Threats, Attacks, and Vulnerabilities (2)

Question 1

A(n) __________ is a security weakness that could be exploited by a threat.

vulnerability

attack vector

risk

Answer 1

vulnerability

A vulnerability is a security weakness that could be exploited by a threat

Question 2

Which of the following terms describes the level of harm that results from a threat exploiting a vulnerability?

Attack

Likelihood

Impact

Answer 2

Impact

Impact can be defined as the level of harm that results from a threat exploiting a vulnerability

Question 3

Kevin, a college professor researching viruses, sets up a server within his campus lab without notifying the college’s IT department. He doesn’t want to lock the system down with security controls that could possibly slow his analysis. What is the best term to describe Kevin’s new computer?

Attack surface

Shadow IT

Noncompliance

Answer 3

Shadow IT

Kevin has created shadow IT, meaning that he has set up IT systems that are not under the purview of the IT department and are not compliant with security requirements

Question 4

Bobby is performing a vulnerability assessment for a web server. Which of the following vulnerability assessment findings should he be concerned with?

Operating system not updated to latest patch level

HTTPS server listening on port 443

Network packets being sent in clear text

Answer 4

Operating system not updated to latest patch level

A vulnerability scanner is designed to scan a system and determine what services that system is running and whether any unnecessary open network ports or unpatched operating systems and applications exist. In this case, HTTP listening on port 80 and HTTPS listening on port 443 are normal operating parameters for a web server. Unless you are using HTTPS, web network packets are always sent in clear text. The vulnerability scanner will detect that the system is not running the latest operating system patches and advise you to update the system

Question 5

Lauren is performing a vulnerability assessment for a web server. Which of the following tools should she use to determine what active ports, protocols, and services are running?

Wireshark

Nmap

Honeypot

Answer 5

Nmap

Nmap is a popular port-scanning tool used to determine what active ports, protocols, and services are running on a network host

Question 6

Which of the following is the most dangerous type of finding because it can actually mean that a potential vulnerability goes undetected?

False positive

False negative

False flag

Answer 6

False negative

A false negative can mean that an actual vulnerability goes undetected

Question 7

Tom is looking for a single tool that aggregates all the different data points from the network, including network alerts, packet capture, user behavior and sentiment analyses, data inputs, log files, and physical security logs, from every host on the network. What is the best option?

Vulnerability scanner

Port scanner

SIEM solution

Answer 7

SIEM solution

A security information and event management (SIEM) solution aggregates all the different data points from the network, including network alerts, packet capture, user behavior and sentiment analyses, data inputs, log files, physical security logs, and so on, from every host on the network

Question 8

After a security audit and vulnerability assessment, several servers required software patches and unused open network ports needed to be disabled. Which of the following should be performed after these vulnerabilities are fixed to ensure that the countermeasures are secure against a real attack?

Put systems back into live production.

Perform additional port scanning.

Perform penetration testing.

Answer 8

Perform penetration testing.

Penetration testing evaluates the security of a network or computer system by simulating an actual attack. This helps test a network’s and system’s resilience to a real attack as well as test the effectiveness of existing security measures implemented after vulnerability assessments

Question 9

New management has decided to test the security of the existing network infrastructure implemented by the current network administrators. Which of the following should be performed to provide the most objective and useful test of your security controls?

Hire a real hacker to attack the network.

Perform third-party penetration testing.

Perform penetration testing by the network administrators.

Answer 9

Perform third-party penetration testing.

Penetration tests are often performed by third parties who are allowed access to the network by upper management—in some cases, without the network administrator’s knowledge. This ensures the testing scenario is as close to a real unsuspected attack as possible and provides a detailed analysis of existing vulnerabilities