Trend Micro and TippingPoint Zero Day Initiative Quiz
27 Questions
4 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

When did the Zero Day Initiative begin?

2005

What is the main purpose of the Zero Day Initiative?

To promote the responsible disclosure of vulnerabilities

How does the ZDI process begin?

An external or internal researcher submits a previously unpatched vulnerability to the ZDI

What is the next step after a vulnerability is submitted to the ZDI?

<p>The Zero Day Initiative validates the vulnerability, determines its worth, and makes a monetary offer to the researcher</p> Signup and view all the answers

What does the ZDI do when a security flaw is identified in a vendor's product?

<p>It responsibly and promptly notifies the appropriate product vendor</p> Signup and view all the answers

What does Trend Micro do when a security flaw is identified in a vendor's product?

<p>Trend Micro works to create a Digital Vaccine filter to protect customers using TippingPoint solutions</p> Signup and view all the answers

How long does the vendor have to address the vulnerability with a patch?

<p>Four months</p> Signup and view all the answers

What happens if the vendor is unable or chooses not to patch the vulnerability?

<p>The Zero Day Initiative publicly discloses the details of the vulnerability on its website</p> Signup and view all the answers

What is the purpose of the Digital Vaccine filter created by Trend Micro?

<p>To protect customers using TippingPoint solutions from the unpatched vulnerability</p> Signup and view all the answers

What is the common way to refer to the setup wizard?

<p>Setup wizard</p> Signup and view all the answers

What type of cable is used for the initial setup?

<p>Console cable</p> Signup and view all the answers

What settings are used for the terminal during initial setup?

<p>115200/8/N/1 (no flow control)</p> Signup and view all the answers

What are the security settings for the 'None' level?

<p>Passwords must be at least 8 characters and no more than 32. Must contain at least 2 alphabetic characters. Must contain at least 1 numeric character. Must contain at least 1 non-alphanumeric character.</p> Signup and view all the answers

What is the length requirement for user names at the 'High' security level?

<p>At least 6 characters</p> Signup and view all the answers

What are the password length requirements at the 'Medium' security level?

<p>32 characters</p> Signup and view all the answers

What are the user name and password requirements at the 'Low' security level?

<p>User names and passwords are unrestricted. Must contain at least 15 characters. Must contain at least 1 uppercase character. Must contain at least 1 lowercase character. Must contain 1 numeric character. Must contain 1 non-alphanumeric character. Must be different from the previous password in at least half of the corresponding character positions.</p> Signup and view all the answers

What is created once the security level is set?

<p>Initial super user account</p> Signup and view all the answers

In the example, what name is used for the initial super user account?

<p>SuperMan</p> Signup and view all the answers

What is the typical response time for Actively Exploited Vulnerabilities / Zero Day Vulnerabilities?

<p>4 - 24 Hrs</p> Signup and view all the answers

When does Trend Micro respond to vulnerabilities after Microsoft Patch Tuesday?

<p>Immediately after Microsoft ships patches</p> Signup and view all the answers

What is the typical response time for vulnerabilities with a CVSS score of 9.0 - 10.0?

<p>Within 7 days</p> Signup and view all the answers

What is the typical response time for vulnerabilities with a CVSS score of 7.0 - 9.0?

<p>Within 14 days</p> Signup and view all the answers

How many network protection filters are available out of the box?

<p>Over 20,000 filters</p> Signup and view all the answers

Explain the concept of simple exploit filters.

<p>Simple exploit filters simplify signatures to the simplest level and disregard checking for ALL necessary conditions for a particular attack.</p> Signup and view all the answers

What is the main reason for False Positives in IDSs?

<p>The 90:10 rule, where only 10% of the work is done to be 90% right, leaving the final 10% up to the security admin to figure out.</p> Signup and view all the answers

How do hardware platforms like Trend Micro's avoid the trade-offs faced by software systems?

<p>Hardware platforms like Trend Micro's do not face the same trade-offs as software systems.</p> Signup and view all the answers

Why do IDSs traditionally simplify signatures to the simplest level?

<p>To avoid slowing down the system or needing to remove something to maintain performance.</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Browser