Live Virtual Machine Lab 7.1: Module 07 Security Assessment Techniques

Which of the following is achieved by Security Orchestration, Automation, Response (SOAR)?

Automation Note: SOAR automates and orchestrates the manual tasks, thereby strengthening the security posture of an organization. SOAR saves the organization hundreds of man hours of performing repetitive manual tasks. Confidentiality is achieved by encryption. Integrity is achieved by hashing. Availability is achieved by fault tolerance.

Which of the following is a condition that is shown as a result when it does not exist?

False Positive Note: A false positive is a condition that is shown as a result when it does not exist. The vulnerabilities that are missed by a vulnerability scanner are considered a false positive. A true positive is when the vulnerability scanner correctly catches the vulnerability. There is nothing called negative negative.

Which of the following type of vulnerability scan can also attempt to exploit the vulnerabilities?

Intrusive Note: An intrusive vulnerability scan can also attempt to exploit the vulnerabilities. That is why it is always advisable not to use intrusive scans on production systems and live applications. In a non-intrusive vulnerability scan, the scanner only looks for the vulnerabilities. You can run a credentialed scan only from an administrative account. A non-credentialed scan can be run from any - user or administrative - account.

Which of the following method of threat hunting includes disrupt, deny, destroy, and degrade actions?

Maneuvering Note: Using maneuvering, you may: -Disrupt -Deny -Degrade -Destroy -Manipulate These actions are performed on the information and resources of the other parties. Threat feed is a real-time information feed about threats. It can help tighten security controls in your organization. A security advisory is a document that narrates a specific vulnerability found in a product. Intelligence fusion is collating intelligence and information from various sources.

Which of the following is used for continuous monitoring of logs?

Security information and event management (SIEM) Note: SIEM provides continuous log monitoring. A firewall allows or denies traffic coming in or going out of a network. IDS detects anomalies in the network traffic. UBA focuses on unusual behavior to minimize the damage. UBA can only detect but cannot prevent an attacker from getting into your network.