1.7 Summarize the techniques used in security assessments

Question 1

Intelligence Fusion

Answer 1

Taking big data and use data analytics to identify potential threats

Question 2

Threat Feeds

Answer 2

Additional sources that provide information on attack vectors

Question 3

Maneuvers

Answer 3

Automated system that combats threats. (Big data that is analyzed and if a threat is there, the system blocks it.)

Question 4

Vulnerability Scanning

Answer 4

Scans data from a Threat Actor perspective on for weakness

Question 5

Non-Intrusive Scan

Answer 5

Gather info on vulnerability but doesn’t act on it.

Question 6

Intrusive Scan

Answer 6

Gather info on vulnerability but DOES act on it.

Question 7

Non-credential Scans

Answer 7

Threat Actor that DOES NOT a login to access your network and looks for vulnerabilities

Question 8

Credential Scans

Answer 8

Threat Actor that DOES HAVE RIGHTS to the network and will try to find vulnerabilities for a USER perspective

Question 9

Where to Scan for Vulnerabilities

Answer 9

Apps, Web App, andNetwork

Question 10

CVE Data Base

Answer 10

Common Vulnerability and Exposure. Data base that is a summary of vulnerabilities.

Question 11

CVSS

Answer 11

A data base that scores the vulnerability on how severe it is.

Question 12

CVSS Versions

Answer 12

2.0 and 3.0 both have different scoring

Question 13

Vulnerability scan LOG REVIEW

Answer 13

A log that displays vulnerabilities with Security Controls, Misconfigurations, and Real vulnerabilities (newer ones)

Question 14

False Positives

Answer 14

A vulnerability is identified but doesn’t really exist

Question 15

False Negative

Answer 15

A vulnerability exists, but the scan didn’t detect it.

Question 16

Config Review

Answer 16

Checking the device it self for Obvious vulnerabilities.

Question 17

SIEM

Answer 17

Security Information and Event Management.
A system that logs security events from a network in real time.

Question 18

Syslog

Answer 18

A standard that allows log files to be sent from many devices.
(Windows, Linux, router, switch)

Question 19

SIEM Data Inputs

Answer 19

Types of information that SIEM would look for: Sever, VPN, Firewall, Traffic flows, Network, Packets

Question 20

Security Monitoring on a SEIM

Answer 20

A way to track incoming information and annotate security exceptions.

Question 21

SIEM Behavior Analysis

Answer 21

How people are using a network. If the user is a risk.

Question 22

Sentiment Analysis

Answer 22

How much people HATE your organization. Attracts more Threat Actors to your organization.

Question 23

SOAR

Answer 23

Security Orchestration automation and response

-Automated way to handle security task. (24hrs and instantly)