Module 03 Vulnerability Management
insecure object reference
A condition that occurs when an application externally exposes a reference to an internal object.
vulnerability scan
A frequent and ongoing process, often automated, to continuously identify vulnerabilities and monitor cybersecurity progress.
Which of the following do plug-ins NOT contain?
A listing of vulnerable local IP addresses
Callister is evaluating a software application that is not providing the correct output. He is able to determine that two concurrent threads of execution are accessing a shared resource simultaneously What has Callister uncovered?
A race condition
What is an SLA?
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service
service level agreement (SLA)
A service contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service.
Default configurations
A setting predetermined by the vendor for usability and ease of use (and not security) so the user can immediately begin using the product.
race condition
A software condition in which two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
non-credentialed scan
A vulnerability scan for which no valid authentication credentials are supplied to the vulnerability scanner.
credentialed scan
A vulnerability scan for which valid authentication credentials are supplied to the vulnerability scanner to mimic the work of a threat actor who possesses these credentials.
internal vulnerability scan
A vulnerability scan that is performed from the vantage point of inside the internal network.
external vulnerability scan
A vulnerability scan that is performed from the vantage point of outside the network.
server-based
A vulnerability scanner configuration in which a manager connects to a scanner engine that probes each system for information that is then gathered (pulled) back for analysis.
agent-based
A vulnerability scanner configuration in which software agents that reside on a system send (push) their information back to the manager.
true negative
Accurately failing to trigger an alarm when no vulnerability is detected.
true positive
Accurately triggering an alarm based on the detection of a vulnerability.
risk acceptance
Acknowledging that a risk exists but taking no further action.
Which of the following does NOT apply to a vulnerability scan?
Act like a threat actor to find vulnerabilities to exploit.
dereferences
An action that occurs when a program needs to access the value stored in memory by using the pointer to that memory location.
memorandum of understanding (MOU)
An agreement between two or more parties that demonstrates a "convergence of will" between the parties so that they can work together.
false positive
An alarm that is inaccurately raised when no vulnerability exists.
compensating control
An alternative action to address a vulnerability.
improper error handling
An error condition that can potentially provide an attacker with underlying access to the OS.
strcpy
An internal function of the programming language C that can be used to copy a string to a destination buffer without checking the length of the destination buffer into which the string is being copied.
vulnerability feeds
An ongoing stream of data related to potential or current threats.
configuration baseline
An updated foundation-level configuration that is then applied to all systems.
Gregson has just completed a vulnerability scan that has identified several vulnerabilities in software applications. To whom should Gregson send this report so that they can be quickly addressed?
Application developers
segmentation
Architecting a network so that parts can be cordoned off into isolated sections.
Which of the following options are technical constraints while running a vulnerability scan?
Availability of resources or assets Several target assets Licensing restrictions
mapping
Building a picture of an endpoint and network through enumeration.
When prioritizing vulnerabilities, what system will assign a numeric score to a vulnerability?
CVS
types of data
Categories of data to which labels are assigned based on their importance.
weak configurations
Configuration settings that are not properly implemented.
workflow
Daily or normal business processes.
Evgeni has been asked to perform a vulnerability scan. Which of the following steps would he perform first?
Determine data classifications.
asset criticality
Determining the asset on which data is located.
sensitive data exposure
Disclosing sensitive data to attackers.
enumeration
Extracting data on an asset to be used in a vulnerability scan.
True or False: A dynamic link library (DLL) is software that controls and operates an external hardware device that is connected to a computer.
False
True or False: Unlike a penetration test, a vulnerability scan is designed to identify deep vulnerabilities.
False
True or false: Saving files to provide an audit trail and review any remediations is not at all critical.
False
Which of the following is NOT a regulatory compliance law or regulation that requires a vulnerability scan?
Federal Education Rights and Privacy Act (FERPA)
regulatory requirements
Following specific actions mandated by an external regulatory body.
What is the older version of Nessus known as
GNessUs
business process interruption
Hindering the normal operations of a business.
An application has inadvertently externally exposed a reference to an internal object. What is this called?
Insecure object reference
Aegeus has been asked to create a report outlining the security risk of improper error handling. Which of the following would Aegeus include on his report?
It could potentially provide an attacker to the underlying OS.
priority systems
Key critical devices in an operational process.
technical constraints
Limitations based on technology.
Passive scanning
Listening for normal traffic to learn the needed information for a vulnerability scan.
Which of the following is NOT a network-based poor authentication practice?
Not using a password manager to generate, store, and autofill passwords
Which of the following is NOT an external software component that could be targeted in an attack?
ORP
legacy systems
Older systems with specialized software that cannot be easily replaced.
What does OpenVAS stand for
Open Vulnerability Assessment System
Which of the following options are common hurdles in vulnerability scanning activities?
Operational Schedules Business Process Interruption Correct Scoping Network Bandwidth Consumption
Which of the following is NOT a reason to conduct a vulnerability scan?
Perform an in-depth analysis of the vulnerabilities.
How can the impact of a vulnerability scan on workflow be mitigated?
Perform the scans at night.
Active scanning
Sending test traffic transmissions into the network to monitor the responses of the endpoints.
Which of the following is a type of vulnerability scanner that pulls information from the system?
Server based
Chiara is reviewing different types of vulnerability scanners, and she finds one type that uses pull technology. Which of the following types uses pull technology?
Server-Based
sensitivity level
The depth of a vulnerability scan.
insufficient monitoring and logging
The failure to analyze log files for meaningful insights.
false negative
The failure to raise an alarm when a vulnerability exists.
degrading functionality
The result of addressing a vulnerability that may change or even eliminate a function of an application for the sake of making it more secure.
Organizational governance
The system by which an organization makes and then implements decisions.
scope
The target devices to be analyzed in a vulnerability scan.
Which of the following steps define scope?
The type of scan that you can perform The assets that you can scan Time of the scan
Dimitri is studying the programming language C and wants to use the internal function strcpy. What is the problem associated with using this function?
This function does not check the length of the destination buffer into which the string is being copied.
Alexsanteri is holding a coding workshop for employees interested in advanced IT positions at his organization. The topic under discussion is dereferences. How would Alexsanteri define a dereference?
To dereference a pointer is to access the value stored in memory that the pointer is pointing to.
True or False: A dereference is to obtain from a pointer the address of a data item held in another location.
True
True or False: A race condition in software occurs when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.
True
True or False: OpenVAS can be used in conjunction with other Kali tools.
True
True or False: There are five types of vulnerability scans over assets: network, endpoint, wireless network, database, and applications.
True
True or false: It is critical to define the scope of a vulnerability scan.
True
True or false: Nessus is a useful tool when preventing attacks as it identifies vunlerabilities that a hacker may use to penetrate your network.
True
Which of the following is NOT a weak configuration that can result in vulnerabilities?
Using current configurations instead of deprecated settings.
broken authentication
Vulnerabilities introduced by poor authentication practices that can open a broad pathway for a threat actor to exploit.
In comparison to Nessus, OpenVAS can be used:
without a user having knowledge on which vulnerabilities to look for specifically