Risk Management

Question 1

What are the 4 risk response techniques available to an organization?

Answer 1

Avoid, transfer, mitigate, accept

Question 2

Quantitative risk assessment

Answer 2

Measures risk using a specific monetary amount

Question 3

SLE

Answer 3

Single loss expectancy

The cost of any single loss

Question 4

ARO

Answer 4

Annual Rate of Occurrence

Indicates how many times the loss may occur in one year (if less than 1, it’s represented as a %)

Question 5

ALE

Answer 5

Annual Loss Expectancy

The value of the SLE x ARO

Question 6

Qualitative Risk Assessment

Answer 6

Uses judgement to categorize risks based on likelihood of Occurrence (probability) and impact. Often represented as numbers (scale of 1 to 5, etc)

Question 7

Impact

Answer 7

The magnitude of loss/harm resulting from a risk

Question 8

Supply Chain Assessment

Answer 8

An assessment that evaluates the elements used in an organization to create, sell, and distribute products.

Question 9

Risk Register

Answer 9

A comprehensive document that lists known information about identified risks. Usually includes risk scores and recommended security controls to reduce those scores.

Question 10

What is Risk?

Answer 10

The likelihood that a threat will exploit an organizational vulnerability.

Question 11

What is a Threat, in context of Risk Management?

Answer 11

Any circumstance/event that can compromise the confidentiality, integrity, or availability of a system or data.

Question 12

Threat Assessment

Answer 12

Helps an organization to identify + categorize threats by predicting what threats exist against an organization’s assets along with the likelihood that the threat will occur.

Question 13

What is Risk Management?

Answer 13

The practice of identifying, monitoring, and limiting risks to a manageable level.

Question 14

What is the primary goal of a Vulnerability Assessment?

Answer 14

To assess the security posture of a systems and networks.

Question 15

What methods do network scanners use to gather information about hosts on a network?

Answer 15

Ping scan/Ping sweep, ARP ping scan, Syn stealth scan (TCP 3-way handshake), Port scan (to determine open ports, Service Scan, OS detection (TCP/IP fingerprinting)

Question 16

What is the goal of a password cracker in relation to Risk Management?

Answer 16

Helps to discover weak, or poorly protected passwords on a network.

Question 17

Banner Grabbing

Answer 17

A technique used to gain information about remote systems. Used by many scanners to identify the OS and information about some applications on it.

Question 18

What are some of the common misconfigurations that a vulnerability scanner will look for?

Answer 18

Open ports that are not being used, weak passwords, default accounts+passwords that are not hardened, security+configuration errors, sensitive data.

Question 19

Configuration Compliance Scanner

Answer 19

A tool that is used to verify that systems are configured correctly

Question 20

Difference between Passive and Active Reconnaissance?

Answer 20

Passive recon collects information about a system via open-source intelligence.
Active recon uses tools to send data to a system and then analyze the responses.

Question 21

What is pivoting, in the context of IT security?

Answer 21

Uses various tools to gain additional information about an organization. Example: If you gain access to a workstation within a company’s network, you can then use that computer to gather information about other systems.

Question 22

What is the difference between Black box, white box, and gray box testing?

Answer 22

Black box = tester has no knowledge of the environment prior to starting a test
White box = tester has full knowledge of environment
Gray box = tester has some knowledge of environment, but not full.

Question 23

What is an exploitation framework?

Answer 23

A tool used to store information about security vulnerabilities. Often used by testers (and attackers) to detect+compromise a system.

Question 24

What are some commonly used exploitation frameworks?

Answer 24

Metasploit, BeEF (Browser Exploitation Framework), w3af (Web Application Attack and Audit Framework)

Question 25

What is Nmap, and what is it used for?

Answer 25

A network scanner that can identify all of the active hosts + their IP addresses in a network, the protocols + services they’re running, and the OS of each system.

Question 26

How does Tcpdump differ from Wireshark?

Answer 26

Wireshark is a GUI network scanner on Windows systems, and tcpdump is executed from the command line on Linux systems.

Question 27

What are the uses of Netcat?

Answer 27

• Remotely accessing a Linux system (with SSH to encrypt the session
• Transferring files between systems
• Port scan against a single IP address (evade detection via randomizing ports scanned)

Question 28

Security information and Event Management (SIEM)

Answer 28

A centralized solution for collecting, analyzing, and managing data from multiple sources. Supports continuous monitoring and real-time reporting, making it useful in a large enterprise environment.

Question 29

What are some capabilities shared by most SIEMs?

Answer 29

Aggregation and correlation capabilities to collect+organize log data from different sources (i.e. firewalls, routers, etc), automated alerting, automated triggers, time synchronization, event deduplication (removing duplicate entries), logs/WORM (write once read many)

Question 30

What is a permission auditing review?

Answer 30

Looks at the rights and permissions assigned to users, helps ensure that an organization is enforcing principle of least privilege. Helps detect “privilege creep”

Question 31

What is usage auditing?

Answer 31

Refers to logging information on what users are doing. Provides non-repudiation. Helps create an auditing trail in the event of an incident.