Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security+ Chapter 5
Security+ Chapter 5 Review Questions
| Question | Answer |
|---|---|
| Name five factors that influence how often an organization decides to conduct vulnerability scans against its systems. | Risk appetite, regulatory requirements, technical constraints, business constraints, and licensing limitations |
| Give some examples of controls that might affect scan results. | Firewall settings, network segmentation, intrusion detection systems (IDS), and intrusion prevention systems (IPS) |
| Name all three techniques used by application testing | Static testing, dynamic testing, interactive testing |
| What information does the output section provide on the report? | The output section of the report shows the detailed information returned by the remote system when probed for the vulnerability. |
| What information does the port/hosts section provide on the report? | The port/hosts section provides details on the server(s) that contain the vulnerability as well as the specific services on that server that have the vulnerability. |
| List all eight CVSS metrics | attack vector metric, attack complexity metric, privileges required metric, user interaction metric, confidentiality metric, integrity metric, availability metric, and scope metric |
| Please interpret the following CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | •Attack Vector: Network (score: 0.85)•Attack Complexity: Low (score: 0.77) • Privileges Required: None (score: 0.85) •User Interaction: None (score: 0.85) •Scope: Unchanged• Confidentiality: High (score: 0.56)• Integrity: None •Availability: None |
| What is the function to calculate the impact sub-score? | ISS = 1 – [(1 – Confidentiality) x (1-Integrity) x (1-Availability)] |
| How do you calculate the impact score for a vulnerability under CVSS? | Impact score = the value of the scope metric * ISS |
| How do you calculate the exploitability score for a vulnerability under CVSS? | Exploitability = 8.22 × AttackVector × AttackComplexity × PrivilegesRequired x UserInteraction |
| Explain true positive, false positive, true negative, and false negative | When a vulnerability scanner reports a vulnerability, this is known as a positive report. When a scanner reports that a vulnerability is not present, this is a negative report. |
| Give three valuable information sources for reconciling scan results. | • Log reviews from servers, applications, network devices • Security information and event management systems that correlate log entries from multiple sources and provide actionable intelligence • Configuration management systems |
| Give some examples of weak configurations | • The use of default settings that pose a security risk • The presence of unsecured accounts • Open ports and services • Open permissions that allow users access which violates the principle of least privilege |
| Name two choices you need to make when you implement encryption. | • The algorithm to use to perform encryption and decryption • The encryption key to use with that algorithm |
| What are the benefits of penetration testing? | 1. Penetration testing provides us with knowledge that we can’t obtain elsewhere 2. In the event that attackers are successful, penetration testing provides us with an important blueprint for remediation |
| What are three typical classifications that are used to describe penetration test types? | White box, black box, gray box |
| Identify four key phases of a penetration test. | Initial access, privilege escalation, pivoting (lateral movement), and persistence |
| Name the three teams that participate in a cybersecurity exercise | Red team, blue team, and white team |
Created by:
musa_husseini
Popular Computers sets