27 Questions
When did the Zero Day Initiative begin?
2005
What is the main purpose of the Zero Day Initiative?
To promote the responsible disclosure of vulnerabilities
How does the ZDI process begin?
An external or internal researcher submits a previously unpatched vulnerability to the ZDI
What is the next step after a vulnerability is submitted to the ZDI?
The Zero Day Initiative validates the vulnerability, determines its worth, and makes a monetary offer to the researcher
What does the ZDI do when a security flaw is identified in a vendor's product?
It responsibly and promptly notifies the appropriate product vendor
What does Trend Micro do when a security flaw is identified in a vendor's product?
Trend Micro works to create a Digital Vaccine filter to protect customers using TippingPoint solutions
How long does the vendor have to address the vulnerability with a patch?
Four months
What happens if the vendor is unable or chooses not to patch the vulnerability?
The Zero Day Initiative publicly discloses the details of the vulnerability on its website
What is the purpose of the Digital Vaccine filter created by Trend Micro?
To protect customers using TippingPoint solutions from the unpatched vulnerability
What is the common way to refer to the setup wizard?
Setup wizard
What type of cable is used for the initial setup?
Console cable
What settings are used for the terminal during initial setup?
115200/8/N/1 (no flow control)
What are the security settings for the 'None' level?
Passwords must be at least 8 characters and no more than 32. Must contain at least 2 alphabetic characters. Must contain at least 1 numeric character. Must contain at least 1 non-alphanumeric character.
What is the length requirement for user names at the 'High' security level?
At least 6 characters
What are the password length requirements at the 'Medium' security level?
32 characters
What are the user name and password requirements at the 'Low' security level?
User names and passwords are unrestricted. Must contain at least 15 characters. Must contain at least 1 uppercase character. Must contain at least 1 lowercase character. Must contain 1 numeric character. Must contain 1 non-alphanumeric character. Must be different from the previous password in at least half of the corresponding character positions.
What is created once the security level is set?
Initial super user account
In the example, what name is used for the initial super user account?
SuperMan
What is the typical response time for Actively Exploited Vulnerabilities / Zero Day Vulnerabilities?
4 - 24 Hrs
When does Trend Micro respond to vulnerabilities after Microsoft Patch Tuesday?
Immediately after Microsoft ships patches
What is the typical response time for vulnerabilities with a CVSS score of 9.0 - 10.0?
Within 7 days
What is the typical response time for vulnerabilities with a CVSS score of 7.0 - 9.0?
Within 14 days
How many network protection filters are available out of the box?
Over 20,000 filters
Explain the concept of simple exploit filters.
Simple exploit filters simplify signatures to the simplest level and disregard checking for ALL necessary conditions for a particular attack.
What is the main reason for False Positives in IDSs?
The 90:10 rule, where only 10% of the work is done to be 90% right, leaving the final 10% up to the security admin to figure out.
How do hardware platforms like Trend Micro's avoid the trade-offs faced by software systems?
Hardware platforms like Trend Micro's do not face the same trade-offs as software systems.
Why do IDSs traditionally simplify signatures to the simplest level?
To avoid slowing down the system or needing to remove something to maintain performance.
Test your knowledge about the Zero Day Initiative and its role in promoting responsible disclosure of vulnerabilities. Learn about the submission process for unpatched vulnerabilities and how it contributes to cybersecurity.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
