Week 6 (No week 5) - If you have time for Q2 Flashcards
What is the purpose of threat identifiers in cybersecurity?
To standardize and communicate vulnerability details and threat levels
This allows for international understanding and acceptance within the threat management industry.
What does CVE stand for?
Common Vulnerabilities and Exposures
What is the format for CVE identifiers?
CVE-YYYY-#### (e.g., CVE-2024-21893)
What does NVD stand for and what does it maintain? What does that include?
National Vulnerability Database; it maintains a database of CVEs and includes additional information such as analysis and remediation instructions.
What is the difference between CVE and CWE?
CVE refers to specific instances of vulnerabilities, while CWE refers to types of software weaknesses.
Provide examples of CWE.
- CWE-416: Use After Free
- CWE-780: Use of RSA Algorithm without OAEP
- CWE-787: Out-of-bounds Write
What is CAPEC and its focus?
Common Attack Pattern Enumeration & Classification; it focuses on application security and exploit techniques.
What does CPE stand for and what does it identify?
Common Platform Enumeration; it identifies hardware devices, operating systems, and applications.
What is CCE and its purpose?
Common Configuration Enumeration; it provides a collection of configuration best practices.
What is the Common Vulnerability Scoring System (CVSS)?
A risk management approach to quantify vulnerability data and prioritize response actions.
What is the latest version of CVSS as of November 2023?
CVSS v4.0
What does the term ‘Exploit Maturity’ refer to in CVSS?
It indicates the maturity of the exploit, categorized as Not Defined, Attacked, Proof-of-Concept, or Unreported.
True or False: CVSS scores range from 0 to 10.
True
Fill in the blank: The acronym for the database of Common Vulnerabilities is _______.
NVD
