• Tìm kiếm

Module 23: Endpoint Vulnerability Quiz Answers

  • 15,000
  • Tác giả: admin
  • Ngày đăng: 10:05 13/12/2024
  • Lượt xem: 15
  • Tình trạng: Còn hàng

Feb 9, 2022 Last Updated: May 28, 2022 CyberOps Associate

1. In profiling a server, what defines what an application is allowed đồ sộ vì thế or run rẩy on a server?

  • software environment
  • service accounts
  • user accounts
  • listening ports

Explanation: The service accounts element of a server profile defines the type of service that an application is allowed đồ sộ run rẩy on a given host.

2. Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability?

  • Impact
  • Exploit Code Maturity
  • Modified Base
  • Exploitability

Explanation: The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics:

  • Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit
  • Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability

3. Which statement describes the threat-vulnerability (T-V) pairing?

  • It is the detection of malware against a central vulnerability research center.
  • It is the advisory notice from a vulnerability research center.
  • It is the comparison between known malware and system risks.
  • It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

Explanation: A mandatory activity in risk assessment is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities, also called threat-vulnerability (T-V) pairing.

4. When establishing a server profile for an organization, which element describes the type of service that an application is allowed đồ sộ run rẩy on the server?

  • software environment
  • user account
  • service account
  • listening port

Explanation: A server profile should contain some important elements including these:

  • Listening ports – the TCP and UDP daemons and ports that are allowed đồ sộ be open on the server
  • User accounts – the parameters defining user access and behavior
  • Service accounts – the definitions of the type of service that an application is allowed đồ sộ run rẩy on a server
  • Software environment – the tasks, processes, and applications that are permitted đồ sộ run rẩy on the server

5. What are the steps in the vulnerability management life cycle?

  • discover, prioritize assets, assess, report, remediate, verify
  • identify, protect, detect, respond, recover
  • plan, vì thế, act, check
  • detect, analyze, recover, respond

Explanation: There are six steps in the vulnerability management life cycle:

  • Discover
  • Prioritize assets
  • Assess
  • Report
  • Remediate
  • Verify

6. Which security management function is concerned with the inventory and control of hardware and software configurations of systems?

  • configuration management
  • risk management
  • asset management
  • vulnerability management

Explanation: Security risks can be reduced through secure device configuration. Configuration management addresses the inventory and control of hardware and software configurations of systems.

7. In addressing an identified risk, which strategy aims đồ sộ decrease the risk by taking measures đồ sộ reduce vulnerability?

  • risk sharing
  • risk reduction
  • risk avoidance
  • risk retention

Explanation: There are four potential strategies for responding đồ sộ risks that have been identified:

  • Risk avoidance – Stop performing the activities that create risk.
  • Risk reduction – Decrease the risk by taking measures đồ sộ reduce vulnerability.
  • Risk sharing – Shift some of the risk đồ sộ other parties.
  • Risk retention – Accept the risk and its consequences.

8. Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?

  • prioritize assets
  • remediate
  • assess
  • discover

Explanation: The steps in the Vulnerability Management Life Cycle include these:

  • Discover – inventory all assets across the network and identify host details, including operating systems and open services đồ sộ identify vulnerabilities
  • Prioritize assets – categorize assets into groups or business units, and assign a business value đồ sộ asset groups based on their criticality đồ sộ business operations
  • Assess – determine a baseline risk profile đồ sộ eliminate risks based on asset criticality, vulnerability threats, and asset classification
  • Report – measure the level of business risk associated with your assets according đồ sộ your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities
  • Remediate – prioritize according đồ sộ business risk and fix vulnerabilities in order of risk
  • Verify – verify that threats have been eliminated through follow-up audits

9. What are the core functions of the NIST Cybersecurity Framework?

  • discover, prioritize assets, assess, report, remediate, verify
  • plan, vì thế, act, check
  • identification, assessment, response planning, implementation, assess results
  • identify, protect, detect, respond, recover

Explanation: The five core functions of the NIST Cybersecurity Framework are as follows:

  • Identify
  • Protect
  • Detect
  • Respond
  • recover

10. Which security management function is concerned with the implementation of systems that track the location and configuration of networked devices and software across an enterprise?

  • configuration management
  • asset management
  • risk management
  • vulnerability management

Explanation: Part of any organizational security management plan is asset management, which involves the implementation of systems that are able đồ sộ track the location and configuration of devices and software.

11. When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?

  • session duration
  • critical asset address space
  • ports used
  • total throughput

Explanation: Important elements of a network profile include:

  • Total throughput – the amount of data passing from a given source đồ sộ a given destination in a given period of time
  • Session duration – the time between the establishment of a data flow and its termination
  • Ports used – a list of TCP or UDP processes that are available đồ sộ accept data
  • Critical asset address space – the IP addresses or the logical location of essential systems or data

12. Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?

  • Exploitability
  • Exploit Code Maturity
  • Impact
  • Modified Base

Explanation: The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics:

  • Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit
  • Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability