2.0 Vulnerability Management Flashcards Preview

CySA+ CS0-001 > 2.0 Vulnerability Management > Flashcards

Flashcards in 2.0 Vulnerability Management Deck (127)
Loading flashcards...
1
Q

what should you consult to identify all systems that need to have a vulnerability scan?

A

the company’s asset inventory

2
Q

what is a flaw, loophole, or weakness in the system, software, or hardware?

A

vulnerabiltiy

3
Q

which scan has less of an impact on the network: agent-based or server-based?

A

agent-based vulnerability scans because they run on the device and only send the report to the centralized server

4
Q

what are the two main factors that CompTIA list as factors for prioritizing vulnerability remediation?

A

criticality and difficulty of implementation

5
Q

how often should vulnerability scans be carried out based on PCI-DSS standards?

A

every three months and whenever systems are updated

6
Q

which SCAP component provides standardized names for security-related software flaws?

A

common vulnerabilities and exposures (CVE)2

7
Q

what does the acronym CCE denote?

A

common configuration enumeration

8
Q

which systems provides CCE and CVE identifiers for vulnerability scans?

A

security content automation protocol (SCAP)

9
Q

which term is used for an agreement that is signed by two partnering companies?

A

business partners agreement (BPA)

10
Q

what does the acronym CVE denote?

A

common vulnerabilities and exposures

11
Q

which term is used for an agreement between two or more parties where the parties cannot create a legally enforceable agreement?

A

memorandum of understanding (MoU)

12
Q

what does the acronym SCAP denote?

A

security content automation protocol

13
Q

which step of the vulnerability management process involves assessing the documented requirements and workflow to determine when scans should occur?

A

establish scanning frequency

14
Q

why should you document workflow prior to setting up a vulnerability scan?

A

to help provide business constraints for the scan

15
Q

which step of the vulnerability management process involves documenting the regulatory environment and corporate policy, classifying data, and obtaining an asset inventory?

A

identify requirements

16
Q

in which situation will you accept a risk?

A

when the cost of the safeguard exceeds the amount of the potential loss

17
Q

why should you deploy remediation in a sandbox environment?

A

to test the effects of the remediation to ensure that the devices will be able to function properly after deployment

18
Q

what is the process for the vulnerability management process?

A
  1. identify requirements2. establish scanning frequency3. configure the tools to perform the scans according to specifications4. execute the scan5. generate scan reports6. provide remediation for discovered vulnerabilities
19
Q

what does the acronym CVSS denote?

A

common vulnerability scoring system

20
Q

what is a service level agreement (SLA)?

A

a contract between a network service provider and a customer that specifies the services the network service provider will furnish

21
Q

which range of CVSS scores indicates low priority?

A

0.1 to 3.9

22
Q

what is meant by the term vulnerability feed?

A

the updates to the vulnerability scanner that ensures that the scanner is able to recognize newly discovered vulnerabilities

23
Q

which range of CVSS scores indicates high priority?

A

7.0 to 8.9

24
Q

what happens with an agent-based vulnerability scan?

A

agents are installed on the devices to run the scan and send the report to a centralized server

25
Q

which range of CVSS scores indicates medium priority?

A

4.0 to 6.9

26
Q

what is the recommended action when the cost of the safeguard exceeds the amount of the potential loss for a given risk?

A

to accept the risk

27
Q

which permissions should you assign the account used for the vulnerability scans?

A

read only

28
Q

which SCAP component provides standard names for product names and versions?

A

common platform enumeration (CPE)

29
Q

which step of the vulnerability management process includes scanning criteria, such as sensitivity levels, vulnerability feed, and scope?

A

configure the tools to perform the scans according to specifications

30
Q

which range of CVSS scores indicates critical priority?

A

9.0 to 10.0

31
Q

what is meant by the scope of a vulnerability scan?

A

the range of hosts or subnets included in the scan

32
Q

what is the purpose of a discovery vulnerability scan?

A

to create an inventory of assets based on host or service discovery

33
Q

which SCAP component provides a standardized metric that measures and describes the severity of security-related software flaws?

A

common vulnerability scoring system (CVSS)

34
Q

what is the term Nessus uses for vulnerability feeds?

A

plug-ins

35
Q

which type of vulnerability scan includes the appropriate permissions for the different data types?

A

credentialed scan

36
Q

what does a CVSS score of 0 indicate?

A

no issues

37
Q

what are the FIVE inhibitors to remediation after a vulnerability scan?

A

MOUsSLAsOrganizational GovernanceBusiness process interruptionDegrading functionality

38
Q

what does the acronym CPE denote?

A

common platform enumeration (CPE)

39
Q

what are the three possible values of the availability (A) metric of the CVSS vector, and what do they stand for?

A

N - NoneP - PartialC - Complete

40
Q

which value of the authentication (Au) metric of the CVSS vector means no authentication mechanisms are in place to stop the exploitation of the vulnerability?

A

N

41
Q

which CVSS metric describes the authentication on attacker would need to get through to exploit the vulnerability?

A

the authentication (Au) metric

42
Q

which value of the access vector (AV) metric of the CVSS vector indicates that the attacker must have physical access to the affected system?

A

L

43
Q

which value of the Access Vector (AV) metric of the CVSS vector indicates the attacker can cause the vulnerability from any network?

A

N

44
Q

which value of the confidentiality (C) metric of the CVSS vector means all information on the system could be compromised?

A

C

45
Q

which value of the Confidentiality (C) metric of the CVSS vector means some access to information would occur?

A

P

46
Q

what are the three possible values of the Access Vector (AV) metric of the CVSS vector, and what do they stand for?

A

L - LocalA - AdjacentN - Network

47
Q

which CVSS metric describes the difficulty of exploiting the vulnerability?

A

the access complexity (AC) metric

48
Q

which CVSS metric describes the information disclosures that may occur if the vulnerability is exploited?

A

the confidentiality (C) metric

49
Q

what are the three main possible values of the authentication (Au) metric of the CVSS vector, and what do they stand for?

A

M - MultipleS - SingleN - None

50
Q

which value of the availability (A) metric of the CVSS vector means system performance is degraded?

A

P

51
Q

which CVSS metric describes how the attacker would exploit the vulnerability?

A

the access vector (AV) metric

52
Q

which value of the integrity (I) metric of the CVSS vector means some information modification would occur?

A

P

53
Q

what are the three possible values of the confidentiality (C) metric of the CVSS vector, and what do they stand for?

A

N - NoneP - PartialC - Complete

54
Q

which value of the integrity (I) metric of the CVSS vector means all information on the system could be compromised?

A

C

55
Q

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability does not require special conditions?

A

L

56
Q

which value of the availability (A) metric of the CVSS vector means the system is completely shut down?

A

C

57
Q

which CVSS metric describes the disruption that might occur if the vulnerability is exploited?

A

the availability (A) metric

58
Q

what should you do for the false positives in a vulnerability scanning report once you have verified that they are indeed false?

A

configure exceptions for the false positives in the vulnerability scanner

59
Q

what is meant by the term false negative in a vulnerability scan?

A

when the vulnerability scan indicated no vulnerabilities existed when, in fact, one was present

60
Q

which value of the access vector (AV) metric of the CVSS vector indicates the attacker must be on the local network?

A

A

61
Q

which value of the integrity (I) metric of the CVSS vector means there is no integrity impact?

A

N

62
Q

which CVSS metric describes the type of data alteration that might occur?

A

the integrity (I) metric

63
Q

which value of the Confidentiality (C) metric of the CVSS vector means there is no confidentiality impact?

A

N

64
Q

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through two or more authentication mechanisms?

A

M

65
Q

which value of the authentication (Au) metric of the CVSS vector means the attacker would need to get through one authentication mechanism?

A

S

66
Q

what are the three possible values of the Access Complexity (AC) metric of the CVSS vector, and what do they stand for?

A

H - HighM - MediumL - Low

67
Q

what are the three possible values of the integrity (I) metric of the CVSS vector, and what do they stand for?

A

N - NoneP - PartialC - Complete

68
Q

which value of the Availability (A) metric of the CVSS vector means there is no availability impact?

A

N

69
Q

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires somewhat special conditions?

A

M

70
Q

which value of the Access Complexity (AC) metric of the CVSS vector means the vulnerability requires special conditions that are hard to find?

A

H

71
Q

what should you do if you expect that there are false positives in a vulnerability scanning report?

A

verify the false positives to ensure that you can eliminate them from the report

72
Q

in which type of attack is a user connected to a different web server than the one intended by the user?

A

hyperlink spoofing attack

73
Q

what is meant by VM escape?

A

viruses and malware can migrate multiple VMs on a single server

74
Q

which type of system does a stuxnet attack target?

A

a supervisory control and data acquisition (SCADA) system

75
Q

which type of attack involves flooding a recipient e-mail address with identical e-mails?

A

spamming attack

76
Q

what is a replay attack?

A

an attack where an intruder records the communication between a user and a server, and later plays the recorded information back to impersonate the user

77
Q

what is the purpose of GPS tracking on a mobile device?

A

it allows a mobile device to be located

78
Q

what is a command injection?

A

when an operating system command is submitted in an HTML string

79
Q

what is war chalking?

A

leaving signals about a wireless network on the outside of the building where it is housed

80
Q

which attack is an extension of the denial-of-service (DoS) attack and uses multiple computers?

A

DDoS attack

81
Q

which component of a computer use policy indicates that data stored on a company computer is not guaranteed to remain confidential?

A

a no expectation of privacy policy

82
Q

how do you ensure that data is removed from a mobile device that has been stolen?

A

use a remote wipe or remote sanitation program

83
Q

what is phishing?

A

when an e-mail request for confidential information that appears to originate from a bank or other trusted institution is received

84
Q

what is click-jacking?

A

a technique that is used to trick users into revealing confidential information or taking over the user’s computer when clicking links

85
Q

what does the acronym SCADA denote?

A

supervisory control and data acquisition

86
Q

which type of attack allows an attacker to redirect internet traffic by setting up a fake DNS server to answer client requests?

A

DNS spoofing

87
Q

what is the purpose of screen locks on mobile devices?

A

to prevent users from accessing the mobile device until a password or other factor is entered

88
Q

which type of attack is characterized by an attacker who records an encrypted transmission between a client and a server computer so that he or she can then send it to the server to gain access?

A

a replay attack

89
Q

why is it important to limit the use of flash drives and portable music devices by organization employees?

A

to prevent users from copying data to their personnel devices and possibly causing data leakage or from transferring malware to corporate computers

90
Q

which type of attack is characterized by an attacker who situates himself or herself in such a way that he or she can intercept all traffic between two hosts?

A

man-in-the-middle

91
Q

should virtual servers have the same information security requirements as physical servers?

A

Yes

92
Q

what is a smurf attack?

A

an attack where a ping request is sent to a broadcast network address with the aim of overwhelming the system

93
Q

what causes VM sprawl to occur?

A

when multiple VMs become difficult to manage

94
Q

what is an Xmas attack?

A

an attack that looks for open ports

95
Q

what is an XML injection?

A

when a user enters values in an XML query that takes advantage of security loopholes

96
Q

what is the purpose of SCADA?

A

to collect data from factories, plants, or other remote locations, and send the data to a central computer that manages and controls the data

97
Q

what does the acronym ICS denote?

A

industrial control system

98
Q

which servers are susceptible to the same type of attacks as their hosts, including denial of service attacks, detection attack, and escape attacks?

A

virtual servers

99
Q

what is spear phishing?

A

an e-mail request for confidential information that appears to come from your supervisor

100
Q

what is the main difference between virtualization and cloud computing?

A

the location and ownership of the physical components

101
Q

what is an evil twin?

A

an access point with the same SSID as the legitimate access point

102
Q

what is vishing?

A

a special type of phishing that uses VoIP

103
Q

where should you physically store mobile devices to prevent theft?

A

in a locked cabinet or safe

104
Q

what is whaling?

A

a special type of phishing that targets a single power user, such as Chief Executive Officer (CEO)

105
Q

what is the purpose of a remote sanitation application on a mobile device?

A

to ensure that the data on the mobile device can be erased remotely in the event the mobile device is lost or stolen

106
Q

which address is faked with IP spoofing attacks?

A

the source IP address

107
Q

what is bluesnarfing?

A

the act of gaining unauthorized access to a device (and the network it is connected to) through its bluetooth connection

108
Q

which attack uses clients, handles, agents, and targets?

A

DDoS attack

109
Q

when does path traversal occur?

A

when the ../ characters are entered into the URL to traverse directories that are not supposed to be available from the Web

110
Q

what is war driving?

A

the act of discovering unprotected wireless network by driving around with a laptop

111
Q

which type of attack does challenge handshake authentication protocol (CHAP) protect against?

A

replay

112
Q

what does the acronym DDoS denote?

A

distributed denial of service

113
Q

what is header manipulation?

A

when a hacker is able to manipulate a packet header to deface, hijack, or poison the packet

114
Q

what is bluejacking?

A

an attack that sends unsolicited messages over a bluetooth connection

115
Q

which attack requires that the hacker compromise as many computers as possible to initiate the attack?

A

DDoS attack

116
Q

what is an IP spoofing attack?

A

an attack in which the source IP address in an IP datagram is modified to imitate the IP address of a packet originating from an authorized source

117
Q

which type of attack searches long lists of words for a particular language to match them to an encrypted password?

A

dictionary attack

118
Q

why is GPS tracking often disabled?

A

it is considered a security threat. as long as GPS tracking is enabled and the mobile device is powered on, the device (and possibly its user) can be located

119
Q

what is spimming?

A

an instance of spam sent over an instant message application

120
Q

what is malicious insider?

A

an employee who uses his access to the network and facility to obtain confidential information

121
Q

what is the purpose of a screen lock on a mobile device?

A

to act as a deterrent if a mobile device is lost or stolen by requiring a key combination to activate the device

122
Q

encrypting all files on a system hardens which major component of a server?

A

the file system

123
Q

what is an IV attack?

A

cracking the WEP secret key using the initialization vector (IV)

124
Q

what is pharming?

A

traffic redirection to a web site that looks identical to the intended web site

125
Q

what is the purpose of mobile device encryption?

A

to ensure that the contents of the mobile device are confidential

126
Q

which type of attack sequentially generates every possible password and checks them all against a password file?

A

brute force attack

127
Q

which type of brute-force attack attempts to find any two hashed messages that have the same value?

A

a birthday attack