CompTIA Security + Chapter 5

Questions and Answers

What is the primary responsibility of cybersecurity professionals in managing vulnerabilities?

Building and maintaining security controls (correct)

Creating new exploits for software vulnerabilities

Conducting interviews with employees

Developing compliance manuals for regulations

Which tool is mentioned as a Windows-based vulnerability scanner?

Qualys

Burp Suite

Nessus (correct)

OpenVAS

What is a key activity involved in vulnerability management?

Testing without scanning

Remediating all vulnerabilities automatically

Delaying the identification of vulnerabilities

Prioritizing vulnerabilities based on risk (correct)

How do organizations typically ensure their security scans are aligned with compliance?

By adhering to regulatory requirements that dictate scan frequency

Which of the following is a benefit of automating vulnerability management?

Automated alerting for newly detected vulnerabilities

What does the risk appetite of an organization refer to?

The willingness to tolerate risk within the environment

Which of the following describes the role of automated techniques in vulnerability management?

They help identify systems that may be covered by scans

What is the purpose of conducting vulnerability scans?

To detect new vulnerabilities as they arise

How is the base score calculated if the scope metric is Changed?

Add the impact and exploitability scores, then multiply by 1.08.

What should be done if the calculated base score exceeds the maximum limit?

Set the base score to 10.

What is a potential issue when using vulnerability scanning systems?

They can generate false positives.

Which of the following is essential for confirming vulnerabilities reported by scanners?

Conducting log reviews from relevant systems.

What does a Security Information and Event Management (SIEM) system do?

Correlates log entries from multiple sources for actionable intelligence.

Which tool is described as open source and somewhat difficult to use?

Nikto

What capability is commonly provided by commercial web application scanners?

Advanced capabilities and user-friendly interfaces

What does the Common Vulnerability Scoring System (CVSS) primarily assess?

Severity of security vulnerabilities

Which component is NOT typically included in vulnerability scan reports?

Exploit code for vulnerabilities

Which scanning tool is noted for its compatibility with multiple operating systems, including Windows, macOS, and Linux?

Arachni

What is the focus of the first four measures in CVSS ratings?

Exploitability of the vulnerability

Which of the following statements accurately describes the output from a vulnerability scan?

It includes detailed vulnerability information and risk analysis.

What does a vulnerability scan report typically NOT provide?

Real-time attack prevention

What is the primary benefit of frequent updates to vulnerability scanner plug-ins?

They help the scanner maintain effectiveness against new vulnerabilities.

Which vulnerability scanner employs a software-as-a-service model?

Qualys's vulnerability scanner

What is the main focus of static testing in application security?

Analyzing code without executing it to find specific vulnerabilities.

What kind of vulnerabilities do web application scanners primarily examine?

SQL injection and cross-site scripting

What distinguishes Rapid7's Nexpose from Tenable's Nessus?

Nexpose offers capabilities similar to other commercial scanners.

How does interactive testing differ from dynamic testing?

Interactive testing examines the interfaces while running code.

Which of the following is NOT a common vulnerability examined by web application scanners?

Packet sniffing

What does the attack complexity metric describe?

The level of difficulty in exploiting a vulnerability

What is the primary purpose of introducing testing requirements into the software release process?

To ensure only tested code is released into production.

What does the privileges required metric indicate?

The level of account access necessary for an attacker

Which of the following metrics describes the potential information disclosure if a vulnerability is exploited?

Confidentiality

If the scope of a vulnerability is categorized as unchanged, what does this imply?

The base score is calculated using impact and exploitability scores

What is a primary business constraint that may affect the frequency of vulnerability scans?

Periods of high business activity

What does the integrity metric describe?

The type of alteration to data that can happen during an attack

What role do configuration reviews play in vulnerability scanning?

To ensure scan settings align with current requirements

How do credentialed scans improve vulnerability assessments?

They access system configurations for enhanced accuracy.

In the CVSS scoring system, what happens if the impact score is zero?

The base score is also zero

What may limit the capabilities of a scanning system in conducting vulnerability scans?

Licensing limitations on scans and bandwidth

Which CVSS metric describes the necessary user interaction for a successful attack?

User Interaction

What is the primary purpose of the CVSS base score?

To summarize the overall risk of a vulnerability

Which of the following is a potential drawback of basic vulnerability scans?

They may produce false positives due to security controls.

What is meant by 'template scans' in the context of vulnerability scanning?

Well-defined configurations saved for future use

What challenge do firewalls and intrusion prevention systems present during vulnerability scanning?

They can alter the scan results significantly.

What should administrators do to retrieve configuration information during scans?

Provide the scanner with necessary credentials

Study Notes

CompTIA Security + Chapter 5: Security Assessment and Testing

• Cybersecurity professionals are responsible for building, operating, and maintaining security controls to protect against threats.
• Regular security assessments and testing are crucial to ensure controls function properly and identify exploitable vulnerabilities.
• Vulnerability management involves identifying, prioritizing, and remediating vulnerabilities in environments.
• Vulnerability scanning detects new vulnerabilities as they arise, initiating remediation workflows focused on high-priority vulnerabilities.
• Automated techniques identify systems covered by scans. Tools like Qualys and OpenVAS (Linux-based) and Nessus (Windows-based) scanners are used.
• Nessus provides asset inventory and criticality information, guiding scan frequency and prioritization.
• Security professionals use automation for efficient and effective duty performance.
• Administrators schedule scans to meet security, compliance, and business requirements. Scan settings should be evaluated regularly.
• Automated alerting and email reports for new vulnerabilities are significant benefits of scanning tools.
• Organizations' risk appetite determines scan frequency. Regulatory requirements (e.g., PCI DSS, FISMA) may mandate minimum scan frequencies.
• Business constraints (high activity periods) and licensing limitations/bandwidth constraints can limit scan frequency.

Configuring Vulnerability Scans

• Scanners can be customized by administrators to specify checks, target server access credentials, and target server agent installation.
• Regular configuration reviews are important to ensure scanner settings align with current requirements.

Scan Sensitivity Levels

• Scanner checks should be determined to minimize target environment disruption.
• Custom-developed templates can aid in implementing and managing standardized scans.
• Creating templates for reusable configurations simplifies and standardizes the vulnerability scan process.

Nessus Scan Templates

• Nessus provides various templates for vulnerability scanning, including advanced scan configurations, cloud infrastructural audits, detection of malware, and more.

Supplementing Network Scans

• Basic scans offer a distanced view, but other security controls (firewalls, intrusion prevention systems) can influence results.
• Remote scans might yield false positives. Modern vulnerability management supplements these scans with detailed server configuration information.
• Credentialed scans, accessing operating systems, databases, and applications, can improve accuracy.

Credentialed Scanning (Qualys)

• Qualys provides credentialed scanning options for accessing operating systems, databases, and applications.

Scanner Software

• Scanning systems are prone to vulnerabilities.
• Regular updates are essential for scanners to effectively detect and address modern security threats.

Vulnerability Plug-in Feeds

• Security researchers constantly discover new vulnerabilities.
• Scanners need frequent updates to their plug-ins to remain effective against emerging vulnerabilities.
• Administrators regularly update scanners with the latest plugins.

Vulnerability Scanning Tools

• Tenable's Nessus, Qualys, Rapid7's Nexpose, and OpenVAS are important tools for detecting vulnerabilities.
• These tools vary in deployment model (e.g., SaaS, on-premises).

Application Scanning

• Application scanning tools are used for analyzing custom-developed software to identify common security vulnerabilities.
• Static analysis, dynamic analysis, and interactive testing are methodologies used by application scanning tools.

Before Release

• Many organizations integrate testing requirements into the software-release process. Testing is crucial before final system deployment.

Web Application Scanning

• Specialized tools called web application scanners examine web application security.
• These tools test for vulnerabilities such as SQL injection, cross-site scripting, and cross-site request forgery.

Nikto and Arachni Web Application Scanners

• Nikto, an open-source tool, utilizes a command-line interface.
• Arachni is a packaged scanner for multiple operating system platforms.

Reviewing and Interpreting Scan Reports

• Vulnerability scan reports provide detailed information for interpretation.
• Scan reports include vulnerability names, overall severity (low, medium, high, critical), detailed descriptions, solutions, and related output.

CVSS (Common Vulnerability Scoring System)

• CVSS is an industry standard for assessing the severity of vulnerabilities.
• A technique for scoring vulnerabilities based on various metrics. This system is used by security analysts to prioritize actions.

CVSS: Common Vulnerability Scoring System

• Vulnerability scoring begins by evaluating the vulnerability against eight different metrics.
• The first four metrics assess exploitability. The last three metrics evaluate the impact. The final metric examines the scope of the vulnerability.

CVSS: Metrics (Attack Vector, Attack Complexity, Privileges Required, User Interaction, Confidentiality, Integrity, Availability, Scope)

• These factors are used to assess and categorize vulnerability risk.

Calculating CVSS Scores

• Calculating CVSS base scores involves computing impact and exploitability scores. Base scores are calculated by combining impact and exploitability scores, and often multiplied.
• Scores greater than 10 are set to 10; all scores are used in categorization.

Categorizing CVSS Base Scores

• Vulnerability scanning systems often categorize results into qualitative risk categories (like low, medium, high) instead of numerical scores.

False Positives

• Scanners can sometimes report vulnerabilities that do not exist (false positives).
• Careful review of scan results is crucial. Cybersecurity analysts verify vulnerabilities reported.

Reconciling Scan Results with Other Data Sources

• Using logs, SIEM systems, configuration management information to confirm scanning results. Reconciliation helps identify false positives, confirms actual vulnerabilities, and helps prioritize security responses.

Description

Explore the critical aspects of security assessment and testing as outlined in CompTIA Security + Chapter 5. This quiz covers the importance of vulnerability management, scanning techniques, and automation tools that assist cybersecurity professionals in protecting systems. Test your understanding of how security controls function and the methodologies for identifying vulnerabilities in various environments.