42 Questions
What is the primary purpose of a vulnerability scan?
To determine potential vulnerabilities in systems
What is a port scan, and what does it do?
A scan that determines which ports are responding on an IP address
Why is Telnet considered a potential vulnerability?
Because it sends unencrypted data
What is the key difference between a vulnerability scan and a penetration test?
One is used to identify vulnerabilities, while the other is used to exploit them
From whose perspective should vulnerability scans be performed?
From the perspective of the attacker
What types of devices should be included in vulnerability scans?
All devices connected to the network
What is the primary benefit of having the latest version of signatures for a vulnerability scanner?
To filter out invalid results and detect all vulnerabilities
What should you do if you encounter a false positive or false negative during a vulnerability scan?
Work with the scanner manufacturer to update the database
What is an alternative to using a formal vulnerability scanner to identify security issues?
Performing a configuration review of an operating system
What should you check on a workstation to ensure security?
All of the above
What is a concern when reviewing security devices themselves?
Checking for misconfigured firewall rules
What is the primary concern when reviewing servers?
Checking for access control and user permissions
What is the primary purpose of a vulnerability scanner?
To gather information about system vulnerabilities
What type of scan is run from the perspective of someone who does not have access to the network?
Non credentialed scan
What is the difference between a vulnerability scan and a penetration test?
A penetration test tries to exploit vulnerabilities, while a vulnerability scan does not
Why should you never run a vulnerability scan on a network without permission?
It may crash the system or make it unavailable
What type of scan is run from the perspective of someone who has rights and permissions to log in?
Credential scan
What is the purpose of running a vulnerability scan as an insider with full access to the system?
To gather information about the system's vulnerabilities
What is the term for a vulnerability scan that does not attempt to take advantage of vulnerabilities found?
Non intrusive scan
Why should you understand what a vulnerability scan will do before running it?
To ensure the scan does not crash the system or make it unavailable
What can be done after a vulnerability scan is complete to verify the findings?
Find a specific exploit to attack the vulnerability
What is the benefit of running a vulnerability scan internally as an insider with full access to the system?
It helps to identify vulnerabilities that can be exploited from the inside
Which database is synchronized with the CVE list from MITRE?
National Vulnerability Database
What is the main purpose of the Common Vulnerability Scoring System?
To assign a severity score to a vulnerability
What type of vulnerability might be identified by a vulnerability scan due to a lack of security control?
Lack of antivirus software
What is the term for a reported vulnerability that is found to not exist on a device after further research?
False positive
What is the difference between a false positive and a low severity vulnerability?
A low severity vulnerability is a real vulnerability, while a false positive is not
What is the term for a vulnerability that exists on a system but is not identified by a scanner?
False negative
What is the purpose of a vulnerability scan?
To identify potential security risks and vulnerabilities
What is the range of scores assigned by the Common Vulnerability Scoring System?
0 to 10
What type of vulnerability might be identified by a vulnerability scan due to a misconfiguration?
NFS misconfiguration
Why is it important to research further after a vulnerability scan identifies a vulnerability?
To verify the existence of the vulnerability
What is the implication of a Unix operating system unsupported version detection vulnerability?
The system will have additional vulnerabilities as time goes on
What is the purpose of a vulnerability scanner's database?
To constantly update its knowledge of known vulnerabilities
What type of vulnerability is associated with WhatsApp desktop app CVE-2020-1889?
Security feature bypass issue
What is the result of a vulnerability scan on a network device?
Information about misconfigured firewalls and open ports
Where can you find information about a specific CVE?
All of the above
What is the purpose of a vulnerability scan?
To find every possible vulnerability that the scanner knows about
What is an example of a web-based application vulnerability?
An information leak via error message in PHP file UCMS
What is the outcome of a vulnerability scan on a system with Ubuntu 8.04?
The system is no longer supported and will have additional vulnerabilities
What should you do before and after performing a vulnerability scan?
Perform research prior to the scan, and afterwards to make decisions
What is CVE-2022-5079 related to?
An authenticated command injection issue on D-Link DCS-2530L routers
Test your knowledge on vulnerability scanning, its purpose and differences with penetration testing. Learn how to identify potential vulnerabilities in operating systems, network devices, and applications.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
