Podcast
Questions and Answers
Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise?
Which one of the following security assessment techniques assumes that an organization has already been compromised and searches for evidence of that compromise?
- War driving
- Vulnerability scanning
- Penetration testing
- Threat hunting (correct)
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?
Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?
- Domain administrator
- Local administrator
- Root
- Read-only (correct)
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?
Ryan is planning to conduct a vulnerability scan of a business-critical system using dangerous plug-ins. What would be the best approach for the initial scan?
- Run the scan against production systems to achieve the most realistic results possible.
- Run the scan during business hours.
- Run the scan in a test environment. (correct)
- Do not run the scan to avoid disrupting the business.
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?
Which one of the following values for the CVSS attack complexity metric would indicate that the specified attack is simplest to exploit?
Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?
Tara recently analyzed the results of a vulnerability scan report and found that a vulnerability reported by the scanner did not exist because the system was actually patched as specified. What type of error occurred?
Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity?
Brian ran a penetration test against a school's grading system and discovered a flaw that would allow students to alter their grades by exploiting a SQL injection vulnerability. What type of control should he recommend to the school's cybersecurity team to prevent students from engaging in this type of activity?
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test?
Which one of the following security assessment tools is least likely to be used during the reconnaissance phase of a penetration test?
Which one of the following tools is most likely to detect an XSS vulnerability?
Which one of the following tools is most likely to detect an XSS vulnerability?
During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?
During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?
Zian is a cybersecurity leader who is coordinating the activities of a security audit. The audit is being done to validate the organization's financial statements to investors and involves a review of cybersecurity controls. What term best describes this audit?
Zian is a cybersecurity leader who is coordinating the activities of a security audit. The audit is being done to validate the organization's financial statements to investors and involves a review of cybersecurity controls. What term best describes this audit?
Which one of the following assessment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities?
Which one of the following assessment techniques is designed to solicit participation from external security experts and reward them for discovering vulnerabilities?
Kyle is conducting a penetration test. After gaining access to an organization's database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action?
Kyle is conducting a penetration test. After gaining access to an organization's database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action?
Which one of the following techniques would be considered passive reconnaissance?
Which one of the following techniques would be considered passive reconnaissance?
Which element of the SCAP framework can be used to consistently describe vulnerabilities?
Which element of the SCAP framework can be used to consistently describe vulnerabilities?
Bruce is conducting a penetration test for a client. The client provided him with full details of their systems in advance. What type of test is Bruce conducting?
Bruce is conducting a penetration test for a client. The client provided him with full details of their systems in advance. What type of test is Bruce conducting?
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information?
Lila is working on a penetration testing team and she is unsure whether she is allowed to conduct social engineering as part of the test. What document should she consult to find this information?
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information?
Grace would like to determine the operating system running on a system that she is targeting in a penetration test. Which one of the following techniques will most directly provide her with this information?
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?
Kevin recently identified a new security vulnerability and computed its CVSS base score as 6.5. Which risk category would this vulnerability fall into?
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack?
Which one of the CVSS metrics would contain information about the type of account access that an attacker must have to execute an attack?
Flashcards
Threat Hunting
Threat Hunting
A security assessment technique that assumes a breach has occurred and actively searches for evidence of it.
Read-only Account (for Vulnerability Scans)
Read-only Account (for Vulnerability Scans)
An account with minimal permissions, allowing the scanner to read system information without making changes.
Test Environment for Vulnerability Scans
Test Environment for Vulnerability Scans
Running the scan in an isolated environment that mirrors the production system to avoid potential disruptions or damage.
CVSS Attack Complexity: Low
CVSS Attack Complexity: Low
Signup and view all the flashcards
False Positive (in Vulnerability Scanning)
False Positive (in Vulnerability Scanning)
Signup and view all the flashcards
Integrity Controls
Integrity Controls
Signup and view all the flashcards
Metasploit (in Reconnaissance)
Metasploit (in Reconnaissance)
Signup and view all the flashcards
Web Application Vulnerability Scanner
Web Application Vulnerability Scanner
Signup and view all the flashcards
Lateral Movement
Lateral Movement
Signup and view all the flashcards
External Audit (Cybersecurity)
External Audit (Cybersecurity)
Signup and view all the flashcards
Bug Bounty
Bug Bounty
Signup and view all the flashcards
Persistence (Penetration Testing)
Persistence (Penetration Testing)
Signup and view all the flashcards
Passive Reconnaissance
Passive Reconnaissance
Signup and view all the flashcards
CVE (Common Vulnerabilities and Exposures)
CVE (Common Vulnerabilities and Exposures)
Signup and view all the flashcards
Known Environment Test
Known Environment Test
Signup and view all the flashcards
Rules of Engagement
Rules of Engagement
Signup and view all the flashcards
Footprinting
Footprinting
Signup and view all the flashcards
CVSS Score 6.5: Risk Category
CVSS Score 6.5: Risk Category
Signup and view all the flashcards
CVSS Metric: PR (Privileges Required)
CVSS Metric: PR (Privileges Required)
Signup and view all the flashcards
