CompTIA Security+ Study Guide: CH. 5 // Security Assessment and Testing

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

how to read CVSS:3.0/AV:N/AC:L/PR:N/UR:N/S:U/C:H/I:N/A:N

"CVSS:3.0" vector composed using CVSS version 3 attack vector: ntework attack complexity: low privileges required: none user interaction: none scope: unchanged confidentiality: high integrity: none availability: none

Rules of Engagement (ROE) key elements

-timeline -locations,systems, appllications, or other potential targets included/excluded -data handling -behaviors expected from target -resources committed to target -legal concerns -when and how communications will occur

CVSS score : none

0.0

CVSS score: low

0.1-3.9

SCAP standards include what 6 things

1. common configuration enumeration (CCE) 2. common platform enumeration (CPE) 3. common vulnerabilities and exposures (CVE) 4. common vulnerability scoring system (CVSS) 5. extensible configuration checklist description format (XCCDF) 6. open vulnerability and assessment language (OVAL)

Questions orgs ask to determine scanning process?

1. what is data classification 2. system exposed to internet or public? 3. what services are offered by the system? 4. is the system a production, test, or development system?

CVSS score: medium

4.0-6.9

CVSS score: high

7.0-8.9

CVSS score: critical

9.0-10

Open Vulnerability and Assessment Language (OVAL)

A language for specifying low-level testing procedures used by checklists

System administrators typically prefer agent-based scanning. True or False?

False; installing agents on servers can cause performance or stability issues that make admins worried

CVSS Impact Sub-Score (ISS) calculation

ISS = 1 - [(1-confidentiality)x(1-integrity)x(1-availability)]

Common Platform Enumeration (CPE)

Provides a naming system for describing product names and versions

Common Configuration Enumeration (CCE)

Provides a naming system for system configuration issues.

what is the secure protocol replacement if using FTP

SFTP (secure file transfer protocol

what is the secure protocol replacement if using telnet

SSH (secure shell)

what is SCAP?

Security Content Automation Protocol (SCAP) allows an organization to use automated vulnerability management and security policy compliance metrics.

Common Vulnerability Scoring System (CVSS)

Standard for measuring and describing the severity of security-related software flaws

Common Vulnerabilities and Exposures (CVE)

Standard names for describing security-related software flaws

Does disabling unnecessary plug-ins improve the speed of scans?

Yes

application scanning static testing

analyzes code without executing it

purple team

at the end of exercise, red and blue team get together to shares tactics and lessons learned

What is war driving?

attacker drives by facilities in car equipped with antennas and attempt to eavesdrop on or connect to wireless networks

red team

attacker team

war flying

attempt to eavesdrop or connect to wireless networks with the use of drones or unmanned aerial vehicles (UAVs)

application scanning interactive testing

combines static and dynamic testing--analyzes source code while testers interact with the application through exposed interfaces

weak configuration issues

default settings, unsecured accounts, unnecessary open ports and services, open permissions

blue team

defender team

application scanning dynamic testing

executes code as part of test using a variety of inputs

CVSS exploitability score calculation

exploitability = 8.22 x AttackVector x AttackComplexity x PrivilegesRequired = x UserInteraction

what are 4 controls that might affect scans

firewall settings network segmentation intrusion detection systems intrusion prevention systems

tabletop exercises

gather in a room to walk through response to fictitious exercise scenario

CVSS attack complexity metric

high, low

CVSS privileges required metric

high, low, none

what does footprinting do ?

identify operating systems and applications in use

CVSS impact score calculation

if scope is unchanged in the ISS it is = 6.42x ISS if scope is changed in the ISS it is =7.52 x (ISS-0.029) - 3.25 x (ISS-0.2) to the 15th

Calculating CVSS Base Score

if the impact is 0, the base score is 0 if scope metric is unchanged, calculate base score by adding together the impact and exploitability scores if scope metric is changed, (impact score + exploitability score ) x 1.08 highest base score is 10, if over 10 then set to 10

is an external scan ran from the system or internet

internet

What is white box testing?

known environment test; tests performed with full knowledge of network/target, sometimes have credentials even

extensible configuration checklist description format (XCCDF)

language for specifying checklists and reporting checklists results

reconcile scan results with what other data sources

log reviews, security info and event management (SIEM) , configuration management systems

should public-facing systems have debug mode on?

no; it is a vulnerability and should only be used on private networks

CVSS availability metric

none, low, high

CVSS confidentiality metric

none, low, high

CVSS integrity metric

none, low, high

CVSS user interaction metric

none, required

white team

observers and judges

What is gray box testing?

partially known environment test; blend of white and black box testing. some info on environment but not full access, credentials, etc.

CVSS attack vector metric

physical (P), local (L), adjacent network (A), network (N)

Vulnerability scanners can only be effective if the receive frequent updates to their ______________

plug-ins

influential factors in how org decides to conduct vulnerability scans

risk appetite regulatory requirements technical constraints business constraints licensing limitations

application testing uses what techniques

static testing dynamic testing interactive testing

four of most common vulnerability scanners

tenable's nessus qualys's vulnerability scanner rapid7's nexpose openVAS

What 2 important choices do you have to make when choosing encryption?

the algorithm to use to perform encryption and decryption the encryption key

capture the flag

training event where red team is judged on meeting a set of objectives

CVSS scope metric

unchanged, changed

What is black box testing?

unknown environment test; replicates what an attacker would see. no initial access or info on target network

In a scan, each plug-in performs a check for a specific ___________

vulnerability

What is scan perspective?

where the scan on the network is located

What are 3 types of penetration test types?

white-box black-box gray-box

do vulnerability scanners alert on debug mode?

yes; because of the detailed info on apps, servers, and databases they give, attackers can use the info


Ensembles d'études connexes

NONFORFEITURE AND SETTLEMENT OPTIONS

View Set

Amendments to the US constitution

View Set

Human physiology chapter 7. Section 1 NEURONS AND SUPPORTING CELLS (Fox) Fox, Stuart. Human Physiology, 14th Edition. McGraw-Hill Higher Education, 20150320. VitalBook file.

View Set

Contemporary Biology - EXAM 2 (Hoops)

View Set

Geology Final - Geologic Structure

View Set

ch5 analyzing the marketing environment

View Set