Information Security Threats and Vulnerabilities

Questions and Answers

What characterizes a Zero Day attack?

• The vulnerability is unknown to others and undisclosed to the vendor. (correct)
• The attack occurs after the vendor has issued a fix.
• The vulnerability is known and a security fix is available.
• The vulnerability is publicly disclosed before any exploit occurs.

What is the first step in the typical coordination process for vulnerability disclosure?

• The vulnerability is described to the vendor. (correct)
• Vendors begin the correction process.
• Clients deploy protections for the vulnerability.
• Vendors create a CVE entry.

Which of the following tools are specifically designed for detecting vulnerabilities?

• Antivirus software that scans the system for malware.
• Network monitoring tools that track data traffic.
• Firewalls that filter incoming and outgoing traffic.
• Specific tools that exploit known vulnerabilities. (correct)

What should clients do once a software vulnerability has been publicly disclosed?

Update the software or deploy protections to mitigate impact. (D)

What is a common strategy to manage vulnerabilities effectively?

To segment networks or disable features as mitigation strategies. (D)

What is a primary characteristic of insider threats?

They utilize their authorized access to harm the organization. (A)

What impact can supply chain attacks have on an organization?

They can lead to compromising clients of the targeted software company. (A)

What is a common consequence of injection vulnerabilities?

They can lead to total system compromise. (A)

In SQL injection, what does the example OR 1=1 -- accomplish?

It allows access to all usernames and passwords. (B)

Which of the following is a method used in vulnerability detection?

Regularly conducting manual code reviews. (D)

What is an example of a vulnerability management strategy?

Performing regular system updates and patches. (C)

How can vulnerabilities impact an organization's brand?

They can cause total disruption and loss of trust. (A)

What defines a Zero Day Attack?

An attack exploiting a vulnerability that is not yet known to the vendor. (C)

What defines a vulnerability in software?

A mistake that allows an attacker to gain access or control (B)

Which of the following best describes a CVE identifier?

A common identifier for known security vulnerabilities (D)

What is an exposure in the context of information security?

A configuration issue that allows limited access without compromise (D)

What is a zero-day attack?

An attack utilizing a vulnerability for which no fix is available (C)

How are vulnerabilities and updates to software typically related?

Vulnerabilities can still exist in unsupported earlier versions (D)

In vulnerability management, what is a common strategy employed?

Consistent monitoring and timely patching (D)

What is the consequence of having a vulnerability in a system?

Potential unauthorized access or control by attackers (B)

What is a possible outcome of responsible vulnerability disclosure?

Gathering information for a thorough investigation (A)

Which activity is NOT typically classified as a consequence of a vulnerability?

Enhancing system security measures (D)

What occurs when a vulnerability allows an attacker to pose as another entity?

Identity impersonation (C)

Flashcards

CVE Identifier

A unique identifier for publicly known information security vulnerabilities.

CVE Candidate Status

Indicates that a vulnerability is under review for inclusion in the CVE list.

CVE Entry Status

Indicates that a vulnerability has been accepted to the CVE list.

Vulnerability

A software flaw allowing an attacker to gain unauthorized access or control.

Vulnerability vs. Exposure

Vulnerabilities directly allow attacks, while exposures provide a path but not direct access.

Exposure

A configuration issue, or software flaw, that indirectly allows access/activities, but doesn't immediately let attackers take control of something.

CVE Format

The structured way CVE vulnerabilities are identified (e.g., CVE-2023-4242).

Software Vulnerabilities

Flaws in software that are always present and might not be immediately noticeable

Zero-Day Attack

An attack that exploits vulnerabilities unknown to the software vendor or the general public. There's no patch available.

Vulnerability Disclosure

The process of reporting new vulnerabilities to the software vendor. It's crucial for fixing security issues.

Vulnerability Coordination

A process where vulnerabilities are described to the vendor, who fixes the issue, updates are released and made public, and clients (users) apply the updates.

Vulnerability Detection

Using tools to find security weaknesses based on known patterns, like buffer overflows or SQL injection.

Vendor Responsibility

Vendors are responsible for tracking vulnerabilities and patching them for their customers.

Client Responsibility

Clients are responsible for applying updates to fix vulnerabilities.

Mitigation

Taking steps to reduce the impact of a vulnerability, even if a complete fix isn't possible.

Insider Threats

An insider who uses their authorized access or understanding of an organization to harm that organization. This includes disgruntled, subverted, or malicious collaborators, as well as suppliers or contractors, sometimes referred to as supply chain attacks.

Supply Chain Attacks

Attacks targeting vulnerabilities in the suppliers or contractors of an organization or system, potentially resulting in extensive damage.

Injection Attacks

Exploiting a vulnerability to insert malicious code into a program or query, which is later executed on a server or other clients. This can impact databases, web applications, or binary applications.

SQL Injection

A type of injection attack that specifically targets database queries. Attackers exploit vulnerabilities in data handling to inject malicious SQL statements.

Remote Code Injection

A specific injection technique where attackers introduce malicious code to run on a system remotely.

Vulnerabilities

Weaknesses in a system that attackers can exploit to gain unauthorized access or disrupt operations.

Perimeter Defense Model

A security model focused on securing the outer boundaries, or perimeter, of a network or system. Weakness in such a model may allow attackers to exploit vulnerabilities within the network.