Vulnerability assessment quiz
Which component of a vulnerability, scanner provides high-level graphs and trend reports for executive leadership?
Report module
How does a vulnerability, scanner, detect, external threats?
By scanning Internet facing host from the Internet. NOT—By reviewing incident data retreat from a SIEM system
What are the three components that make up the overall common vulnerability score (CVSS)?
Environmental, temporal, base
True or false: package sniffers are used by hackers, but have no legitimate place and legitimate network management
False
True or false: the US Department of defense has produced a number of security, technical implementation guides to show the most secure ways to deploy common software packages, such as operating systems, open source, software, and network devices. These guys are restricted to use by US military agencies only.
False
In which component of a common vulnerability score (CVSS) would impact sub score be reflected?
NOT —Base impact subscore. Environmental score
In which component of a common vulnerability score (CVSS) would integrity be reflected?
NOT—Base- exploitability subscore Base impact subscore
In which component of a common vulnerability, score (CVSS) would complexly be reflected?
NOT—Base- impact sub score base exploitability subscore
The center for Internet security (CIS) has implementation groups that rank from the least secure to the most secure. which of these are required to meet the middle level of security?
NOT—CIS sub controls that reduce the impact of zero day and targeted attacks from sophisticated adversaries. A and B only
In which component of a common vulnerability score (CVSS)would Reed remediation level be reflected?
NOT—Environmental score Temporal score
Which type of scan notes the connection but leaves the target hanging? I.e. does not reveal any information to the target about the host that initiated the scan?
NOT—Stealth scan TCP/half open skin ( a.k.a. ASYN scan)
Which of these as identified by a basic port scanner?
Open ports
If a port is blocked, what response will be sent to the port scanner?
There will be no response
Which two of these are other names for a protocol analyzer?
Traffic, analyzer, sniffer
Port numbers zero through 1023 are known as what?
Well-known imports
