Módulo 07 - Vulnerability Management

Question 1

Define: Vulnerability Management

Answer 1

A: The process of
1. identifying,
2. evaluating,
3. treating
4. reporting
vulnerabilities to prevent exploitation

Question 2

Define: End-of-Life (EOL) Systems

Answer 2

A: Products or systems that are no longer supported by the manufacturer or vendor, receiving no updates or security patches, making them vulnerable to new threats.

Question 3

Define: Legacy Systems

Answer 3

A: Outdated computer systems or applications that are still in use despite their limitations, often due to the high cost or risk associated with replacing them.

Question 4

Define: Firmware Vulnerabilities

Answer 4

A: Security flaws within the foundational software that controls hardware, which can be exploited to gain unauthorized access or persist on a system undetected.

Question 5

Define: Meltdown and Spectre

Answer 5

A: Critical vulnerabilities discovered in 2018 affecting nearly all CPUs, allowing malicious programs to steal data being processed on the computer.

Question 6

Define: LoJax

Answer 6

A: A malware discovered in 2018 that infects the UEFI firmware, allowing attackers to maintain persistence even after hard drive replacements or OS reinstallations.

Question 7

Define: Vulnerability Scanning

Answer 7

A: The use of specialized tools to automatically identify potential security weaknesses in an organization’s digital assets.

Question 8

Define: Shellshock

Answer 8

A: A significant vulnerability in the Bash shell affecting Unix-based systems, including macOS, allowing attackers to execute arbitrary commands.

Question 9

Define: Heartbleed

Answer 9

A: A serious vulnerability in the OpenSSL cryptographic library that allowed attackers to read protected memory on affected servers.

Question 10

Q: Acronym: UEFI

Answer 10

A: Unified Extensible Firmware Interface.

Question 11

Q: Acronym: SMB

Answer 11

A: Server Message Block.

Question 12

Q: Acronym: MMS

Answer 12

A: Multimedia Messaging Service.

Question 13

Q: Acronym: OpenSSL

Answer 13

A: Open Secure Sockets Layer.

Question 14

True or False:
The Stagefright vulnerability affected iOS devices.

Answer 14

A: False:

Stagefright affected Android devices by allowing code execution via specially crafted MMS messages.

Question 15

True or False:
Heartbleed was a vulnerability in the OpenSSL library that compromised secret keys.

Answer 15

A: True:

Heartbleed allowed attackers to read sensitive memory contents, exposing secret keys.

Question 16

True or False:
Firmware updates are unnecessary as firmware cannot be exploited.

Answer 16

A: False:

Firmware can contain vulnerabilities; updating it is crucial for security.

Question 17

True or False:
macOS is completely safe from vulnerabilities due to its Unix-based architecture.

Answer 17

A: False:

macOS can have vulnerabilities, such as those exploited by the Shellshock bug.

Question 18

Define: WannaCry Ransomware

Answer 18

A: A 2017 global ransomware attack that exploited the EternalBlue vulnerability to encrypt data and demand ransom payments.

Question 19

Define: Stagefright Vulnerability

Answer 19

A: A critical flaw in the Android media playback engine that allowed remote code execution via MMS messages.

Question 20

Define: Watering Hole Attack

Answer 20

A: A strategy where attackers compromise a website likely to be visited by their targets to distribute malware.

Question 21

Define: Conficker Worm

Answer 21

A: A worm exploiting the MS08-067 vulnerability in Windows, leading to one of the largest infections in history.

Question 22

Define: EternalBlue

Answer 22

A: An exploit developed by the NSA and leaked by the Shadow Brokers group, targeting vulnerabilities in Microsoft’s SMB protocol, notably used in the WannaCry attack.

Question 23

Acronym:
Bash

Answer 23

A: Bourne Again Shell.

Question 24

Define: Vulnerability Scanning

Answer 24

A: The process of automatically identifying vulnerabilities systems, such as
1. open ports
2. insecure configurations
3. missing patches.

Question 25

Define: Threat Feed

Answer 25

A: A continuously updated source of information about potential cyber threats and vulnerabilities, providing actionable intelligence for vulnerability management.

Question 26

Define: Penetration Testing

Answer 26

A: A proactive method where ethical hackers simulate real-world attacks to exploit vulnerabilities and evaluate an organization's security posture.

Question 27

Define: Bug Bounty Programs

Answer 27

A: Initiatives that incentivize external security researchers to discover and responsibly report vulnerabilities in exchange for rewards.

Question 28

Define: Responsible Disclosure Programs

Answer 28

A: Guidelines established by organizations to encourage individuals to report vulnerabilities responsibly, allowing for fixes before exploitation.

Question 29

Define: Security Audits

Answer 29

A: Comprehensive reviews of an organization’s security controls and practices, often aligned with standards like ISO 27001 or NIST.

Question 30

Define: Cyber Threat Intelligence (CTI)

Answer 30

A: Data about threats and attackers gathered from various sources, used to improve an organization’s cybersecurity posture.

Question 31

Acronym: GDPR

Answer 31

A: General Data Protection Regulation.

Question 32

Define: Deep Web

Answer 32

A: Parts of the internet not indexed by search engines, such as unlinked pages or those requiring registration.

Question 33

Define: Dark Web

Answer 33

A: Hidden parts of the deep web accessible only through specific software like TOR, often associated with illicit activities but also used for privacy and research.

Question 34

Bug Bounty vs. Penetration Testing

Answer 34

A: Bug bounty has external researchers testing for vulnerabilities, penetration is performed by internal or hired team.

Question 35

Define: Behavioral Threat Research

Answer 35

A: Analysis of TTP tactics and procedures used by attackers, gathered through direct observation and research.

Question 36

Acronym: TTP

Answer 36

A: Tactics, Techniques, and Procedures.

Question 37

Acronym: SIEM

Answer 37

A: Security Information and Event Management.

Question 38

List: Types of Vulnerability Identification Methods

Answer 38

1. Vulnerability scanning 2. Penetration testing 3. Bug bounty programs 4. Auditing

Question 38

List: Threat Feed Type

Answer 38

1. Third-party threat feeds 2. Open-source intelligence (OSINT) 3. Closed/proprietary threat feeds 4. Information-sharing organizations

Question 39

List: Common OSINT Tools

Answer 39

1. Shodan 2. Maltego 3. Recon-ng 4. theHarvester

Question 40

List: Types of Cybersecurity Audits

Answer 40

1. Compliance audits 2. Risk-based audits 3. Technical audit

Question 41

What's audited in a Security Audit?

Answer 41

1. Policies 2. Procedures 3. System configuration 4. Supply chain evaluation 5. Monitoring and support practices

Question 42

Acronym: NVD

Answer 42

A: National Vulnerability Database

Question 43

Define: Package Monitoring

Answer 43

The process of tracking and assessing the security of third-party software packages, libraries, and dependencies to ensure they are up-to-date and free from known vulnerabilities.

Question 44

True or False: A credentialed vulnerability scan requires administrative access to hosts for deeper analysis.

Answer 44

A: True. Credentialed scans provide more in-depth analysis by accessing internal configurations and settings with user account privileges.

Question 45

True or False: Non-credentialed scans can validate vulnerabilities by attempting exploitation.

Answer 45

A: False. Non-credentialed scans cannot exploit vulnerabilities; they only assess what is exposed to unprivileged users.

Question 46

List: Types of vulnerability scan [Types to perform]

Answer 46

1. Intrusive [Tries to exploit] 2. Non-intrusive [List potential vulnerabilities] 3. Credentialed 4. Non-credentialed

Question 47

List: Methods in application vulnerability scanning

Answer 47

1. Static analysis 2. Dynamic analysis

Question 48

List: Components monitored in package monitoring.

Answer 48

1. Third-party software packages 2. Libraries 3. Dependencies

Question 49

What type of vulnerability scan would you perform to simulate an external attacker without internal access to the system?

Answer 49

Non-credentialed scan.

Question 50

What does automated software composition analysis (SCA) track in package monitoring?

Answer 50

It tracks software packages, libraries, and dependencies for outdated versions or known vulnerabilities.

Question 51

Acronym: SCA

Answer 51

A: Software Composition Analysis

Question 52

Define: Network Monitors

Answer 52

Tools that collect data about network infrastructure appliances. like CPU/memory usage, disk capacity, and link utilization.

Question 53

Define: NetFlow

Answer 53

Reports metadata and statistics about network traffic, Analyzes traffic patterns and detection of anomalies.

Question 54

Define: System Logs

Answer 54

Logs that provide audit trails of actions on a system, used to diagnose availability issues, monitor authorized and unauthorized access, and proactively identify threats and vulnerabilities.

Question 55

Define: Cloud Monitors

Answer 55

Tools that monitor the performance and health of cloud services, assessing bandwidth, virtual machine status, application health, and error or alert conditions.

Question 56

Define: Endpoint Protection Platforms (EPPs)

Answer 56

Modern antivirus solutions that detect malware using signatures and AI-based behavior analytics, often integrated with user and entity behavior analytics (UEBA).

Question 57

True or False: NetFlow tracks every individual packet transmitted over the network.

Answer 57

False. NetFlow records metadata and statistics about network traffic, not individual packets.

Question 58

Acronym: SNMP

Answer 58

Simple Network Management Protocol

Question 59

Acronym: UEBA

Answer 59

User and Entity Behavior Analytics

Question 60

Acronym: DLP

Answer 60

Data Loss Prevention

Question 61

List: How do data loss prevention (DLP) tools do what they do?

Answer 61

1. Mediating data transfers 2. Restricting copying to authorized media 3. Monitoring DLP policy violations 4. Highlighting trends over time

Question 62

List: Features of NetFlow analysis tools.

Answer 62

1. Based on traffic trends and patterns 2. Identifies rogue user behavior or malware in transit 3. Detects C&C traffic

Question 63

List: Three main types of SIEM data collection methods.

Answer 63

1. Agent-based: Installed on hosts to process data locally. 2. Listener/collector: Hosts push logs directly to the SIEM server. 3. Sensor: Collects packet captures and traffic flow data from network sniffers.

Question 64

Acronym: SOAR

Answer 64

Security Orchestration, Automation, and Reporting

Question 65

Define: Log Aggregation

Answer 65

The process of normalizing data from various sources to ensure consistency and searchability within a SIEM system.

Question 66

Define: Alert Fatigue

Answer 66

A condition where analysts become overwhelmed by low-priority alerts, potentially missing critical incidents due to high false-positive rates.

Question 67

Define: Security Orchestration and Automation Reporting

Answer 67

Automation responses to incidents and integrating workflows across tools

Question 68

What is a policy server [DLP]?

Answer 68

Configures: 1. Classification 2. Confidentiality 3. Privacy rules Also: 1. Logs incidents 2. Compiles reports

Question 69

What is a tombstone mechanism in DLP?

Answer 69

A remediation mechanism that replaces the quarantined file with one explaining the policy violation and instructions on how to regain access.

Question 70

Compare: Alert-only remediation vs. Block remediation in DLP.

Answer 70

Alert-only: Allows copying but logs the incident and may notify an administrator. Block: Prevents the user from copying the file, with or without notifying the user.

Question 71

List: Components of a DLP solution.

Answer 71

1. Policy server: Configures rules and logs incidents 2. Endpoint agents: Enforces policies on client devices. 3. Network agents: Scans communications and enforces policies at network borders.

Question 72

List: Common remediation mechanisms in DLP.

Answer 72

1. Alert only. 2. Block. 3. Quarantine. 4. Tombstone.

Question 73

List: The five phases of the penetration testing life cycle.

Answer 73

1. Perform reconnaissance 2. Scan/enumerate 3. Gain access 4. Maintain access 5. Report

Question 74

What does SOW stand for in penetration testing?

Answer 74

Scope of Work.

Question 75

What does ROE stand for in penetration testing documentation?

Answer 75

Rules of Engagement.

Question 76

What is a Rules of Engagement document?

Answer 76

A document detailing how the penetration test will be carried out, including data handling, test type, and notification processes.

Question 77

Compare: Red team vs. Purple team in security operations

Answer 77

Red team: Focuses solely on offensive tactics (ethical hacking). Purple team: Combines offensive and defensive roles, bridging red and blue teams.

Question 78

Black box vs. White box penetration testing

Answer 78

Black box: No prior knowledge of the network, simulating external attacks. White box: Full knowledge of the network, enabling comprehensive testing.

Question 79

Define: Penetration test (pen test)

Answer 79

A method using authorized hacking techniques to discover vulnerabilities in an organization's security systems.

Question 80

Define: Physical penetration testing

Answer 80

A test simulating real-world scenarios to evaluate physical security systems like access controls and surveillance.

Question 81

What does CI/CD mean in continuous penetration testing?

Answer 81

Continuous Integration/Continuous Deployment.

Question 82

List: The steps of a penetration test.

Answer 82

1. Verify a threat exists. 2. Bypass security controls. 3. Actively test security controls. 4. Exploit vulnerabilities.