Module 23: Endpoint Vulnerability Quiz Answers

1. In profiling a server, what defines what an application is allowed to do or run on a server?

  • software environment
  • service accounts
  • user accounts
  • listening ports

Explanation: The service accounts element of a server profile defines the type of service that an application is allowed to run on a given host.

2. Which metric class in the CVSS Basic Metric Group identifies the impacts on confidentiality, integrity, and availability?

  • Impact
  • Exploit Code Maturity
  • Modified Base
  • Exploitability

Explanation: The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics:

  • Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit
  • Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability

3. Which statement describes the threat-vulnerability (T-V) pairing?

  • It is the detection of malware against a central vulnerability research center.
  • It is the advisory notice from a vulnerability research center.
  • It is the comparison between known malware and system risks.
  • It is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities.

Explanation: A mandatory activity in risk assessment is the identification of threats and vulnerabilities and the matching of threats with vulnerabilities, also called threat-vulnerability (T-V) pairing.

4. When establishing a server profile for an organization, which element describes the type of service that an application is allowed to run on the server?

  • software environment
  • user account
  • service account
  • listening port

Explanation: A server profile should contain some important elements including these:

  • Listening ports – the TCP and UDP daemons and ports that are allowed to be open on the server
  • User accounts – the parameters defining user access and behavior
  • Service accounts – the definitions of the type of service that an application is allowed to run on a server
  • Software environment – the tasks, processes, and applications that are permitted to run on the server

5. What are the steps in the vulnerability management life cycle?

  • discover, prioritize assets, assess, report, remediate, verify
  • identify, protect, detect, respond, recover
  • plan, do, act, check
  • detect, analyze, recover, respond

Explanation: There are six steps in the vulnerability management life cycle:

  • Discover
  • Prioritize assets
  • Assess
  • Report
  • Remediate
  • Verify

6. Which security management function is concerned with the inventory and control of hardware and software configurations of systems?

  • configuration management
  • risk management
  • asset management
  • vulnerability management

Explanation: Security risks can be reduced through secure device configuration. Configuration management addresses the inventory and control of hardware and software configurations of systems.

7. In addressing an identified risk, which strategy aims to decrease the risk by taking measures to reduce vulnerability?

  • risk sharing
  • risk reduction
  • risk avoidance
  • risk retention

Explanation: There are four potential strategies for responding to risks that have been identified:

  • Risk avoidance – Stop performing the activities that create risk.
  • Risk reduction – Decrease the risk by taking measures to reduce vulnerability.
  • Risk sharing – Shift some of the risk to other parties.
  • Risk retention – Accept the risk and its consequences.

8. Which step in the Vulnerability Management Life Cycle performs inventory of all assets across the network and identifies host details, including operating system and open services?

  • prioritize assets
  • remediate
  • assess
  • discover

Explanation: The steps in the Vulnerability Management Life Cycle include these:

  • Discover – inventory all assets across the network and identify host details, including operating systems and open services to identify vulnerabilities
  • Prioritize assets – categorize assets into groups or business units, and assign a business value to asset groups based on their criticality to business operations
  • Assess – determine a baseline risk profile to eliminate risks based on asset criticality, vulnerability threats, and asset classification
  • Report – measure the level of business risk associated with your assets according to your security policies. Document a security plan, monitor suspicious activity, and describe known vulnerabilities
  • Remediate – prioritize according to business risk and fix vulnerabilities in order of risk
  • Verify – verify that threats have been eliminated through follow-up audits

9. What are the core functions of the NIST Cybersecurity Framework?

  • discover, prioritize assets, assess, report, remediate, verify
  • plan, do, act, check
  • identification, assessment, response planning, implementation, assess results
  • identify, protect, detect, respond, recover

Explanation: The five core functions of the NIST Cybersecurity Framework are as follows:

  • Identify
  • Protect
  • Detect
  • Respond
  • recover

10. Which security management function is concerned with the implementation of systems that track the location and configuration of networked devices and software across an enterprise?

  • configuration management
  • asset management
  • risk management
  • vulnerability management

Explanation: Part of any organizational security management plan is asset management, which involves the implementation of systems that are able to track the location and configuration of devices and software.

11. When a network baseline is being established for an organization, which network profile element indicates the time between the establishment of a data flow and its termination?

  • session duration
  • critical asset address space
  • ports used
  • total throughput

Explanation: Important elements of a network profile include:

  • Total throughput – the amount of data passing from a given source to a given destination in a given period of time
  • Session duration – the time between the establishment of a data flow and its termination
  • Ports used – a list of TCP or UDP processes that are available to accept data
  • Critical asset address space – the IP addresses or the logical location of essential systems or data

12. Which class of metric in the CVSS Base Metric Group defines the features of the exploit such as the vector, complexity, and user interaction required by the exploit?

  • Exploitability
  • Exploit Code Maturity
  • Impact
  • Modified Base

Explanation: The Base Metric Group of CVSS represents the characteristics of a vulnerability that are constant over time and across contexts. It contains two classes of metrics:

  • Exploitability metrics – features of the exploit such as the vector, complexity, and user interaction required by the exploit
  • Impact metrics – the impacts of the exploit rooted in the CIA triad of confidentiality, integrity, and availability


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x