Vulnerability And scanners Flashcards
1
Q
Security Content automation protocol (SCAP)
A
Allows compatible scanners to determine whether a comp meets configuration baseline.
-uses to accomplish this:
—OVAL
—XCCDF
2
Q
Open Vulnerability and Assessment Language (OVAL)
A
XML schema for describing system security state and querying vulnerability reports.
Used by SCAP
3
Q
Extensible Configuration Checklist Description Format (XCCDF)
A
XML schema for developing and auditing best-practice configuration checklists and rules.
Uses machine readable format to apply best practices instead of needing to do it manually like previously.
Used by SCAP
4
Q
Weak Host Configuration
A
Default settings
Unsecured root accounts
Open permissions
Open ports and services
Unsecure protocols
Weak encryption
Errors
