7.3 Vulnerability Scoring Systems

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site? -A community-developed list of common software security weaknesses. -A mailing list that often shows the newest vulnerabilities before other sources. -A list searchable by mechanisms of attack or domains of attack. -A list of standardized identifiers for known software vulnerabilities and exposures.

A mailing list that often shows the newest vulnerabilities before other sources.

Which of the following are the three metrics used to determine a CVSS score? -Base, temporal, and environmental -Base, change, and environmental -Risk, temporal, and severity -Risk, change, and severity

Base, temporal, and environmental

Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers? CWE CVE CAPEC CISA

CAPEC

The list of cybersecurity resources below are provided by which of the following government sites? -Information exchange -Training and exercises -Risk and vulnerability assessments -Data synthesis and analysis -Operational planning and coordination -Watch operations -Incident response and recovery -CWE -CISA -CVE -CAPEC

CISA

As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use? CVE CAPEC CISA CVSS

CVSS

This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described? CVE CISA CWE NVD

CWE

Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question? CVSS CVE NVD CWE

NVD


Set pelajaran terkait

What's up 4, chapter 5. Happy birthday

View Set

FIN 3060 - EXAM 3 (Conceptual Questions)

View Set

Marketing Chapter 18 Quiz Questions

View Set

Microbiology Chapter 8: Bacterial Genetics

View Set