Checkpoint Exam: Vulnerability Assessment and Risk Management Answers

Explanation: Users may be unaware of their actions if not educated in the reasons why their actions can cause a problem with the computer. By implementing several technical and nontechnical practices, the threat can be reduced.

Explanation: Cybersecurity domains provide a framework for evaluating and implementing controls to protect the assets of an organization. Each domain has various countermeasures available to manage threats.

Explanation: The “Analyze” category of the workforce framework includes specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness.

Explanation: The Payment Card Industry Data Security Standard (PCI DSS) governs how to protect credit card data as merchants and banks exchange transactions.

Explanation: The Gramm-Leach-Bliley Act (GLBA) includes privacy provisions for individuals and provides opt-out methods to restrict information sharing with third-party firms.

Explanation: Integrity checking is used to detect and report changes made to systems. Vulnerability scanning is used to find weaknesses and misconfigurations on network systems. Network scanning is used to discover available resources on the network.

Explanation: Vulnerability scanners are commonly used to scan for the following vulnerabilities:
Use of default passwords or common passwords
Missing patches
Open ports
Misconfiguration of operating systems and software
Active IP addresses

Explanation: SIEM, which is a combination of Security Information Management and Security Event Management products, is used for forensic analysis and provides real-time reporting of security events.

Explanation: There are many tests that are used by security specialists to assess the status of a system. They include the following:
– penetration testing to determine the feasibility of attacks
– network scanning to scan for and identify open TCP ports
– integrity checking to check for changes that have occurred in the system
– vulnerability scanning to detect potential weaknesses in systems

Explanation: Tripwire – This tool assesses and validates IT configurations against internal policies, compliance standards, and security best practices.

Explanation: Trusted Automated Exchange of Indicator Information (TAXII) is the specification for an application layer protocol that allows the communication of CTI over HTTPS. TAXII is designed to support Structured Threat Information Expression (STIX).

Explanation: AIS responds to a new threat as soon as it is recognized by immediately sharing it with U.S. Federal Government and the private sector to help them protect their networks against that particular threat.

Explanation: The United States government sponsored the MITRE Corporation to create and maintain a catalog of known security threats called Common Vulnerabilities and Exposures (CVE). The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

Explanation: There are four potential strategies for responding to risks that have been identified:

Risk avoidance – Stop performing the activities that create risk.
Risk reduction – Decrease the risk by taking measures to reduce vulnerability.
Risk sharing – Shift some of the risk to other parties.
Risk retention – Accept the risk and its consequences.

Explanation: The steps in the Vulnerability Management Life Cycle include these:Discover – inventory all assets across the network and identify host details, including operating systems and open services, to identify vulnerabilities
Prioritize assets – categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations
Assess – determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability threats, and asset classification
Report – measure the level of business risk associated with assets according to security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities.
Remediate – prioritize according to business risk and fix vulnerabilities in order of risk
Verify – verify that threats have been eliminated through follow-up audits

Explanation: A network profile should include some important elements, such as the following:

Total throughput – the amount of data passing from a given source to a given destination in a given period of time
Session duration – the time between the establishment of a data flow and its termination
Ports used – a list of TCP or UDP processes that are available to accept data
Critical asset address space – the IP addresses or the logical location of essential systems or data

Explanation: Asset management involves tracking the location and configuration of networked devices and software across an enterprise.

Explanation: The scope metric is impacted by an exploited vulnerability that can affect resources beyond the authorized privileges of the vulnerable component or that are managed by a different security authority.

Explanation: There are six steps in the vulnerability management life cycle:

Discover
Prioritize assets
Assess
Report
Remediate
Verify

Explanation: Quantitative risk analysis takes the top threats, assigns a cost value to each threat if it actually occurred, and orders the list from most expensive to least expensive. This priority list allows management to determine where to apply current resources to the threat or threats that would cost the most to the organization. The quantitative risk analysis is based on cost, but this should not be the only criterion applied when, for example, evaluating a system that provides or involves national security.

Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

Explanation: Risk management is a formal process that reduces the impact of threats and vulnerabilities. The process involves four general steps:
– Frame the risk – Identify the threats throughout the organization that increase risk.
– Assess the risk – Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses.
– Respond to the risk – Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat.
– Monitor the risk – Continuously review risk reductions due to elimination, mitigation and transfer actions.

Explanation: Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Explanation: Risk mitigation lessens the exposure of an organization to threats and vulnerabilities by transferring, accepting, avoiding, or taking an action to reduce risk.

Explanation: Of the formulas used in quantitative risk analysis, exposure factor is used to estimate the degree of destruction that could occur from an event such as flooding or data entry error.

Explanation: Single loss expectancy, annualized rate of occurrence, and annualized loss expectancy are used in a quantitative risk analysis

Explanation: The Common Vulnerability Scoring System (CVSS) is a vendor-neutral, industry standard, open framework for weighing the risks of a vulnerability using a variety of metrics. CVSS uses three groups of metrics to assess vulnerability, the Base Metric Group, Temporal Metric Group, and Environmental Metric Group. The Base Metric Group has two classes of metrics (exploitability and impact). The impact metrics are rooted in the following areas: confidentiality, integrity, and availability.

Explanation: Place the options in the following order:

Explanation: The single loss expectation, the annual frequency rate and the annual loss expectation are used in a quantitative risk analysis