sec160 ch 10 netacad
Base metric group -this represents the characteristics of a vulnerability that are constant over time and across contexts.
-exploitability: vector, complexity, and user interaction required by the exploit. -impact metrics: the impacts of the exploit are rooted in the CIA triad (confidentiality, integrity, availability).
Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?
Exploitability
Which regulatory compliance regulation specifies security standards for U.S. government systems and contractors to the U.S. government?
Federal Information Security Management Act of 2002 (FISMA)
Which three devices are possible examples of network endpoints? (Choose three.)
IoT controller network security camera sensor
Identify Antimalware
Match
Which HIDS is an open-source based product?
OSSEC
Place the steps of risk assessment in order.
Step 1: identify threats and vulnerabilities and the matching of threats with vulnerabilities Step 2: establish a baseline to indicate risk before security controls are implemented Step 3: compare to ongoing risk assessment as means of evaluating risk management effectiveness
nftables
The successor to iptables, nftables is a Linux firewall application that uses a simple virtual machine in the Linux kernel. Code is executed within the virtual machine that inspects network packets and implements decision rules regarding packet acceptance and forwarding.
TCP wrapper
This is a rule-based access control and logging system for Linux. Packet filtering is based on IP addresses and network services.
iptables
This is an application that allows Linux system administrators to configure network access rules that are part of the Linux kernel Netfilter modules.
T/F? ISO 27001 is a global industry-wide ISMS specification
True
T/F? Iptables are Linux host-based firewall.
True
T/F? Cisco WSA provides control over how users access the Internet and it also can enforce acceptable use policies.
True.
behavior-based
antimalware approach that analyzes the activities of known malware examples.
heuristics-based
antimalware approach that recognizes general features that are shared by many types of malware.
signature-based
antimalware approach that recognizes known malware files.
network attack surface
attack surface that exploits weaknesses in the network.
software attack surface
attack surface that exploits weaknesses in the software applications.
human attack surface
attack surface that exploits weaknesses in user behavior.
Fill in the blank. An application _______ can specify which user applications are not permitted to run on a host.
blacklist
Information security Management System (ISMS)
consists of a mgmt framework through which an org identifies, analyzes, and addresses info security risks.
network infrastructure
devices that interconnect endpoints and typically include switches and wireless devices
Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?
discover
Sarbanes-Oxley Act (SOX)
ensure the integrity of financial practices and reporting.
endpoint
hosts on the network that can access or be accessed by other hosts.
Identify CVSS metrics
match
Identify Device Management Activities
match
Identify Regulatory Standard
match
Identify the Host-based Intrusion Protection Terminology
match
Identify the Parts of ISO 27001 activity cycle
match
Identify the Risk Response
match
Identify the elements of network profiling
match
Identify the stages in the NIST cybersecurity framework
match
As described by the SANS Institute, which attack surface includes the exploitation of vulnerabilities in wired and wireless protocols used by IoT devices?
network attack surface
Network Admission Control (NAC)
permits only authorized and compliant systems to connect to the network.
In network security assessments, which type of test is used to evaluate the risk posed by vulnerabilities to a specific organization including assessment of the likelihood of attacks and the impact of successful exploits on the organization?
risk analysis
Which function does CVSS provide?
risk assessment
In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?
risk reduction
In profiling a server, what defines what an application is allowed to do or run on a server?
service accounts
Which antimalware software approach can recognize various characteristics of known malware files to detect a threat?
signature-based
Payment Card Industry Data Security Standard (PCI-DSS)
standard that specifies requirements for the secure handling of customer credit card data.
Health Insurance Portability and Accountability Act (HIPAA)
stipulates controlled access policies and data encryption of patient info.
vulnerability assessment
testing that consists of scanning internal networks and Internet facing servers for various types of vulnerabilities.
risk analysis
the evaluation of risks posed by vulnerabilities to a specific organization.
Environment Metric Group
this measure the aspects of a vulnerability that are rooted in a specific org's environment. These metrics help to guide consequences within an org and also allow adjustment of metrics that are less relevant to what an org does.
Temporal Metric Group
this measure the characteristics of a vulnerability that may change over time, but not across user environments. Over time, the severity of a vulnerability will change as it is detected and measures to counter it are developed.
network profiling
used to provide a baseline of typical network behavior.
penetration testing
uses authorized simulated attacks to test the strength of network security.
In Windows Firewall, when is the Domain profile applied?
when the host is connected to a trusted network such as an internal business network