Module 05 - Vulnerability Analysis ( EC Mode ) Flashcards
Which of the following phases of the vulnerability management lifecycle provides clear visibility into a firm and allows security teams to check whether all the previous phases have been perfectly employed?
A. Monitoring
B. Verification
C. Remediation
D. Risk Assessment
Answer: B. Verification
Explanation:
Remediation: Remediation is the process of applying fixes on vulnerable systems in order to reduce the impact and severity of vulnerabilities
Monitoring: Organizations need to performed regular monitoring to maintain system security. Continuous monitoring identifies potential threats and any new vulnerabilities that have evolved.
Verification: This phase provides clear visibility into the firm and allows the security team to check whether all the previous phases have been perfectly employed or not.
Risk Assessment: All serious uncertainties that are associated with the system are assessed and prioritized, and remediation is planned to permanently eliminate system flaws.
Which of the following online resources helps an attacker in performing vulnerability research?
A. EZGif
B. GNUnet
C. AOL
D. MITRE CVE
Answer: D. MITRE CVE (Common Vulnerabilities and Exposures)
Explanation:
AOL: AOL is a major search engine tool.
MITRE CVE: MITRE maintains a CVE databas
e that contains details of the latest vulnerabilities. Attackers can search MITRE CVE to discover vulnerabilities that exist in the target system.
EZGif: EZGif is an online GIF maker, image editor, and video analysis tool.
GNUnet: GNUnet is an online deep and dark web searching tool.
Given below are the different steps involved in the post-assessment phase of vulnerability management.
- Remediation
- Monitoring
- Risk assessment
- Verification
What is the correct sequence of steps involved in the post-assessment phase?
A. 2 -> 1 -> 3 -> 4
B. 1 -> 2 -> 3 -> 4
C. 3 -> 1 -> 4 -> 2
D.3 -> 2 -> 4 -> 1
Answer: C. 3 -> 1 -> 4 -> 2
Explanation:
The post-assessment phase of vulnerability management includes the following steps
Risk Assessment
Remediation
Verification
Monitoring
Which of the following terms refers to the existence of a weakness, design flaw, or implementation error that can lead to an unexpected event compromising the security of the system?
A. Exploit
B. Zero-day attack
C. Hacking
D. Vulnerability
Answer: D. Vulnerability
Explanation:
Exploit refers to a breach in a system. Attackers take advantage of a vulnerability or weakness in the system to exploit it. Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to the system resources. A zero-day attack is an attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.
A newly discovered flaw in a software application would be considered as which kind of security vulnerability?
A. Zero-day vulnerability
B. HTTP header injection vulnerability
C. Input validation flaw
D. Time-to-check to a time-to-use flaw
Answer: A. Zero-day vulnerability
Explanation:
A zero-day vulnerability is a flaw that leaves software, hardware, or firmware defenseless against an attack that occurs the very same day the vulnerability is discovered.
Which among the following is not a metric for measuring vulnerabilities in common vulnerability scoring system (CVSS)?
A. Environmental metrics
B. Base metrics
C. Temporal metrics
D. Active metrics
Answer: D. Active metrics
Explanation:
CVSS assessment consists of three metrics for measuring vulnerabilities:
Base metrics: It represents the inherent qualities of a vulnerability.
Temporal metrics: It represents the features that keep on changing during the lifetime of a vulnerability.
Environmental metrics: It represents the vulnerabilities that are based on a particular environment or implementation.
Which of the following terms is referred to as a weakness in the design or implementation of a system or software that can be exploited to compromise its security?
A. Footprinting
B. Vulnerability
C. Information assurance
D. Natural threat
Answer: B. Vulnerability
Explanation:
Natural Threats: Natural factors such as fires, floods, power failures, lightning, meteor, and earthquakes are potential threats to the assets of an organization.
Vulnerability: A vulnerability refers to a weakness in the design or implementation of a system that can be exploited to compromise the security of the system. It is frequently a security loophole that enables an attacker to enter the system by bypassing user authentication.
Footprinting: Footprinting, the first step in ethical hacking, refers to the process of collecting information about a target network and its environment.
Information assurance: IA refers to the assurance of the integrity, availability, confidentiality, and authenticity of information and information systems during the usage, processing, storage, and transmission of information.
Williams, a professional hacker, targeted an organization’s network to cause data loss at a massive scale. To achieve his goal, he exploited a system running an older version of a web browser. Williams implanted a Trojan on the target browser, through which he made a lateral movement in the target network.
Identify the type of vulnerability exploited by Williams in the above scenario.
A. Insecure or poor design of the network and application
B. Intentional end-user acts
C. End-user carelessness
D. Inherent technology weaknesses
Answer: D. Inherent technology weaknesses
Explanation:
End-user carelessness: End-user carelessness considerably impacts network security. Human behavior is fairly susceptible to various types of attacks and can be exploited to effect serious outcomes, including data loss and information leakage.
Intentional end-user acts: Ex-employees who continue to have access to shared drives can misuse them by revealing the company’s sensitive information. Such an act is called an intentional end-user act and can lead to heavy data and financial losses for the company.
Internet service misconfiguration: Misconfiguring internet services can pose serious security risks. For example, enabling JavaScript and misconfiguring IIS, Apache, FTP, and Terminal services, can create security vulnerabilities in the network.
Inherent technology weaknesses: If the hardware or software is not capable of defending the network against certain types of attacks, the network will be vulnerable to those attacks. Certain hardware, applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-middle attacks.
Finch, a security professional, was tasked with assessing their organizational network. In this process, Finch identified that one of the servers connected to the corporate network used the insecure FTP for file transmission, which can pose serious security risks.
Identify the type of vulnerability identified by Finch in the above scenario.
A. TCP/IP protocol vulnerability
B. Operating system vulnerability
C. Network device vulnerability
D. User account vulnerabilities
Answer: A. TCP/IP protocol vulnerability
Explanation:
Here are some technological vulnerabilities:
TCP/IP protocol vulnerabilities:
HTTP, FTP, ICMP, SNMP, SMTP are inherently insecure
Operating system vulnerabilities:
An OS can be vulnerable because:
It is inherently insecure
It is not patched with the latest updates
Network device vulnerabilities:
Various network devices such as routers, firewall, and switches can be vulnerable due to:
Lack of password protection
Lack of authentication
Insecure routing protocols
Firewall vulnerabilities
Clark, an IT professional, was hired by an MNC on a contract basis. After a few months, the management became dissatisfied with Clark’s performance and asked him to serve a notice period. Clark decided to seek revenge on the company after serving the notice period. On the last working day, he accessed the company’s shared drive and revealed secrets to a third party, causing huge financial loss to the company.
Identify the cause of the vulnerability discussed in the above scenario.
A. Inherent technology weaknesses
B. Hardware or software misconfiguration
C. Intentional end-user acts
D. End-user carelessness
Answer: C. Intentional end-user acts
Explanation:
Hardware or software misconfiguration: The insecure configuration of the hardware or software in a network can lead to security loopholes. For example, a misconfiguration or the use of an unencrypted protocol may lead to network intrusions, resulting in the leakage of sensitive information.
Inherent technology weaknesses: If the hardware or software is not capable of defending the network against certain types of attacks, the network will be vulnerable to those attacks. Certain hardware, applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-middle attacks.
End-user carelessness: End-user carelessness considerably impacts network security. Human behavior is fairly susceptible to various types of attacks and can be exploited to effect serious outcomes, including data loss and information leakage.
Intentional end-user acts: Ex-employees who continue to have access to shared drives can misuse them by revealing the company’s sensitive information. Such an act is called an intentional end-user act and can lead to heavy data and financial losses for the company.
What is the correct order for vulnerability management life cycle?
A. Verification → risk assessment → monitor → remediation → creating baseline → vulnerability assessment
B. Verification → vulnerability assessment → monitor → remediation → creating baseline → risk assessment
C. Monitor → risk assessment → remediation → verification → creating baseline → vulnerability assessment
D. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor
Answer: D. Creating baseline → vulnerability assessment → risk assessment → remediation → verification → monitor
Explanation:
Vulnerability management life cycle is an important process that helps in finding and remediating security weaknesses before they are exploited. The correct order of vulnerability management life cycle is
Creating baseline → vulnerability assessment →risk assessment → remediation →verification →monitor.
Which of the following terms refers to the process of reducing the severity of vulnerabilities in the vulnerability management life cycle?
A. Risk assessment
B. Vulnerability assessment
C. Remediation
D. Verification
Answer: C. Remediation
Explanation:
Vulnerability management life cycle is an important process that helps in finding and remediating security weaknesses before they are exploited. This includes defining the risk posture and policies for an organization, creating a complete asset list of systems, scanning and assessing the environment for vulnerabilities and exposures, and taking action to mitigate the vulnerabilities that are found.
The phases involved in vulnerability management are:
Creating Baseline
In this phase, critical assets are identified and prioritized to create a good baseline for the vulnerability management.
Vulnerability Assessment
This is a very crucial phase in vulnerability management. In this step, the security analyst identifies the known vulnerabilities in the organization infrastructure.
Risk Assessment
In this phase, all the serious uncertainties that are associated with the system are assessed, fixed, and permanently eliminated for ensuring a flaw free system.
Remediation
Remediation is the process of reducing the severity of vulnerabilities. This phase is initiated after the successful implementation of the baseline and assessment steps.
Verification
This phase provides a clear visibility into the firm and allows the security team to check whether all the previous phases are perfectly employed or not.
Monitor
Regular monitoring needs to be performed for maintaining the system security using tools such as IDS/IPS, firewalls, etc.
Don, a professional hacker, was attempting to access an organization’s systems from a remote location. Don scanned the target environment and identified a security loophole in the firewall implementation. He exploited this loophole to intrude into and gain access to all the interconnected systems within the environment.
Identify the type of vulnerability exploited by Don in the above scenario.
A. Inherent technology weaknesses
B. Insecure or poor design of the network and application
C. End-user carelessness
D. Intentional end-user acts
Answer: B. Insecure or poor design of the network and application
Explanation:
End-user carelessness: End-user carelessness considerably impacts network security. Human behavior is fairly susceptible to various types of attacks and can be exploited to effect serious outcomes, including data loss and information leakage.
Intentional end-user acts: Ex-employees who continue to have access to shared drives can misuse them by revealing the company’s sensitive information. Such an act is called an intentional end-user act and can lead to heavy data and financial losses for the company.
Insecure or poor design of network and application: An improper and insecure design of a network may make it susceptible to various threats and potential data loss. For example, if firewalls, IDS, and virtual private network (VPN) technologies are not implemented securely, they can expose the network to numerous threats.
Inherent technology weaknesses: If the hardware or software is not capable of defending the network against certain types of attacks, the network will be vulnerable to those attacks. Certain hardware, applications, or web browsers tend to be prone to attacks such as DoS or man-in-the-middle attacks.
Steve, an administrator, installed new software on an employee’s system but forgot to change the credentials provided by the vendor. Greg, an attacker, browsed online resources and obtained vendor-provided software credentials to gain remote access to the employee’s system.
Identify the type of vulnerability exploited by Greg in the above scenario.
A. TCP protocol vulnerabilities
B. Default password and settings
C. Operating system vulnerabilities
D. IP protocol vulnerabilities
Answer: B. Default password and settings
Explanation:
Here are the two types of vulnerabilities listed and their descriptions:
Configuration Vulnerabilities:
Default password and settings:
Leaving the network devices/products with their default passwords and settings can lead to unauthorized access to the device and the network.
Network device misconfiguration:
Misconfiguring the network device
Technological Vulnerabilities:
TCP/IP protocol vulnerabilities: HTTP, FTP, ICMP, SNMP, SMTP are inherently insecure
Operating System vulnerabilities:
An OS can be vulnerable because:
It is inherently insecure
It is not patched with the latest updates
Peter, a security professional, was tasked with performing a vulnerability assessment on an organization’s network. During the assessment, Peter identified that an Apache server was improperly configured, potentially posing serious threats to the organization.
Identify the type of vulnerability identified by Peter in the above scenario.
A. Default password and settings
B. Internet service misconfiguration
C. User account vulnerabilities
D. Network device misconfiguration
Answer: B. Internet service misconfiguration
Explanation:
Here are the Configuration Vulnerabilities and their descriptions:
User account vulnerabilities:
Originating from the insecure transmission of user account details such as usernames and passwords, over the network
System account vulnerabilities:
Originating from setting of weak passwords for system accounts
Internet service misconfiguration:
Misconfiguring internet services can pose serious security risks. For example, enabling JavaScript and misconfiguring IIS, Apache, FTP, and Terminal services, can create security vulnerabilities in the network
Default password and settings :
Leaving the network devices/products with their default passwords and settings
Network device misconfiguration:
Misconfiguring the network device
Which of the following types of software vulnerability occurs due to coding errors and allows attackers to gain access to the target system?
A. Misconfiguration
B. Unpatched servers
C. Buffer overflow
D. Open services
Answer: C. Buffer overflow
Explanation:
Open services: Open ports and services may lead to the loss of data or DoS attacks and allow attackers to perform further attacks on other connected devices.
Unpatched Servers: Unpatched servers are a hub for the attackers, they serve as an entry point into the network. This can lead to the exposure of private data, financial loss, and discontinuation of operations.
Buffer overflow: Buffer overflows are common software vulnerabilities that happen due to coding errors that allow attackers to gain access to the target system.
Misconfiguration: Misconfiguration is the most common vulnerability and is mainly caused by human error, which allows attackers to gain unauthorized access to the system.
Which of the following types of vulnerability assessment sniffs the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities?
A. Credentialed assessment
B. Active assessment
C. Passive assessment
D. Distributed assessment
Answer: C. Passive assessment
Explanation:
Active Assessment: A type of vulnerability assessment that uses network scanners to identify the hosts, services, and vulnerabilities present in a network. Active network scanners can reduce the intrusiveness of the checks they perform.
Passive Assessment: Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently accessing the network.
Credentialed Assessment: In this type of assessment, the ethical hacker possesses the credentials of all machines present in the assessed network.
Distributed Assessment: This type of assessment, employed by organizations that possess assets like servers and clients at different locations, involves simultaneously assessing the distributed organization assets, such as client and server applications, using appropriate synchronization techniques.
In which of the following types of vulnerability assessment does an ethical hacker assess an enterprise network without possessing any privileges for the assets present in the network?
A. Distributed assessment
B. Non-credentialed assessment
C. Manual assessment
D. Credentialed assessment
Answer: B. Non-credentialed assessment
Explanation:
Distributed Assessment: This type of assessment, employed by organizations that possess assets like servers and clients at different locations, involves simultaneously assessing the distributed organization assets, such as client and server applications, using appropriate synchronization techniques
Credentialed Assessment: Credentialed assessment is also called authenticated assessment. In this type of assessment, the ethical hacker possesses the credentials of all machines present in the assessed network. The chances of finding vulnerabilities related to operating systems and applications are higher in credential assessment than in non-credential assessment
Non-Credentialed Assessment: Non-credentialed assessment, also called unauthenticated assessment, provides a quick overview of weaknesses by analyzing the network services that are exposed by the host. Since it is a non-credential assessment, an ethical hacker does not require any credentials for the assets to perform their assessments
Manual Assessment: After performing footprinting and network scanning and obtaining crucial information, if the ethical hacker performs manual research for exploring the vulnerabilities or weaknesses, they manually rank the vulnerabilities and score them by referring to vulnerability scoring standards like CVSS and vulnerability databases like CVE and CWE
Highlander, Incorporated, is a medical insurance company with several regional company offices in North America. There are various types of employees working in the company, including technical teams, sales teams, and work-from-home employees. Highlander takes care of the security patches and updates of official computers and laptops; however, the computers or laptops of the work-from-home employees are to be managed by the employees or their ISPs. Highlander employs various group policies to restrict the installation of any third-party applications.
As per Highlander’s policy, all the employees are able to utilize their personal smartphones to access the company email in order to respond to requests for updates. Employees are responsible for keeping their phones up to date with the latest patches. The phones are not used to directly connect to any other resources in the Highlander, Incorporated, network. The company is concerned about the potential vulnerabilities that could exist on their devices.
What would be the best type of vulnerability assessment for the employees’ smartphones?
A. Wireless network assessment
B. Active assessment
C. Passive assessment
D. Host-based assessment
Answer: D. Host-based assessment
Explanation:
Host-based assessment looks at the vulnerabilities of the devices.
Active assessment means we are using a network scanner to look for hosts.
Passive assessment means we are sniffing packets in a network.
Wireless network assessment looks for vulnerabilities in the wireless network, not the phone.
Which term refers to common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system?
A. Active footprinting
B. Banner grabbing
C. Port scanning
D. Buffer overflows
Answer: D. Buffer overflows
Explanation:
Buffer overflows
Buffer overflows are common software vulnerabilities that happen due to coding errors allowing attackers to get access to the target system. In a buffer overflow attack, attackers undermine the functioning of programs and try to take the control of the system by writing content beyond the allocated size of the buffer. Insufficient bounds checking in the program is the root cause because of which the buffer is not able to handle data beyond its limit, causing the flow of data to adjacent memory locations and overwriting their data values. Systems often crash or become unstable or show erratic program behavior when buffer overflow occurs.
Active footprinting
Active footprinting involves gathering information about the target with direct interaction. In active footprinting, information is gathered by querying published name servers, extracting metadata, web spidering, Whois lookup, etc.
Port scanning
Port scanning is the process of checking the services running on the target computer by sending a sequence of messages in an attempt to break in. Port scanning involves connecting to or probing TCP and UDP ports on the target system to determine if the services are running or are in a listening state.
Banner grabbing
Banner grabbing, or “OS fingerprinting,” is a method used to determine the operating system that is running on a remote target system.
Sohum is carrying out a security check on a system. This security check involves carrying out a configuration-level check through the command line in order to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Which type of assessment is performed by Sohum?
A. Network-based assessment
B. Internal assessment
C. Host-based assessment
D. External assessment
Answer: C. Host-based assessment
Explanation:
Host-based Assessment
Host-based assessments are a type of security check that involves carrying out a configuration-level check through the command line. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Host-based assessment can use many commercial and open-source scanning tools.
External Assessment
External assessment assesses the network from a hacker’s point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers.
Network based Assessments
Network assessments determine the possible network security attacks that may occur on an organization’s system. These assessments evaluate the organization’s system for vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption.
Internal Assessment
An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities.
Which assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems?
A. Wireless network assessment
B. Passive assessment
C. Application assessment
D. Active assessment
Answer: C. Application assessment
Explanation:
Application Assessments
An application assessment focuses on transactional Web applications, traditional client server applications, and hybrid systems. It analyzes all elements of an application infrastructure, including deployment and communication within the client and server. This type of assessment tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Security professionals use both commercial and open-source tools to perform such assessments.
Passive Assessment
Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are currently using the network.
Active Assessment
Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.
Wireless Network Assessments
Wireless network assessment determines the vulnerabilities in an organization’s wireless networks. Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access. This type of assessment tests wireless networks and identifies rogue wireless networks that may exist within an organization’s perimeter. These assessments audit client-specified sites with a wireless network.
Henry, an employee of an organization, faced issues with a newly allocated system, which was purchased from a refurbished market. When he raised a complaint, the security team analyzed the system components and identified that the vendor did not properly sanitize the system’s drive.
Identify the third-party risk demonstrated in the above scenario?
A. Data storage
B. Supply-chain risk
C. Unpatched firmware
D. Design flaws
Answer: B. Supply-chain risk
Explanation:
Supply-chain risks: Proper security controls must be implemented for the equipment/devices or software that organizations purchase or borrow from a third party. For instance, the software or hardware purchased from a third party may not be properly sanitized. In such cases, malware concealed inside the previously provisioned equipment can infect the new systems deployed in the organization and spread to all other devices connected to the network.
Data storage: With the emergence of cloud technology, organizations are storing large amounts of data in third-party storage spaces, where vendors may also have access to organizations’ data. Therefore, the data should be frequently inspected for security concerns to protect sensitive information related to customers, employees, or users.
Unpatched firmware: Firmware vulnerabilities allow attackers to inject malicious code, infect legitimate updates, delete data stored on the hard drive, or even control the system hardware from a remote location in some cases. To mitigate such vulnerabilities, security professionals must regularly check and update the firmware.
Design flaws: Design vulnerabilities such as incorrect encryption or the poor validation of data refer to logical flaws in the functionality of the system that attackers exploit to bypass the detection mechanism and acquire access to a secure system.
Which of the following vulnerabilities is caused by obsolete or familiar code that is usually not supported when patching technical assets?
A. DLL injection
B. Legacy platform vulnerability
C. Race conditions
D. Third-party risk
Answer: B. Legacy platform vulnerability
Explanation:
Third-Party Risks: A third party can become another potential threat to enterprises. Third-party services or products can have access to privileged systems and applications, through which financial information, customer and employee data, and processes in the enterprise’s supply chain can be compromised.
Legacy Platform Vulnerability: Legacy platform vulnerabilities are caused by obsolete or familiar codes. Legacy platforms are usually not supported when patching technical assets such as smartphones, computers, IoT devices, OSes, applications, databases, firewalls, intrusion detection systems (IDSs), or other network components. This type of vulnerabilities could cause costly data breaches for organizations.
Race Conditions: A race condition is an undesirable incident that occurs when a software or system program depends on the execution of processes in a sequence and on the timing of the programs.
DLL Injection: When an application runs third-party code or untrusted code that loads an assembly or DLL file, an attacker may exploit this vulnerability to inject a malicious DLL into the current running process and execute malicious code.
