CompTIA Security + Chapter 5

Questions and Answers

What is the primary responsibility of cybersecurity professionals in managing vulnerabilities?

• Building and maintaining security controls (correct)
• Creating new exploits for software vulnerabilities
• Conducting interviews with employees
• Developing compliance manuals for regulations

Which tool is mentioned as a Windows-based vulnerability scanner?

• Qualys
• Burp Suite
• Nessus (correct)
• OpenVAS

What is a key activity involved in vulnerability management?

• Testing without scanning
• Remediating all vulnerabilities automatically
• Delaying the identification of vulnerabilities
• Prioritizing vulnerabilities based on risk (correct)

How do organizations typically ensure their security scans are aligned with compliance?

By adhering to regulatory requirements that dictate scan frequency (C)

Which of the following is a benefit of automating vulnerability management?

Automated alerting for newly detected vulnerabilities (A)

What does the risk appetite of an organization refer to?

The willingness to tolerate risk within the environment (A)

Which of the following describes the role of automated techniques in vulnerability management?

They help identify systems that may be covered by scans (D)

What is the purpose of conducting vulnerability scans?

To detect new vulnerabilities as they arise (A)

How is the base score calculated if the scope metric is Changed?

Add the impact and exploitability scores, then multiply by 1.08. (A)

What should be done if the calculated base score exceeds the maximum limit?

Set the base score to 10. (C)

What is a potential issue when using vulnerability scanning systems?

They can generate false positives. (B)

Which of the following is essential for confirming vulnerabilities reported by scanners?

Conducting log reviews from relevant systems. (A)

What does a Security Information and Event Management (SIEM) system do?

Correlates log entries from multiple sources for actionable intelligence. (A)

Which tool is described as open source and somewhat difficult to use?

Nikto (A)

What capability is commonly provided by commercial web application scanners?

Advanced capabilities and user-friendly interfaces (D)

What does the Common Vulnerability Scoring System (CVSS) primarily assess?

Severity of security vulnerabilities (C)

Which component is NOT typically included in vulnerability scan reports?

Exploit code for vulnerabilities (C)

Which scanning tool is noted for its compatibility with multiple operating systems, including Windows, macOS, and Linux?

Arachni (A)

What is the focus of the first four measures in CVSS ratings?

Exploitability of the vulnerability (B)

Which of the following statements accurately describes the output from a vulnerability scan?

It includes detailed vulnerability information and risk analysis. (C)

What does a vulnerability scan report typically NOT provide?

Real-time attack prevention (D)

What is the primary benefit of frequent updates to vulnerability scanner plug-ins?

They help the scanner maintain effectiveness against new vulnerabilities. (A)

Which vulnerability scanner employs a software-as-a-service model?

Qualys's vulnerability scanner (A)

What is the main focus of static testing in application security?

Analyzing code without executing it to find specific vulnerabilities. (D)

What kind of vulnerabilities do web application scanners primarily examine?

SQL injection and cross-site scripting (D)

What distinguishes Rapid7's Nexpose from Tenable's Nessus?

Nexpose offers capabilities similar to other commercial scanners. (A)

How does interactive testing differ from dynamic testing?

Interactive testing examines the interfaces while running code. (C)

Which of the following is NOT a common vulnerability examined by web application scanners?

Packet sniffing (C)

What does the attack complexity metric describe?

The level of difficulty in exploiting a vulnerability (A)

What is the primary purpose of introducing testing requirements into the software release process?

To ensure only tested code is released into production. (A)

What does the privileges required metric indicate?

The level of account access necessary for an attacker (B)

Which of the following metrics describes the potential information disclosure if a vulnerability is exploited?

Confidentiality (D)

If the scope of a vulnerability is categorized as unchanged, what does this imply?

The base score is calculated using impact and exploitability scores (A)

What is a primary business constraint that may affect the frequency of vulnerability scans?

Periods of high business activity (A)

What does the integrity metric describe?

The type of alteration to data that can happen during an attack (B)

What role do configuration reviews play in vulnerability scanning?

To ensure scan settings align with current requirements (C)

How do credentialed scans improve vulnerability assessments?

They access system configurations for enhanced accuracy. (D)

In the CVSS scoring system, what happens if the impact score is zero?

The base score is also zero (C)

What may limit the capabilities of a scanning system in conducting vulnerability scans?

Licensing limitations on scans and bandwidth (C)

Which CVSS metric describes the necessary user interaction for a successful attack?

User Interaction (B)

What is the primary purpose of the CVSS base score?

To summarize the overall risk of a vulnerability (D)

Which of the following is a potential drawback of basic vulnerability scans?

They may produce false positives due to security controls. (C)

What is meant by 'template scans' in the context of vulnerability scanning?

Well-defined configurations saved for future use (D)

What challenge do firewalls and intrusion prevention systems present during vulnerability scanning?

They can alter the scan results significantly. (C)

What should administrators do to retrieve configuration information during scans?

Provide the scanner with necessary credentials (B)

Flashcards

CVSS Base Score

A metric in the Common Vulnerability Scoring System (CVSS) that represents the combined severity of a vulnerability, considering factors like the impact of exploitation and the ease of exploiting the vulnerability.

False Positive

A false alarm; an error in vulnerability scanning that incorrectly identifies a system as vulnerable.

True Positive

An accurate detection of a vulnerability by a vulnerability scanner.

False Negative

The failure to detect vulnerabilities by a vulnerability scanner.

True Negative

A scenario where a scan correctly identifies a system that is not vulnerable.

Vulnerability Scanner Updates

Regularly updated plugin database ensures vulnerability scanners can effectively identify newly discovered vulnerabilities.

Vulnerability Scanner

Software used to detect potential security weaknesses in networks and applications.

Tenable's Nessus

A widely recognized network vulnerability scanner known for its early entry into the field.

Qualys's Vulnerability Scanner

A web-based vulnerability scanner offering a unique deployment model using a cloud-based management console.

Web Application Scanner

A software tool used to detect vulnerabilities in web applications.

Static Application Testing

Analyzing code without executing it. It directly identifies vulnerabilities and often provides remediation suggestions.

Dynamic Application Testing

Executing code to find vulnerabilities by testing various user inputs and interfaces.

Interactive Application Testing

A combination of static and dynamic testing, analyzing source code while interacting with the application.

Scanning System Limitations

Scanning systems may have limitations on the number of scans per day, due to factors like resource availability or licensing.

Business Constraints on Scanning

Organizations may restrict resource-intensive vulnerability scans during peak business hours to avoid disrupting critical operations.

License Limitations on Scanning

License agreements might restrict the bandwidth used by the scanner or the number of simultaneous scans allowed.

Admin Customization of Vulnerability Scanner

Administrators can configure various aspects of the scanner, such as scan types, target server credentials, scanning agents, and network perspectives.

Regular Configuration Reviews

Regularly reviewing scanner configuration ensures that scan settings match current security requirements.

Template Scans

Pre-defined sets of scan settings for specific purposes, streamlining the scanning process.

Basic Vulnerability Scans

Scans performed from a distance, providing a basic security overview.

Credentialed Vulnerability Scans

Scans that leverage access credentials to gather more detailed and accurate vulnerability information from target systems.

Attack Complexity

Describes the difficulty of exploiting the vulnerability.

Privileges Required

Describes the type of account access needed to exploit the vulnerability.

User Interaction

Describes whether the attacker needs another human to help in the attack.

Confidentiality

Describes the type of information disclosure that might occur if the vulnerability is exploited.

Integrity

Describes the type of information alteration that might occur if the vulnerability is exploited.

Availability

Describes the type of disruption that might occur if the vulnerability is exploited.

Scope

Describes if the vulnerability can affect other system components beyond its initial target.

Vulnerability Management

Vulnerability management is the process of identifying, prioritizing, and fixing weaknesses in a system or network that attackers could exploit.

Asset Criticality

Asset criticality, a key factor in vulnerability management, refers to the importance of an asset based on its impact to the organization if compromised.

Scan Frequency

The frequency of vulnerability scans is determined by factors such as risk appetite (what the organization is willing to tolerate), regulatory requirements (PCI DSS, FISMA), and technical constraints.

Automated Vulnerability Alerting

Organizations can optimize the process by automating the alerting and reporting of new vulnerabilities, which can be sent via email.

OpenVAS Scanner

OpenVAS (Open Vulnerability Assessment System) is a widely used, open-source vulnerability scanner typically run on Linux systems.

Nessus Scanner

Nessus, a commercial vulnerability scanner commonly used on Windows platforms, identifies security issues and helps prioritize remediation.

Why is vulnerability management important?

Securing an organization's digital assets is a core responsibility of cybersecurity professionals, emphasizing the importance of vulnerability management for a protected and robust environment.

Nikto

A popular open-source web application scanner that uses a command-line interface and is free to use.

Arachni

A packaged web application scanner available for Windows, macOS, and Linux.

Common Vulnerability Scoring System (CVSS)

A method to assess the severity of security vulnerabilities using a standardized scoring system.

Exploitability

Evaluates how easy it is for an attacker to exploit a vulnerability. It includes factors like access vector, complexity, and authentication.

Impact

Evaluates the potential impact of a successful exploit. It includes factors like confidentiality, integrity, and availability.

Vulnerability Scan Report

A detailed report generated by vulnerability scanners, providing information about identified vulnerabilities and their severity.

Security Vulnerability

A vulnerability that allows an attacker to bypass security controls and access sensitive information.

Study Notes

CompTIA Security + Chapter 5: Security Assessment and Testing

• Cybersecurity professionals are responsible for building, operating, and maintaining security controls to protect against threats.
• Regular security assessments and testing are crucial to ensure controls function properly and identify exploitable vulnerabilities.
• Vulnerability management involves identifying, prioritizing, and remediating vulnerabilities in environments.
• Vulnerability scanning detects new vulnerabilities as they arise, initiating remediation workflows focused on high-priority vulnerabilities.
• Automated techniques identify systems covered by scans. Tools like Qualys and OpenVAS (Linux-based) and Nessus (Windows-based) scanners are used.
• Nessus provides asset inventory and criticality information, guiding scan frequency and prioritization.
• Security professionals use automation for efficient and effective duty performance.
• Administrators schedule scans to meet security, compliance, and business requirements. Scan settings should be evaluated regularly.
• Automated alerting and email reports for new vulnerabilities are significant benefits of scanning tools.
• Organizations' risk appetite determines scan frequency. Regulatory requirements (e.g., PCI DSS, FISMA) may mandate minimum scan frequencies.
• Business constraints (high activity periods) and licensing limitations/bandwidth constraints can limit scan frequency.

Configuring Vulnerability Scans

• Scanners can be customized by administrators to specify checks, target server access credentials, and target server agent installation.
• Regular configuration reviews are important to ensure scanner settings align with current requirements.

Scan Sensitivity Levels

• Scanner checks should be determined to minimize target environment disruption.
• Custom-developed templates can aid in implementing and managing standardized scans.
• Creating templates for reusable configurations simplifies and standardizes the vulnerability scan process.

Nessus Scan Templates

• Nessus provides various templates for vulnerability scanning, including advanced scan configurations, cloud infrastructural audits, detection of malware, and more.

Supplementing Network Scans

• Basic scans offer a distanced view, but other security controls (firewalls, intrusion prevention systems) can influence results.
• Remote scans might yield false positives. Modern vulnerability management supplements these scans with detailed server configuration information.
• Credentialed scans, accessing operating systems, databases, and applications, can improve accuracy.

Credentialed Scanning (Qualys)

• Qualys provides credentialed scanning options for accessing operating systems, databases, and applications.

Scanner Software

• Scanning systems are prone to vulnerabilities.
• Regular updates are essential for scanners to effectively detect and address modern security threats.

Vulnerability Plug-in Feeds

• Security researchers constantly discover new vulnerabilities.
• Scanners need frequent updates to their plug-ins to remain effective against emerging vulnerabilities.
• Administrators regularly update scanners with the latest plugins.

Vulnerability Scanning Tools

• Tenable's Nessus, Qualys, Rapid7's Nexpose, and OpenVAS are important tools for detecting vulnerabilities.
• These tools vary in deployment model (e.g., SaaS, on-premises).

Application Scanning

• Application scanning tools are used for analyzing custom-developed software to identify common security vulnerabilities.
• Static analysis, dynamic analysis, and interactive testing are methodologies used by application scanning tools.

Before Release

• Many organizations integrate testing requirements into the software-release process. Testing is crucial before final system deployment.

Web Application Scanning

• Specialized tools called web application scanners examine web application security.
• These tools test for vulnerabilities such as SQL injection, cross-site scripting, and cross-site request forgery.

Nikto and Arachni Web Application Scanners

• Nikto, an open-source tool, utilizes a command-line interface.
• Arachni is a packaged scanner for multiple operating system platforms.

Reviewing and Interpreting Scan Reports

• Vulnerability scan reports provide detailed information for interpretation.
• Scan reports include vulnerability names, overall severity (low, medium, high, critical), detailed descriptions, solutions, and related output.

CVSS (Common Vulnerability Scoring System)

• CVSS is an industry standard for assessing the severity of vulnerabilities.
• A technique for scoring vulnerabilities based on various metrics. This system is used by security analysts to prioritize actions.

CVSS: Common Vulnerability Scoring System

• Vulnerability scoring begins by evaluating the vulnerability against eight different metrics.
• The first four metrics assess exploitability. The last three metrics evaluate the impact. The final metric examines the scope of the vulnerability.

CVSS: Metrics (Attack Vector, Attack Complexity, Privileges Required, User Interaction, Confidentiality, Integrity, Availability, Scope)

• These factors are used to assess and categorize vulnerability risk.

Calculating CVSS Scores

• Calculating CVSS base scores involves computing impact and exploitability scores. Base scores are calculated by combining impact and exploitability scores, and often multiplied.
• Scores greater than 10 are set to 10; all scores are used in categorization.

Categorizing CVSS Base Scores

• Vulnerability scanning systems often categorize results into qualitative risk categories (like low, medium, high) instead of numerical scores.

False Positives

• Scanners can sometimes report vulnerabilities that do not exist (false positives).
• Careful review of scan results is crucial. Cybersecurity analysts verify vulnerabilities reported.

Reconciling Scan Results with Other Data Sources

• Using logs, SIEM systems, configuration management information to confirm scanning results. Reconciliation helps identify false positives, confirms actual vulnerabilities, and helps prioritize security responses.

Description

Explore the critical aspects of security assessment and testing as outlined in CompTIA Security + Chapter 5. This quiz covers the importance of vulnerability management, scanning techniques, and automation tools that assist cybersecurity professionals in protecting systems. Test your understanding of how security controls function and the methodologies for identifying vulnerabilities in various environments.