Threats, Attacks, and Vulnerabilities (2) Flashcards
A(n) __________ is a security weakness that could be exploited by a threat.
vulnerability
attack vector
risk
vulnerability
A vulnerability is a security weakness that could be exploited by a threat
Which of the following terms describes the level of harm that results from a threat exploiting a vulnerability?
Attack
Likelihood
Impact
Impact
Impact can be defined as the level of harm that results from a threat exploiting a vulnerability
Kevin, a college professor researching viruses, sets up a server within his campus lab without notifying the college’s IT department. He doesn’t want to lock the system down with security controls that could possibly slow his analysis. What is the best term to describe Kevin’s new computer?
Attack surface
Shadow IT
Noncompliance
Shadow IT
Kevin has created shadow IT, meaning that he has set up IT systems that are not under the purview of the IT department and are not compliant with security requirements
Bobby is performing a vulnerability assessment for a web server. Which of the following vulnerability assessment findings should he be concerned with?
Operating system not updated to latest patch level
HTTPS server listening on port 443
Network packets being sent in clear text
Operating system not updated to latest patch level
A vulnerability scanner is designed to scan a system and determine what services that system is running and whether any unnecessary open network ports or unpatched operating systems and applications exist. In this case, HTTP listening on port 80 and HTTPS listening on port 443 are normal operating parameters for a web server. Unless you are using HTTPS, web network packets are always sent in clear text. The vulnerability scanner will detect that the system is not running the latest operating system patches and advise you to update the system
Lauren is performing a vulnerability assessment for a web server. Which of the following tools should she use to determine what active ports, protocols, and services are running?
Wireshark
Nmap
Honeypot
Nmap
Nmap is a popular port-scanning tool used to determine what active ports, protocols, and services are running on a network host
Which of the following is the most dangerous type of finding because it can actually mean that a potential vulnerability goes undetected?
False positive
False negative
False flag
False negative
A false negative can mean that an actual vulnerability goes undetected
Tom is looking for a single tool that aggregates all the different data points from the network, including network alerts, packet capture, user behavior and sentiment analyses, data inputs, log files, and physical security logs, from every host on the network. What is the best option?
Vulnerability scanner
Port scanner
SIEM solution
SIEM solution
A security information and event management (SIEM) solution aggregates all the different data points from the network, including network alerts, packet capture, user behavior and sentiment analyses, data inputs, log files, physical security logs, and so on, from every host on the network
After a security audit and vulnerability assessment, several servers required software patches and unused open network ports needed to be disabled. Which of the following should be performed after these vulnerabilities are fixed to ensure that the countermeasures are secure against a real attack?
Put systems back into live production.
Perform additional port scanning.
Perform penetration testing.
Perform penetration testing.
Penetration testing evaluates the security of a network or computer system by simulating an actual attack. This helps test a network’s and system’s resilience to a real attack as well as test the effectiveness of existing security measures implemented after vulnerability assessments
New management has decided to test the security of the existing network infrastructure implemented by the current network administrators. Which of the following should be performed to provide the most objective and useful test of your security controls?
Hire a real hacker to attack the network.
Perform third-party penetration testing.
Perform penetration testing by the network administrators.
Perform third-party penetration testing.
Penetration tests are often performed by third parties who are allowed access to the network by upper management—in some cases, without the network administrator’s knowledge. This ensures the testing scenario is as close to a real unsuspected attack as possible and provides a detailed analysis of existing vulnerabilities