Security Assessment Techniques

Question 1

Threat hunting

Answer 1

Looking for threats

Question 2

False positives

Answer 2

Things that are not issues brought up as a vulnerability

Question 3

Protocol analyzer

Answer 3

Analyze network traffic

Question 4

Network scanner

Answer 4

NMAP angry IP Scanner

Rogue system detection, discover open systems ports

Question 5

Wireless scanners

Answer 5

inSSIDer meta Kimset

Question 6

Password cracker

Answer 6

Used to find week passwords

Question 7

Vulnerability scanner

Question 8

Compliance scanner

Answer 8

Scans critical systems to ensure they meet security compliance standards set by the organization (Nessus)

Question 9

Banner grabbing

Answer 9

Os fingerprinting. A method to determine the OS running on a remote system

NMAP
Ncat

Question 10

Siem

Answer 10

Security information and event management.

IT industry monitoring standard use to detect anomalies
Provides security related events in real time
Helps identify trend and patterns over time
Collects data into a central repository
Target for attacks

Question 11

SIEM continued

Answer 11

Rule base for specific environments.

Statistical correction engine

Event deduplication reduces the clutter that duplicate log entries for the same event can create

Question 12

Post scan actions

Answer 12

After completing a vulnerability scan