Cybersecurity Zero-Day Vulnerabilities Quiz

Questions and Answers

Which of the following CVE metrics would be most accurate for a zero-day vulnerability being actively exploited, requiring no user interaction or privilege escalation, and having a significant impact on confidentiality and integrity but not on availability?

CVSS: 31/AV: N/AC: L/PR: N/UI: N/S: U/C: H/I: H/A: L (correct)

CVSS: 31/AV: N/AC: L/PR: N/UI: H/S: U/C: L/I: N/A: H

CVSS: 31/AV: K/AC: L/PR: H/UI: R/S: C/C: H/I: H/A: L

CVSS: 31/AV: L/AC: L/PR: R/UI: R/S: U/C: H/I: L/A: H

Which of the following tools would work best to prevent the exposure of PII outside of an organization?

IDS

PAM

DLP (correct)

PKI

Which of the following tuning recommendations should the security analyst share after conducting a web application vulnerability assessment?

Set an HttpOnly flag to force communication by HTTPS (correct)

Disable the cross-origin resource sharing header

Block requests without an X-Frame-Options header (correct)

Configure an Access-Control-Allow-Origin header to authorized domains (correct)

Which of the following items should be included in a vulnerability scan report? (Choose two)

Affected hosts

Which of the following would best protect an organization from attacks that are being exploited approximately 45 days after a patch is released?

A mean time to remediate of 30 days

Given a specific script, which of the following scripting languages was used?

PowerShell

Which of the following most likely describes the observed activity of internal portal accessibility issues?

An on-path attack is being performed by someone with internal access that forces users into port 80

Which of the following items should be included in a vulnerability scan report? (Choose two)

Affected hosts

Which of the following will most likely ensure that mission-critical services are available in the event of an incident?

Business continuity plan

Which of the following solutions will assist the Chief Information Security Officer in reducing the risk of shadow IT in the enterprise?

Deploy a CASB and enable policy enforcement

Which of the following logs should the incident response team review first after a DDoS attack was identified?

DNS

Which of the following best describes the current stage of the Cyber Kill Chain that a malicious actor is currently operating in after gaining access through social engineering?

Exploitation

Which of the following steps of an attack framework is the analyst witnessing when an IP address outside the company network runs scans across external-facing assets?

Reconnaissance

What is the suggested response when multiple emails targeting company administrators are noted?

Investigate the source and content of the emails for potential phishing attempts.

Study Notes

Zero-Day Vulnerability

• Zero-day vulnerabilities are actively exploited with no required user interaction or privilege escalation.
• They significantly impact confidentiality and integrity but do not affect availability.
• CVE metrics must reflect aspects like access vector (AV), authentication complexity (AC), and impact on confidentiality (C), integrity (I), and availability (A).

Tools for Preventing PII Exposure

• Data Loss Prevention (DLP) tools are designed to prevent unauthorized exposure of Personally Identifiable Information (PII).

Web Application Vulnerability Assessments

• Tuning recommendations for web applications may include implementing HttpOnly flags, blocking requests without an X-Frame-Options header, and configurations for Access-Control-Allow-Origin headers.
• Security analysts should ensure proper configurations to enhance website security.

Vulnerability Scan Report Content

• A vulnerability scan report should include "affected hosts" and "risk score" to inform stakeholders about impacted systems and associated risks.

Protecting Against Exploitation of Attacks

• Organizational protection strategies must focus on reducing the mean time to remediate vulnerabilities, ideally set at 30 days, to close gaps before exploitation occurs.

Identifying Scripting Languages

• Determining the scripting language used in production can include recognizing features specific to languages like PowerShell, Ruby, Python, or Shell scripts.

Compromised User Accounts and Access Issues

• Fluctuating access methods (HTTP vs. HTTPS) can indicate SSL certificate issues or potential on-path attacks pushing traffic to unsecured ports.

Company Services Availability During Incidents

• Business Continuity Plans (BCP) are critical for ensuring the availability of mission-critical services when incidents occur.

Reducing Shadow IT Risks

• Implementing a Cloud Access Security Broker (CASB) can assist organizations in monitoring and enforcing policies for shadow IT applications.

Incident Response to DDoS Attacks

• In response to a DDoS attack, priority log reviews should start with CDN and DNS logs to assess the attack's impact on user access.

Cyber Kill Chain Stages

• The Cyber Kill Chain stages include reconnaissance, weaponization, delivery, and exploitation. A malicious actor who has gained internal access is typically in the delivery/exploitation stages.

Attack Framework Observation

• Network and vulnerability scans from an external IP indicate the reconnaissance stage of an attack framework, as attackers gather information on target systems.

Targeted Email Attacks

• Threats targeting administrators via concealed emails may indicate phishing attempts or other targeted cyber risks, warranting further investigation.

Description

Test your knowledge on zero-day vulnerabilities in cybersecurity. This quiz focuses on the metrics used to evaluate the impact of zero-day threats, particularly around confidentiality, integrity, and availability. Challenge yourself to determine the most accurate CVE metrics for a given scenario.