Vulnerability Scanning Concepts Flashcards

1
Q

Uses automated vulnerability scanner and observes reports and findings. Does not take down systems, apps or services and does not disrupt business.

A

Passively test security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Understanding common attacks and taking inventory of vulnerabilities –scanners report missing updates, misconfigured security settings and known exploits

A

Identify vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability scanners can identify missing patches or antivirus

A

Identify lack of security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Weak passwords, default usernames and passwords, and open ports.

A

Identify common misconfigurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

can interrupt service, us much more detailed, and exploits vulnerabilities.

A

Intrusive testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Passive does not exploit vulnerabilities and does not disrupt service.

A

Non-intrusive testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Done though it is inside the network and emulates an insider attack.

A

Credentialed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A result that shows incorrectly that a condition or attribute is present. – false vulnerability

A

False positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Done as though it is outside the network and emulates an outside attack – shows what would be found if the network was scanned

A

Non-credentialed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly