Module 23 Endpoint Vulnerability Assessment Flashcards
What is network profiling?
Session duration, total throughput, typical traffic type, critical asset address space
What is a server profile?
Listening ports, logged in users and accounts, service accounts, software environment
What is Network Anomaly Detection?
Network behavior - large amount of data such as packet flow, features of the packet, etc.
- Big data analytics techniques can be used to analyze data and detect variations
What does network vulnerability testing include?
Risk analysis, vulnerability assessment and penetration testing
What is penetration testing?
Use of hacking techniques and tools to penetrate network defenses
What is vulnerability assessments?
Patch management, host scans, port-scanning and other scans
What is risk analysis
Individuals conduct comprehensive analysis of impacts of attacks on core company assets and functioning
What is CVSS
Common Vulnerability Scoring Sys is a risk assessment tool
What are the CVSS Metric Groups
Base, temporal and environmental metric group
What is the base Metric group
Represents the characteristics of a vulnerability that are constant over time
What is Temporal Metric
Measures the characteristics of a vuln that may change over time, but not environments
What is envir metric group
Measures aspects of a vuln that are rooted in a specific organizations envir
What is considered a high severity rating?
Any vuln that exceeds 3.9
What are some vulnerability information sources?
NVD - National Vulnerability Database , CVE (Common Vulnerabilities and Exposures),
What is risk management?
Selection and Specification of security controls for an organization
What are the ways to respond to risk?
Risk tolerance, risk reduction, risk sharing and risk retention
What are the steps in the vulnerability management life cycle?
Discover, prioritize assets, assess,
What is the discover process?
Develop a network baseline - identify security vulnerabilities
What is prioritizing assets?
Categorize assets into group or business units and assign a business value
What is assessing?
Determine a baseline risk profile to eliminate risks based on asset criticality, threats, vulnerabilities and asset classification
What is report?
Measure the level of business risk associated with your assets according to security policies. Document a security plan, monitor activity, describe vuln
What is remediate
Prioritize according to business risk and add vuln in order of risk
What is verify
Verify that threats have been eliminated
What is the NIST cybersecurity framework?
Set of standards designed to integrate existing standards, guidelines and practices to help manage and reduce risk
