Zero-Day Vulnerabilities and Patch Management Best Practices

Questions and Answers

What type of change is typically a short-term reaction to a new security vulnerability?

• Planned change
• Immediate change (correct)
• Gradual change
• Regulatory change

What is a zero-day vulnerability?

• A vulnerability known only to the targeted infrastructure provider (correct)
• A known vulnerability that has been publicly disclosed
• A vulnerability that has not been discovered by attackers
• A vulnerability that has been widely patched

In the context of short-term changes for zero-day vulnerabilities, what is common behavior among most organizations in the industry?

• Conducting regular code reviews and scans
• Waiting for the vulnerability to be publicly disclosed
• Ignoring the vulnerability until a patch is available
• Acting immediately to address the vulnerability (correct)

Which time horizon for change involves building new systems due to regulatory reasons?

Long-term change (B)

What is a key way to find out about new vulnerabilities affecting an environment according to the text?

Regular code reviews and scans (A)

What triggered Google's Incident Response team to initiate the Black Swan protocol?

Rapid discovery of several similar vulnerabilities (B)

How did Google treat the vulnerability since they were not aware of it before public disclosure?

As a zero-day vulnerability necessitating emergency mitigation (C)

Why were a huge number of Google production servers considered low risk during the assessment?

Because they were already patched (D)

Which action did Google take once servers passed sufficient validation and testing?

Patched them much faster than usual (B)

What was already available in the case of the disclosed vulnerability that Google had to address as a zero-day issue?

A patched version of bash (D)

What should you ensure before addressing a same-day zero-day vulnerability response?

Patch for the 'top hits' to cover critical vulnerabilities from recent years (D)

How should a new vulnerability be triaged?

By determining its severity and impact (D)

What is an important consideration when establishing ongoing monitoring for vulnerabilities?

Determining if the vulnerability is actively exploited (C)

After applying a patch to address a vulnerability, why should you verify its effectiveness?

The patch may only address one possible exploit of a larger class of vulnerabilities (C)

What should be done to tackle zero-day vulnerabilities effectively?

Ensure patches for critical vulnerabilities from recent years are in place (D)

What is one of the important lessons illustrated by the Heartbleed incident?

Patch systems before any disclosure agreements are made. (D)

How did Google's security team deal with the vulnerable systems after the bug became known?

They used automated scanning to find vulnerable systems and directed affected teams to patch them. (D)

What was the significance of private keys being leaked due to the memory disclosure in the Heartbleed incident?

It required services to undergo key rotation. (C)

In the context of Heartbleed, what is crucial for organizations to do in preparation for an embargo breaking or being lifted early?

Plan for the worst-case scenario and move quickly to patch vulnerable systems. (D)

What is emphasized as an important aspect of dealing with zero-day vulnerabilities like Heartbleed?

Test and validate patches even without obtaining them ahead of time. (D)