Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ (SY0-701) > Threat, Vulnerabilities and Mitigations: Digital System Threats > Flashcards

Threat, Vulnerabilities and Mitigations: Digital System Threats Flashcards

1
Q

What are the three methods you need to consider when assessing Digital System Vulnerabilities?

A

When considering application vulnerabilities, there are important factors to consider, including whether an app is client-based or agentless, web- or network-based, and those that are unsupported or have weak credential requirements.

Client and agentless apps

Client-based apps include:

Web browsers

Dedicated software apps

Email clients

Agentless apps include tasks that are executed via “built-in” tools and/or protocols, such as Simple Network Management Protocol (SNMP) and Secure Shell (SSH).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the vulnerability considerations for open-service ports?

A

Using nmap scan output. - you can see what services that are running on the network

Nmap –A –T5 –p 3000 (IP address) - specific information on port 3000

Reviewing the sqli JuiceShop login.

Performing file transfers, such as with Moveit:

People use it are large organizations

Using remote administration: Telnet, SSH, Remote Desktop Protocol (RDP).

Human Error – Administrator should forcing strong MFA and Passwords or enforcing policy.

It’s not uncommon to be using applications that aren’t supported, for a variety of reasons, such as defunct vendors, abandoned open-source projects, or apps that were developed in-house. These can pose vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What happens to a system when you have weak credentials?

A

Threats can exist if you don’t enforce a password policy requiring strong password and then multi-factor authentication (MFA)or two-factor authentication (2FA).

Additionally, users shouldn’t be allowed to continue using default credentials nor should you necessarily use hard-coded credentials unless you use good security practices around those.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are operating systems considered a vulnerability?

A

Operating-system vulnerabilities

Security weaknesses can exist depending on whether you’re using:

Unpatched systems.

Unsupported systems, such as Ubuntu 16.04 or Windows XP.

A weak password policy.

Some companies can’t upgrade or won’t be able to upgrade due to patch compatibilities and will still run legacy systems and build strong firewalls to secure the OS system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security+ (SY0-701) (122 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions