7

¡Supera tus tareas y exámenes ahora con Quizwiz!

Thousands 1 16 94

94

A valuable site that belongs to a large governmental organization. A list of standardized identifiers for known software vulnerabilities and exposures. A dictionary of known patterns of cyberattacks used by hackers. Strives to create commonality in descriptions of weaknesses in security software.

A list of standardized identifiers for known software vulnerabilities and exposures.

A scan can only identify known vulnerabilities. A scan has a time of day in which it is most productive. A scan only checks for open ports on the external network. A scan can only obtain data for the period of time that it runs.

A scan can only obtain data for the period of time that it runs.

A vulnerability's unique characteristics Vulnerabilities that are present only in certain environments or implementations The changeable attributes of a vulnerability Discovered vulnerabilities

A vulnerability's unique characteristics

Active scanning Internal assessment Host-based assessment Passive scanning

Active scanning

Solves connection/disconnection issues during vulnerability testing. Analyzes and reports findings from a centralized data warehouse. Scans mobile devices and identifies those that are unauthorized or non-compliant. Identifies devices that have not connected for a period of time.

Analyzes and reports findings from a centralized data warehouse.

Passive assessment Host-based assessment Wireless network assessment Application-level assessment

Application-level assessment

Wireless network assessment Host-based assessment Application-level assessment Passive assessment

Application-level assessment

Verification Baseline creation Vulnerability assessment Risk assessment

Baseline creation

Credentialed Patch Audit Bash Shellshock Detection Basic Network Scan Advanced Dynamic Scan

Basic Network Scan

Qualys OpenVAS Nessus Burp Suite

Burp Suite

CAPEC CVE CWE CISA

CAPEC

National Vulnerability Database CVSS calculator Government Resources scoring system Common Vulnerabilities and Exposures

CVSS calculator

Japanese Vulnerability Notes National Vulnerability Database Common Attack Pattern Enumeration and Classification Common Weakness Enumeration

Common Weakness Enumeration

Select a network monitoring solution Set goals Use a vulnerability scanner Conduct a pre-assessment

Conduct a pre-assessment

Physical security Remote management processes Wireless network flaws DNS zones

DNS zones

Create reports that clearly identify problem areas to present to management. Define the effectiveness of the current security policies and procedures. Decide the best times to test in order to limit the risk of having shutdowns during peak business hours. Implement remediation steps.

Define the effectiveness of the current security policies and procedures.

Department of Defense Federal Bureau of Investigation Securities and Exchange Commission Department of Homeland Security

Department of Homeland Security

Buffer overflow Unpatched servers Design flaw Misconfigurations

Design flaw

CVSS Calculator Full Disclosure Common Vulnerabilities and Exposures Common Attack Pattern Enumeration & Classification

Full Disclosure

Lack of quality control by developers Network appliance incompatibility Poor default settings Human error

Human error

It has more than 50,000 vulnerability tests with daily updates.It scans for more than 6,000 files and programs that can be exploited. It scans for known vulnerabilities, malware, and misconfigurations. It is a cloud-based service that keeps all your data in a private virtual database. It has more than 50,000 vulnerability tests with daily updates.

It is a cloud-based service that keeps all your data in a private virtual database.

The product is administered from inside the network. It provides a preset plan for testing and scanning. You can test and discover information as you go and then adjust according. It provides a protection level that a professional provides through knowledge.

It provides a protection level that a professional provides through knowledge.

Purchasing a product and administering it from inside the network. Itemize each open port and service in the network. Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is. Test each open port for known vulnerabilities.

Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is.

Monitoring Remediation Verification Risk assessment

Monitoring

National Vulnerability Database Common Attack Pattern Enumeration Classification Cybersecurity Infrastructure Security Agency Common Weakness Enumeration

National Vulnerability Database

OWASP ZAP Nessus Arachni Burp Suite

Nessus

CVE Nmap Government Resources scoring system CISA

Nmap

Net Scan Nessus Professional SecurityMetrics Mobile OWASP ZAP

OWASP ZAP

OWASP Top 10 Nikto Burp Suite OWASP ZAP

OWASP ZAP

Qualys Vulnerability Management Burp Suite Nessus Professional OpenVAS

OpenVAS

Host-based Active Passive Buffer overflows

Passive

Service-based assessment Tree-based assessment Inference-based assessment Product-based assessment

Product-based assessment

System-based assessment Product-based assessment Service-based assessment Platform-based assessment

Product-based assessment

Checking ports and services regularly Logging and monitoring Regular system patches Error checking

Regular system patches

Risk assessment Monitoring Remediation Verification

Remediation

Network Scanner SecurityMetrics Mobile Retina CS for Mobile Nessus Professional

SecurityMetrics Mobile

Suggestions for remediation with links to patches. The scan's origin and the scanner's vulnerability assessment. The name of the scanning tool, its version, and the network ports that have been scanned. The target system's name and address.

The name of the scanning tool, its version, and the network ports that have been scanned.

Writing clear concise reports Goal setting Post-assessment phase Verification

Verification

Reconnaissance process Vulnerability assessment Physical security audit Windows server enumeration

Vulnerability assessment


Conjuntos de estudio relacionados

Nursing : Stroke, Cardiac Dysrythmias, 5555555

View Set

Prep U: Foundations 2 Exam 2- Honan

View Set

Unit 2 Egypt: Section 2 The Old Kingdom

View Set

CSH081 - Ultrasound in General Radiography, PET/CT/MRI, Radiographer Commenting, Patient Advocacy

View Set