701 Module 5 Knowledge Check

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

_________ is a publicly available & free list or dictionary of standardized identifiers for common software vulnerabilities and exposures

CVE

__________ is a published standard that providesw an open framework for communicating the characteristics and impacts of IT vulnerabilities

CVSS CVSS is a published standard that provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. Its quantitative model ensures repeatable accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate scores.

Which list is comprised of weakness types of serve as a baseline?

CWE Common Weakness Enumeration

Which type of vulnerability assessment is also known as an authenticated assessment?

Credentialed assessment

Attackers perform vulnerability analysis to identify security loopholes in the target organization's policies and procedures. A False B True

FALSE

Passive assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. A False B True

FALSE

A network assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems. A False B True

FALSE (That's application)

Application assessments determine the possible network security attacks that may occur on an organization's system

FALSE (That's network)

An external assessment involves scrutinizing the internal network to find exploits and vulnerabilities. A True B False

FALSE (that's internal)

In which of the folllowing vulnerability assessment solutions does the scanning start by building an inventory of protocols found on the machine?

Inference-based assessment

What is the most common vulnerability that is mainly caused by human error, which allows attackers to gain unauthorized access to the system?

Misconfigurations

_________ is an assessment solution for identifying vulnerabilities, configuration issues, and malware that attackers use to penetrate networks. It performs vulnerability, configuration, and compliance assessment

Nessus Professional

____________ is an Open Source (GPL) web scanner that performs comprehensive tests against web servers for multiple items, including potentially dangerous files/programs, and checks for outdated versions of servers and version-specific problems on servers

Nikto

_______ is a cloud-based service that gives you immediate, global visibility into where your IT systems might be vulnerable to the latest internet threats and how to protect them

Qualys VM

An attacker performs vulnerability scanning in order to identify security loopholes in the target network that attackers exploit to launch attacks. TRUE/FALSE

TRUE

An external assessment estimates the threat of network security attacks external to the organization. It determines how secure the external network and firewall are. A False B True

TRUE

In active scanning, the attacker interacts directly with the target network to find vulnerabilities TRUE/FALSE

TRUE

In passive scanning, the attacker tries to find vulnerabilities without directly interacting with the taret network. TRUE/FALSE

TRUE

Passive assessments sniff the traffic present on the network to identify the working systems, network services, applications, and vulnerabilities. A False B True

TRUE

There are four types of vulnerability assessment solutions: product-based solutions, service-based solutions, tree-based assessment, and inference-based assessment TRUE/FALSE

TRUE

There are six types of vulnerability assessment tools: host-based, application-layer, depth, scope, active/passive, and location/data-examined tools TRUE/FALSE

TRUE

To secure a network, an administrator needs to perform patch management, install proper antivirus software, check configurations, solve known issues in 3rd-party applications, and troubleshoot hardware with default configs.

TRUE

Vulnerabilities are classified based on severity level (low, medium, high) & the exploit range needs to keep up with the most recently discovered vulnerabilities & exploits TRUE/FALSE

TRUE

Vulnerability assessment reports are classified into 2 types: security vulnerability report & security vulnerability summary. TRUE/FALSE

TRUE

Wireless network assessments try to attack authentication mechanisms and get unauthorized access through vulnerabilities that may exist within an organization's perimeter. TRUE/FALSE?

TRUE

What is the process of discovering design flaws that will open an OS and it's apps to attack or misuse?

Vulnerability RESEARCH

In a _____, the attacker exploits vulnerabilities in a computer application before the software developer can release a patch for them.

Zero-day attack

Vulnerability ____________ is an important tool for information security mgmt as it identifies all the security weaknesses before an attacker can exploit them

assessment

______ assessments are a type of security check that involve carrying out a configuration-evel check through teh command line

host-based

Vulnerability assessments scan networks for ______________ security weaknesses.

known

In a network there are generally two main causes for systems being vulnerable: software or hardware ________ and poor ________ practices. A misconfiguration / programming B social engineering / hiring C spoofing / management D development / policy

misconfiguration / programming

The vulnerability ________ discloses the risks that are detected after scanning the network. A methodology B score C research D report

report

Put these in order: monitoring remediation risk assessment verification

risk assessment remediation verification monitoring

Vulnerability ________ systems are used by security analysts to rank information system vulnerabilities and to provide a composite score of the overall severity and risk associated with identified vulnerabilities. A scoring B reporting C research D assessment

scoring


Ensembles d'études connexes

Chapter six Health insurance policy provisions xcel

View Set

Certified Ethical Hacker Exam prep

View Set

Quiz 3 (Biodiversity & Epigenetics)

View Set

6 - Troubleshooting and the Future of Networking

View Set

NURX108 Transition to the Professional Nurse Role

View Set

NMSP 10 Codes and Phonetic Alphabet

View Set

Women and Girls Initiative and Girls Summit 20th Year

View Set

CAWT120 Chapter 15 Seeking Employment Premium Quiz

View Set

AZ-303 - Module 4 - Implement VMs for Windows and Linux

View Set