4.4.2 Endpoint Vulnerability Quiz Answers

Explanation: The service accounts element of a server profile defines the type of service that an application is allowed to run on a given host.

Explanation: In risk analysis, security analysts evaluate the risk posed by vulnerabilities to a specific organization. A risk analysis includes assessment of the likelihood of attacks, identifies types of likely threat actors, and evaluates the impact of successful exploits on the organization.

Explanation: Important elements of a network profile include:

• Total throughput – the amount of data passing from a given source to a given destination in a given period of time
• Session duration – the time between the establishment of a data flow and its termination
• Ports used – a list of TCP or UDP processes that are available to accept data
• Critical asset address space – the IP addresses or the logical location of essential systems or data

Explanation: Place the options in the following order:

Explanation: When evaluating a cyber security risk, the analyst takes into account the likelihood of an attack occurring, who the potential threat actors might be, as well as the consequences that might occur if the exploit is successful.

Explanation: The CVSS Base Metric Group has the following metrics: attack vector, attack complexity, privileges required, user interaction, and scope. The user interaction metric expresses the presence or absence of the requirement for user interaction in order for an exploit to be successful.

Explanation: The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics:

• Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit
• Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability

Explanation: The attack vector is one of several metrics defined in the Common Vulnerability Scoring System (CVSS) Base Metric Group Exploitability metrics. The attack vector is how close the threat actor is to the vulnerable component. The farther away the threat actor is to the component, the higher the severity because threat actors close to the network are easier to detect and mitigate.

Explanation: A mandatory activity in risk assessment is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities, also called threat-vulnerability (T-V) pairing.

Explanation: There are four potential strategies for responding to risks that have been identified:

• Risk avoidance – Stop performing the activities that create risk.
• Risk reduction – Decrease the risk by taking measures to reduce vulnerability.
• Risk sharing – Shift some of the risk to other parties.
• Risk retention – Accept the risk and its consequences.

Explanation: The steps in the Vulnerability Management Life Cycle include these:

• Discover – inventory all assets across the network and identify host details, including operating systems and open services to identify vulnerabilities
• Prioritize assets – categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations
• Assess – determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability threats, and asset classification
• Report – measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities
• Remediate – prioritize according to business risk and fix vulnerabilities in order of risk
• Verify – verify that threats have been eliminated through follow-up audits

Explanation: During the discovery step of the vulnerability management life cycle, an inventory of all network assets is made. A network baseline is developed, and security vulnerabilities are identified.