Vulnerability Assessments

Question 1

Which of the following aspects of vulnerability and threat assessment has a greater bearing on the allocation and budgeting for solutions and countermeasures?

The likelihood and impact of the threat

The risk of a threat compromising a vulnerability

Whether the vulnerability is physical or nonphysical

Answer 1

The likelihood and impact of the threat

By assessing the likelihood and impact of a threat, you can allocate solutions for mitigation based on its impact and probability of occurrence. You will not spend money on countermeasures for a threat that is not likely to occur or has minimal impact

Question 2

Which of the following is the most dangerous threat to a fault-redundant file server located on the network administrator’s desk and fully secured with an antivirus program, strict authentication, and access controls?

Virus

Hacking

Theft

Answer 2

Theft

Because the file server isn’t stored in a secure location, anyone walking by the area could steal it. All the other protections are for network-based threats

Question 3

You are designing a new web application service for your company. After an initial design review, several attack surfaces have been revealed that go well beyond the initial baseline proposed for the application, including unneeded network services that are enabled. What should you do?

Rework the initial baseline.

Perform a black box test.

Reduce attack surfaces by removing unneeded services from the design.

Answer 3

Reduce attack surfaces by removing unneeded services from the design.

If you discover a few additional attack surfaces in your software design, you should review them and, if they are not required by the application, remove the services from your initial design. If you wait until the coding stage, it may be too late to undo work that could break other parts of your application

Question 4

Your intrusion detection system has detected several attempts at brute-force password attacks against your authentication server. Which of the following would be the most effective countermeasure against future password attacks?

Allowing dictionary words as passwords

Minimum password lengths

An account lockout policy

Answer 4

An account lockout policy

A brute-force attack tries multiple permutations of password characters to try to guess the password. By limiting the number of incorrect logins (such as three to five attempts), you have the system automatically lock out the account to prevent any further attempts at cracking the password

Question 5

You have a legacy Unix server that you use for authentication for your development group. Which of the following security controls provides access-control protection for a Unix password database?

Salting

LANMAN hash

Shadow password file

Answer 5

Shadow password file

Unix-based systems protect their hashed password databases by using a shadow password file. In the shadow file, the hashed passwords are removed from the main password database and are stored in a location that is unavailable to unprivileged users

Question 6

You are performing a vulnerability assessment for a web server. Which of the following web server characteristics would be detected as a risk by a vulnerability scanner?

Operating system not updated to latest patch level

HTTPS server listening on port 443

Network packets being sent in clear text

Answer 6

Operating system not updated to latest patch level

A vulnerability scanner is designed to scan a system and determine what services that system is running and whether any unnecessary open network ports or unpatched operating systems and applications exist. In this case, HTTP listening on port 80 and HTTPS listening on port 443 are normal operating parameters for a web server. Unless you are using HTTPS, web network packets are always sent in clear text. The vulnerability scanner will detect that the system is not running the latest operating system patches and advise you to update the system

Question 7

After a security audit and vulnerability assessment, several servers required software patches and unused open network ports needed to be disabled. Which of the following should be performed after these vulnerabilities are fixed to ensure that the countermeasures are secure against a real attack?

Put systems back into live production.

Perform additional port scanning.

Perform penetration testing.

Answer 7

Perform penetration testing.

Penetration testing evaluates the security of a network or computer system by simulating an actual attack. This helps test a network’s and system’s resilience to a real attack as well as test the effectiveness of existing security measures implemented after vulnerability assessments

Question 8

New management has decided to test the security of the existing network infrastructure implemented by the current network administrators. Which of the following should be performed to provide the most objective and useful test of your security controls?

Hire a real hacker to attack the network.

Perform third-party penetration testing.

Perform penetration testing by the network administrators.

Answer 8

Perform third-party penetration testing.

Penetration tests are often performed by third parties who are allowed access to the network by upper management—in some cases, without the network administrator’s knowledge. This ensures the testing scenario is as close to a real unsuspected attack as possible and provides a detailed analysis of existing vulnerabilities