Section 22 Vulnerability Management

Question 1

Seeks to identify any issue in a network, application, database, or other systems prior to it being used that might compromise the system.

Answer 1

Vulnerability Assessment

Question 2

Practice of finding and mitigating the vulnerabilities in computers and networks.

Answer 2

Vulnerability Management

Question 3

Occurs when an attacker moves onto another workstation or user account.

Answer 3

Pivot

Question 4

Ability of an attacker to maintain a foothold inside the compromised network.

Answer 4

Persistence

Question 5

Exercise that uses an incident scenario against a framework of controls or a red team.

Answer 5

Tabletop Exercise (TTX)

Question 6

A test that uses active tools and security utilities to evaluate security by simulating an attack on a system to verify that a threat exists, actively test it, bypass security controls, and then finally exploit vulnerabilities on a given system.

Answer 6

Penetration Test

Question 7

The hostile or attacking team in penetration test or incident response exercise.

Answer 7

Red Team

Question 8

The defensive team in a penetration test or incient response exercise.

Answer 8

Blue Team

Question 9

Staff administering, evaluating, and supervising a penetration test or incident response exercise.

Answer 9

White Team

Question 10

A standard designed to regulate the transfer of secure public information across networks and the internet utilizing any security tools and services available.

Answer 10

Open Vulnerability and Assessment Language (OVAL)

Question 11

An XML schema used to define and describe the information being created by OVAL to be shared among the various programs and tools.

Answer 11

OVAL Language

Question 12

A reference developed to ensure the information passed around by these programs complies with the OVAL schemes and definitions used by the OVAL language.

Answer 12

OVAL Interpreter

Question 13

Discovery and documentation of physical and logical connectivity that exists in the network.

Answer 13

Network Mapping

Question 14

A technique that identifies threats on the network without exploiting them.

Answer 14

Vulnerability Scanning

Question 15

A technique used to gain information about servers and inventory the systems or services.

Answer 15

Banner Grabbing

Question 16

The process of finding and investigating other computers on the network by analyzing the network traffic or capturing the packets being spent.

Answer 16

Network Sniffing

Question 17

Software tool that allows for the capture, reassembly and analysis of packets from the network.

Answer 17

Protocol Analyzer

Question 18

A tool used to test the strength of your passwords to ensure your password policies are being followed.

Answer 18

Password Analysis

Question 19

Uses comparative analysis to break passwords and systematically continues guessing until the password is determined.

Answer 19

Password Cracker

Question 20

Occurs when a weak password is simply figured out by a person.

Answer 20

Password Guessing

Question 21

Method where a program attempts to guessing the password by using a list of possible passwords.

Answer 21

Dictionary Attack

Question 22

Method where a program attempts to try every possible combination until it cracks the password.

Answer 22

Brute Force Attacks

Question 23

Comparing a precomputed encrypted password to a value in a lookup table.

Answer 23

Cryptanalysis Attack

Question 24

List of precomputed valued used to more quickly break a password since values don’t have to be calculated for each password being guessed.

Answer 24

Rainbow Table

Question 25

Attempt to crack a password by threating or causing a person physical harm in order to make them tell you the password.

Answer 25

Rubber Hose Attack