7.3.3 Practice Questions

There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?

A mailing list that often shows the newest vulnerabilities before other sources.

Which of the following are the three metrics used to determine a CVSS score?

Base, temporal, and environmental

Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers?

CAPEC

The list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery

CISA

As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use?

CVSS

This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?

CWE

Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?

NVD