Vulnerability assessment

Question 1

Common Vulnerabilities and Exposures (CVE)

Answer 1

a reference of common names, or CVE Identifiers; CVE contains publicly known information on security vulnerabilities

Question 2

Common Vulnerability Scoring System (CVSS)

Answer 2

provides a universal open and standardized method for rating IT vulnerabilities

Question 3

Defense-in-depth

Answer 3

the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.

Question 4

Fully Loaded Risk Factor

Answer 4

the value generated by multiplying Criticality times Vulnerability times Complexity Value

Question 5

IBM Security AppScan

Answer 5

enables you to identify security vulnerabilities and generate reports and fix recommendations; improves application security program management and strengthens regulatory compliance

Question 6

iScanOnline

Answer 6

identifies and locates unprotected sensitive data at rest before a data breach happens; continuously assesses servers, laptops, smartphones, and tablets for known vulnerabilities and security threats

Question 7

LanGuard 2014

Answer 7

allow automation of patching from a single console for the entire network; including Windows, Mac OS X, and major Linux distributions such as, Red Hat Enterprise Linux, Ubuntu, Suse, CentOS, and Debian

Question 8

Microsoft Baseline Security Analyzer (MBSA)

Answer 8

determines security status by assessing missing security updates and less-secure security settings within Microsoft Windows and Windows components

Question 9

Mitigation

Answer 9

using security controls to protect against a risk until the risk impact is reduced to a level that is tolerated by the organization

Question 10

Patch

Answer 10

a fix to a vulnerability

Question 11

Nessus

Answer 11

is the world’s most widely used vulnerability scanner, with extensive management and collaboration functions; uses powerful detection, scanning, and auditing features

Question 12

Pen testers

Answer 12

Penetration testers; people who perform penetration testing, also called Ethical Hackers

Question 13

Remediation

Answer 13

the process of correcting a fault or deficiency; the process of fixing vulnerabilities

Question 14

Patch management

Answer 14

an important area of systems management; this involves acquiring, testing, and installing multiple patches to your computer system

Question 15

HFNetChk

Answer 15

tool built upon the industry standard of HFNetChk patch scanning engine which is used by Microsoft for its popular Microsoft Baseline Security Analyzer; developed by Shavlik Technologies

Question 16

National Vulnerability Database (NVD)

Answer 16

the U.S. government repository of standards-based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance; includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics