Chapter 7: Vulnerability Management
Which answer BEST describes the purpose of CVE? Strives to create commonality in descriptions of weaknesses in security software. A valuable site that belongs to a large governmental organization. A dictionary of known patterns of cyberattacks used by hackers. A list of standardized identifiers for known software vulnerabilities and exposures.
A list of standardized identifiers for known software vulnerabilities and exposures. CVE (Common Vulnerabilities and Exposures) is a list of standardized identifiers for known software vulnerabilities and exposures. All identified vulnerabilities are given a number, making research easy and standardized.
Vulnerability scanning has its limitations. Which answer BEST describes the concept of point in time? A scan can only obtain data for the period of time that it runs. A scan can only identify known vulnerabilities. A scan only checks for open ports on the external network. A scan has a time of day in which it is most productive.
A scan can only obtain data for the period of time that it runs.
Charles, a security analyst, needs to check his network for vulnerabilities. He wants a scan that interacts with network nodes and repairs security issues found. Which kind of scanning BEST describes Charles' requirements? Active scanning Internal assessment Host-based assessment Passive scanning
Active scanning An active scanner transmits packets to network nodes to determine exposed ports and independently repair security flaws.
Which of the following BEST describes Retina CS for Mobile? Analyzes and reports findings from a centralized data warehouse. Scans mobile devices and identifies those that are unauthorized or non-compliant. Solves connection/disconnection issues during vulnerability testing. Identifies devices that have not connected for a period of time.
Analyzes and reports findings from a centralized data warehouse. Retina CS for Mobile provides comprehensive vulnerability management for smartphones, mobile devices, and tablets. This program can: -Scan, prioritize, and fix smartphone vulnerabilities. -Analyze and report findings from a centralized data warehouse.
A company is considering the purchase of a new application. During the evaluation period, a security analyst wants to make sure that all areas of the app are secure, especially input controls. Which assessment BEST meets these requirements? Application-level assessment Passive assessment Host-based assessment Wireless network assessment
Application-level assessment Application-level assessments allow you to scrutinize completed applications when the source code is unknown. Every application area can be examined for input controls and data processing.
John's company just purchased a new application for which they do not have the source code. Which of the following BEST describes the type of assessment John should use on this application? Application-level assessment Host-based assessment Passive assessment Wireless network assessment
Application-level assessment Application-level assessments scrutinize completed applications when the source code is unknown.
The third step in vulnerability management is to see what an organization looks like from an outsider's and insider's point of view. Which step in life cycle management does this apply to? Verification Baseline creation Vulnerability assessment Risk assessment
Baseline creation Baseline creation starts by looking at the current security policies' effectiveness. Then you establish risks by evaluating how the policies are enforced and which vulnerabilities might have been overlooked. After this, you try to see what the organization looks like from an outsider's and insider's point of view.
You have just installed Nessus for auditing a network segment. Which of the following Nessus scans would be BEST suited for an initial query of hosts on a network segment? Credentialed Patch Audit Bash Shellshock Detection Basic Network Scan Advanced Dynamic Scan
Basic Network Scan discovers all hosts on a network and performs queries to determine vulnerability risks and threat vectors. It is the best answer here.
Which web application scanner looks for common vulnerabilities, like cross-site scripting and SQL injections, and also scans for the OWASP Top 10? Qualys Nessus Burp Suite OpenVAS
Burp Suite
Which of the following is a dictionary of known patterns of cyberattacks used by hackers? CVE CWE CISA CAPEC
CAPEC (Common Attack Pattern Enumeration and Classification) is a dictionary of known patterns of cyberattacks used by hackers.
How many numbering authorities comprise the CVE? 1 94 16 Thousands
CVE has 94 numbering authorities. The 94 NAs are located in 16 countries.
Which vulnerability scoring system uses metrics called base, temporal, and environmental? Common Vulnerabilities and Exposures National Vulnerability Database Government Resources scoring system CVSS calculator
CVSS calculator
Which resource can BEST be described as a site that combines diverse ideas and perspectives from professionals, academics, and government sources? Common Weakness Enumeration Japanese Vulnerability Notes National Vulnerability Database Common Attack Pattern Enumeration and Classification
Common Weakness Enumeration (CWE) is a site that combines diverse ideas and perspectives from professionals, academics, and government sources to create a unified standard for cybersecurity.
Which of the following would an external assessment check? Wireless network flaws Remote management processes DNS zones Physical security
DNS zones An external assessment focuses on vulnerabilities that exist by virtue of being fully or partially exposed to the public. One common area of concern is DNS zones.
As a security analyst working for an accounting firm, you need to evaluate the current environment. Which of the following is the FIRST thing you should do? Define the effectiveness of the current security policies and procedures. Create reports that clearly identify problem areas to present to management. Implement remediation steps. Decide the best times to test in order to limit the risk of having shutdowns during peak business hours.
Define the effectiveness of the current security policies and procedures.
Which government agency sponsors five valuable resources for security analysts? Federal Bureau of Investigation Department of Homeland Security Securities and Exchange Commission Department of Defense
Department of Homeland Security
Mary, a security analyst, is tasked with vulnerability research as part of her company's vulnerability assessment. She discovered that their website is vulnerable to cross-site scripting. Which vulnerability type BEST describes what Mary has found? Design flaw Misconfigurations Buffer overflow Unpatched servers
Design flaw Design flaws encompass things like broken ACLs, cross-site scripting susceptibility, and SQL injections.
Which site MOST often shows the newest vulnerabilities before other sources? CVSS Calculator Common Attack Pattern Enumeration & Classification Full Disclosure Common Vulnerabilities and Exposures
Full Disclosure
Misconfigurations occur throughout a network. What is the primary cause of misconfigurations? Lack of quality control by developers Network appliance incompatibility Human error Poor default settings
Human error Misconfigurations in any area of the network are caused by human error. It is the responsibility of the IT and security teams to properly configure all apps, software, and network appliances.
John is a security analyst, and he needs the following information about a current exploit: -Fix information -Impact rating -Severity score What is his BEST resource? Common Attack Pattern Enumeration Classification Cybersecurity Infrastructure Security Agency National Vulnerability Database Common Weakness Enumeration
National Vulnerability Database The National Vulnerability Database (NVD) list includes detailed information for each entry in the CVE list, such as impact rating, severity score, and fix information.
Kjell wants a network scanning tool that gives remediation solutions to found vulnerabilities. He also wants to be able to create customized scan jobs that run during off hours and can scan multiple network technologies. Which application is BEST for him? Nessus OWASP ZAP Arachni Burp Suite
Nessus
A mailing list that often has the newest vulnerabilities listed before they show up on government-sponsored resources is operated by whom? Nmap Government Resources scoring system CISA CVE
Nmap Full Disclosure is a mailing list resource from Nmap. Full Disclosure is a public forum for discussion of software vulnerabilities and attack techniques.
Troy, a security analyst, needs a web application scanner that is extensible and that evaluates each web application individually. Which tool is BEST for his needs? Nessus Professional SecurityMetrics Mobile Net Scan OWASP ZAP
OWASP ZAP
Which web application scanner uses an on-path (man-in-the-middle) proxy design? OWASP Top 10 OWASP ZAP Burp Suite Nikto
OWASP ZAP
A security analyst needs an infrastructure vulnerability scanner that's flexible enough for low- and high-level protocols, is updated daily with new vulnerabilities, and allows for performance tuning. The company is on a tight budget, so it needs to be open source. Which tool is the BEST option? OpenVAS Nessus Professional Burp Suite Qualys Vulnerability Management
OpenVAS
Allen's company has raised concerns about network information that can be observed without a hacker being discovered. Which of the following BEST describes the type of assessment that could be used to operate in this manner? Buffer overflows Active Host-based Passive
Passive A passive assessment is a non-invasive observation of remote network traffic.
A company decides to purchase and administer tools on their own. Which type of assessment solution are they using? System-based assessment Service-based assessment Platform-based assessment Product-based assessment
Product-based assessment
John's company needs a product to fix found network vulnerabilities. This product needs to run inside their firewall without help from an outside professional. Which of the following BEST describes this type of assessment solution? Tree-based assessment Service-based assessment Product-based assessment Inference-based assessment
Product-based assessment
A security analyst is concerned about flaws in the operating system being used within their company. What should their FIRST step be to remedy this? Checking ports and services regularly Regular system patches Logging and monitoring Error checking
Regular system patches
During which of the vulnerability life cycle management phases do you implement the controls and protections from your plan of action? Remediation Monitoring Risk assessment Verification
Remediation Remediation refers to the steps that are taken regarding vulnerabilities, such as evaluating them, locating risks, and designing responses for those vulnerabilities. In this phase, you implement the controls and protections from your plan of action.
You are looking for a vulnerability assessment tool that detects vulnerabilities on mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use? Retina CS for Mobile SecurityMetrics Mobile Nessus Professional Network Scanner
SecurityMetrics Mobile SecurityMetrics Mobile detects vulnerabilities on mobile devices. It can help you protect customers' data and avoid unwanted app privileges, mobile malware, device theft, connectivity issues, threats to device storage, and unauthorized account access. You can expect a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions.
Which BEST defines the term base in CVSS? The changeable attributes of a vulnerability Discovered vulnerabilities A vulnerability's unique characteristics Vulnerabilities that are present only in certain environments or implementations
The CVSS base metric is a vulnerability's unique characteristics. The changeable attributes of a vulnerability defines the temporal metric. The CVSS environmental metric defines vulnerabilities that are present only in certain environments or implementations.
Which of the following BEST describes scan information? Suggestions for remediation with links to patches. The name of the scanning tool, its version, and the network ports that have been scanned. The scan's origin and the scanner's vulnerability assessment. The target system's name and address.
The name of the scanning tool, its version, and the network ports that have been scanned.
Which vulnerability life cycle step is BEST described as the phase in which a security analyst determines whether all the previous phases are effectively employed? Post-assessment phase Verification Writing clear concise reports Goal setting
Verification
The following command and output were performed against a new web server prior to deploying it to production. Which type of security process identifies security weaknesses in an organization's infrastructure that might result in the output below? Windows server enumeration Reconnaissance process Vulnerability assessment Physical security audit
Vulnerability assessment
Creating a baseline is vital to managing vulnerabilities. What is the FIRST step in creating this baseline? Select a network monitoring solution Use a vulnerability scanner Conduct a pre-assessment Set goals
Conduct a pre-assessment The first step in baseline creation is a pre-assessment. Start by looking at the current security policies' effectiveness. Establish risks by evaluating how the policies are enforced and which vulnerabilities might have been overlooked.
Which of the following BEST describes the Qualys Vulnerability Management assessment tool? It scans for more than 6,000 files and programs that can be exploited. It is a cloud-based service that keeps all your data in a private virtual database. It has more than 50,000 vulnerability tests with daily updates. It scans for known vulnerabilities, malware, and misconfigurations.
It is a cloud-based service that keeps all your data in a private virtual database. Qualys Vulnerability Management is a cloud-based service that keeps all your data in a virtual private database. Qualys is easy to use and is capable of scanning large enterprises. Data is always encrypted during transit and at rest, so even though it is cloud-based, your data is secure. Only their scanners reside on your network.
Which of the following is the BEST reason to choose a serviced-based assessment solution? It provides a preset plan for testing and scanning. The product is administered from inside the network. You can test and discover information as you go and then adjust according. It provides a protection level that a professional provides through knowledge.
It provides a protection level that a professional provides through knowledge. A service-based assessment provides professional analysis, assessment, remediation, verification, and continuous monitoring.
What is the FIRST step in vulnerability scanning penetration? Purchasing a product and administering it from inside the network. Itemize each open port and service in the network. Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is. Test each open port for known vulnerabilities.
Locate the live nodes in the network. You can do this using a variety of techniques, but you must know where each live host is.
Which of the following is the last phase of the vulnerability management life cycle? Remediation Monitoring Risk assessment Verification
Monitoring Monitoring is the last phase of the vulnerability management life cycle. After you have verified your work, move on to the post-assessment phase, which is also known as the recommendation phase. At this point, recommend ongoing monitoring and routine penetration testing to proactively protect the organization and its customers.
