Analyzing Vulnerability Scans Flashcards

1
Q

Tom is reviewing a vulnerability scan report and finds that one of the servers on his network suffers from an inter IP address disclosure vulnerability. What protocol is likely in use on this network that resulted in this vulnerability?

a. TLS
b. NAT
c. SSH
d. VPN

A

b. Although the network can support any of these protocols, internal IP disclosure vulnerabilities occur when a network uses Network Address Translation NAT to map public and private IP addresses but a server inadvertently discloses its private IP address to remote systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which one of the CVSS metrics would contain information about the type of user account an attacker must use to execute an attack?

a. AV
b. C
c. PR
d. AC

A

c. The Privileges Required PR vector describes whether the attacker needs no user privileges, normal user privileges, or administrative user privileges to conduct the attack. The other vectors described in this question are the Attack Vector AV, Attack Complexity AC, and Confidentiality C vectors. They would not contain information about user authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?

a. High
b. Medium
c. Low
d. Severe

A

c. An access complexity of “low” indicates that exploiting the vulnerability does not require any specialized conditions. A value of “high” indicates that specialized conditions are required. High and low are the only two possible values for this metric.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which one of the following values for the confidentiality, integrity, or availability CVSS metric wold indicate the potential for total compromise of a system?

a. N
b. A
c. H
d. L

A

c. If any of these measures is marked as H, for High, it indicates the potential for a complete compromise of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the most recent version of CVSS that is currently available?

a. 1.0
b. 2.0
c. 2.5
d. 3.0

A

d. Version 3.0 of CVSS is currently available and is the version described in this chapter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which one of the following metrics is not included in the calculation of the CVSS exploitability score?

a. Attack vector
b. Vulnerability age
c. Attack complexity
d. Privileges required

A

b. The CVSS exploitability score is calculated using the Attack Vector, Attack Complexity, Privileges Required, and User Interaction metrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?

a. Low
b. Medium
c. High
d. Critical

A

b. Vulnerabilities that have a CVSS base score between 4.0 and 6.9 fall into the Medium rating category.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Tara recently analyzed the results of a vulnerability scan report and found hat a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?

a. False positive
b. False negative
c. True positive
d. True negative

A

a. A false positive error occurs when the vulnerability scanner reports a vulnerability that does not actually exist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which one of the following is not a common source of information that may be correlated with vulnerability scan results?

a. Logs
b. Database tables
c. SIEM
d. Configuration management system

A

b. It is unlikely that a database table would contain information relevant to assessing a vulnerability scan report. Logs, SIEM reports, and configuration management systems are much more likely to contain relevant information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which one of the following operating systems should be avoided on production networks?

a. Windows Server 2003
b. Red Hat Enterprise Linux 8
c. CentOS 8
d. Ubuntu 22.04

A

a. Microsoft discontinued support for Windows Server 2003, and it is likely that the operating system contains unpatchable vulnerabilities. The other operating systems listed here all have active support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In what type of attack does the attacker place more information in a memory location than is allocated for that use?

a. SQL injection
b. LDAP injection
c. Cross-site scripting
d. Buffer overflow

A

d. Buffer overflow attacks occur when an attacker manipulates a program into placing more data into an area of memory than is allocated for that program’s use. The goal is to overwrite other information in memory with instructions that may be executed by a different process running on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Dirty COW attack is an example of what type of vulnerability?

a. Malicious code
b. Privilege escalation
c. Buffer overflow
d. LDAP injection

A

b. In October 2016, security researchers announced the discovery of a Linux kernel vulnerability dubbed Dirty COW. This vulnerability, present in the Linux kernel for nine years, was extremely easy to exploit and provided successful attackers with administrative control of affected systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which one of the following protocols should never be used on a public network?

a. SSH
b. HTTPS
c. SFTP
d. Telnet

A

d. Telnet is an insecure protocol that does not make use of encryption. The other protocols mentioned are all considered secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Betty is selecting a transport encryption protocol for use in a new public website she is creating. Which protocol would be the best choice?

a. SSL 2.0
b. SSL 3.0
c. TLS 1.0
d. TLS 1.3

A

d. TLS 1.3 is a secure transport protocol that supports web traffic. The other protocols listed all have flaws that render them insecure and unsuitable for use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which one of the following conditions would not result in a certificate warning during a vulnerability scan of a web server?

a. Use of an untrusted CA
b. Inclusion of a public encryption key
c. Expiration of the certificate
d. Mismatch in certificate name

A

b. Digital certificates are intended to provide public encryption keys and this would not cause an error. The other circumstances are all causes for concern and would trigger an alert during a vulnerability scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What software component is responsible for enforcing the separation of guest systems in a virtualized infrastructure?

a. Guest operating system
b. Host operating system
c. Memory controller
d. Hypervisor

A

d. In a virtualized data center, the virtual host hard ware runs a special operating system known as a hypervisor that mediates access to the underlying hardware resources.

17
Q

In what type of attack does the attacker seek to gain access to resources assigned to a different virtual machine?

a. VM escape
b. Management interface brute force
c. LDAP injection
d. DNS amplification

A

a. VM escape vulnerabilities are the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. In an escape attack, the attacker has access to a single virtual host and then manages to leverage that access to intrude on the resources assigned to a different virtual machine.

18
Q

Which one of the following terms is not typically used to describe the connection of physical devices to a network?

a. IoT
b. IDS
c. ICS
d. SCADA

A

b. Intrusion detection systems IDS are a security control used to detect network or host attacks. The Inter of Things IoT, supervisory control and data acquisition SCADA systems, and industrial control systems ICS are all associated with connecting physical world objects to a network.

19
Q

Monica discovers that an attacker posted a message attacking users who visit a web forum that she manages. Which one of the following attack types is most likely to have occurred?

a. SQL injection
b. Malware injection
c. LDAP injection
d. Cross-sit scripting

A

d. In a cross-site scripting XSS attack, an attacker embeds scripting commands on a website that will later be executed by an unsuspecting visitor accessing the site. The idea is to trick a user visiting a trusted site into executing malicious code placed there by an untrusted third party.

20
Q

Alan is reviewing web server logs after an attack and finds many records that contain semicolons and apostrophes in queries from end users. What type of attack should he suspect?

a. SQL injection
b. LDAP injection
c. Cross-scripting
d. Buffer overflow

A

a. In a SQL injection attack, the attacker seeks to use a web application to gain access to an underlying database. Semicolons and apostrophes are characteristic of these attacks.