Vulnerability Management Flashcards

1
Q

What does a vulnerability assessment seek to identfy?

A

Any issues in a network, application, database or other system before it is used. This is a formal process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the practice of finding vulnerabilities?

A

Vulnerability management.

Note: The process is, Scan > Patch > Scan > repeating of course

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What 3 questions can help scope your vulnerability assessments?

A
  1. What is the value of information that would be compromised?
  2. What is the threat your system is facing?
  3. What mitigation strategy could you deploy?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Summarize the vulnerability process in 5 steps

A
  1. Define the desired state of security (you cant stop every threat and you cant protect yourself from everything equally)
  2. Create a baseline (set your “normal”)
  3. Prioritize the vulnerabilities (which ones should be addressed first?)
  4. Mitigate vulnerabilities (patching, controls, configurations)
  5. Monitor the network and systems then rinse/repeat
How well did you know this?
1
Not at all
2
3
4
5
Perfectly