Vulnerability Management

Question 1

Seeks to identify any issues in a network, application, database, or other
systems prior to it being used that might compromise the system

Answer 1

Vulnerability Assessment

Question 2

Practice of finding and mitigating the vulnerabilities in computers and
networks

Answer 2

Vulnerability Management

Question 3

Occurs when an attacker moves onto another workstation or user
account

Answer 3

Pivot

Question 4

Ability of an attacker to maintain a foothold inside the compromised
network

Answer 4

Persistance

Question 5

Exercise that uses an incident scenario against a framework of controls or
a red team

Answer 5

Tabletop Exercise (TTX)

Question 6

A test that uses active tools and security utilities to evaluate security by
simulating an attack on a system to verify that a threat exists, actively
test it, bypass security controls, and then finally exploit vulnerabilities on
a given system

Answer 6

Penetration Test

Question 7

The hostile or attacking team in a penetration test or incident
response exercise

Answer 7

Red Team

Question 8

The defensive team in a penetration test or incident response
exercise

Answer 8

BLue Team

Question 9

Staff administering, evaluating, and supervising a penetration test
or incident response exercise

Answer 9

White team

Question 10

A standard designed to regulate the transfer of secure public information
across networks and the Internet utilizing any security tools and services
available

Answer 10

Open Vulnerability and Assessment Language (OVAL)

Question 11

An XML schema used to define and describe the information being
created by OVAL to be shared among the various programs and tools

Answer 11

OVAL Language

Question 12

A reference developed to ensure the information passed around by these
programs complies with the OVAL schemas and definitions used by the
OVAL language

Answer 12

OVAL Interpreter

Question 13

Baselining of the network to assess the current security state of
computers, servers, network devices, and the entire network in general

Answer 13

Vulnerability Assessment

Question 14

Discovery and documentation of physical and logical connectivity
that exists in the network

Answer 14

Network Mapping

Question 15

A technique that identifies threats on the network without
exploiting them

Answer 15

Vulnerability Scanning

Question 16

A technique used to gain information about servers and
inventory the systems or services

Answer 16

Banner Grabbing

Question 17

The process of finding and investigating other computers on the
network by analyzing the network traffic or capturing the packets
being sent

Answer 17

Network Sniffing

Question 18

A tool used to test the strength of your passwords to ensure your
password policies
are being followed

Answer 18

Password Analysis

Question 19

Uses comparative analysis
to break passwords and systematically continues guessing
until the password
is determined
o Cain & Abel and John the Ripper

Answer 19

Password Cracker

Question 20

Occurs when a weak password is simply figured out by a
person

Answer 20

Password Guessing

Question 21

Method where a program attempts to guess the
password by using a list of possible passwords

Answer 21

Dictionary Attack

Question 22

Method where a program attempts to try every possible
combination until it
cracks the password

Answer 22

Brute-Force Attack

Question 23

Comparing a precomputed encrypted password to a value
in a lookup table

Answer 23

Cryptanalysis Attack

Question 24

List of precomputed valued used to more quickly break a
password since values don’t have to be calculated for each
password being guessed

Answer 24

Rainbow Table

Question 25

Attempt to crack a password by threatening or causing a
person physical harm in order to make them tell you the
password

Answer 25

Rubber Hose Attack