Control Objectives for Information and related Technologies (COBIT)

A

Framework of the common requirements that organizations should have in place surrounding their information systems.

82
Q

Vulnerability Life Cycle

A

Identification, Analysis, Response and remediation, Validation of remediation, Reporting

83
Q

Vulnerability Identification

A

The first stage where the organization becomes aware of the vulnerability that exists within the organization. Ways orgs are made aware of a vulnerability:
- Vulnerability scans of the environment
- Penetration tests of the organization
- Reports from responsible disclosures
- Results of system and process audits

84
Q

Vulnerability Analysis

A

The second stage of the life cycle where the cybersecurity professionals perform an analysis of the report.

85
Q

Steps for Vulnerability Analysis

A
  • Confirm there is a vulnerability and it is not a false positive
  • Prioritize and categorize the vulnerability using tools such as CVSS and CVE
  • Supplement the external analysis with the organization’s specific details for risk assessment. Assess using the exposure factor, environmental variables, industry and organizational impact, and the organizations risk tolerance.
86
Q

Vulnerability Response and Remediation

A

Using the outcome of the report to guide the organization to identify the vulnerabilities that are most in need of remediation.

87
Q

Vulnerability Remediation Steps

A
  • Apply a patch or other corrective measure to correct the vulnerability
  • Use network segmentation to isolate the affected system so that the probability of an exploit becomes remote.
  • Implement other compensating controls, such as application firewalls or intrusion prevention systems, to reduce the likelihood that an attempted exploit will be successful.
  • Purchase insurance to transfer the financial risk of the vulnerability to an insurance provider.
  • Grant an exception or exemption to the system as part of a formal risk acceptance strategy.
88
Q

Validation of Remediation

A

After completion of the remediation, the cybersecurity professionals should perform a validation that the vulnerability is no longer present.

89
Q

Reporting

A

Communicating the findings, action taken, and lessons learned to relevant stakeholders within the organization.

Cybersecurity Exam Flashcards (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions