Vulnerability Assessment and Management Lifecycle: A Comprehensive Guide, Exams of Cybercrime, Cybersecurity and Data Privacy

A comprehensive overview of the vulnerability management lifecycle, outlining key phases and best practices for identifying, assessing, and mitigating vulnerabilities. It covers various types of assessments, including active and passive scanning, host-based and application-level assessments, and wireless network assessments. The document also explores common vulnerabilities such as misconfigurations, buffer overflows, unpatched servers, and design flaws. It emphasizes the importance of baseline creation, risk assessment, remediation, verification, and ongoing monitoring for effective vulnerability management.

Typology: Exams

2024/2025

Available from 03/13/2025

examplung..
examplung.. 🇺🇸

1.7K documents

1 / 11

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 7 Analyze
Vulnerabilities Exam with
complete solution
Denning [Date] [Course title]
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Vulnerability Assessment and Management Lifecycle: A Comprehensive Guide and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Chapter 7 Analyze

Vulnerabilities Exam with

complete solution

Denning [Date] [Course title]

Active scanning - Correct Answers: An active scan transmits to the nodes within a network to determine exposed ports and can independently repair security flaws. It can also simulate an attack to test for vulnerabilities and can repair weak points in the system. Passive scanning - Correct Answers: A passive scan tries to find vulnerabilities without directly interacting with the target network. The scan identifies vulnerabilities via information exposed by systems in their normal communications. You can set a scanner to scan constantly or at specific times. Point in time - Correct Answers: A scan can only obtain data for the time period when it runs. For example, some weaknesses may be exposed only when systems are operating at peak capacity, at certain times of day, or even at certain times of the year. New vulnerabilities - Correct Answers: Scans can only identify known vulnerabilities. This give an attacker that uses a new attack an advantage, as scans are written only for vulnerabilities that have been previously exploited. Active assessment - Correct Answers: In an active assessment, specifically created packets are sent to target nodes to determine the OS of the domain, the hosts, the services, and the vulnerabilities in the network. nmap is a useful tool for this assessment. Passive assessment - Correct Answers: Using sniffer traces from a remote system, you can determine the operating system of the remote host as well as a list of the current network work. Wireshark is a common tool for this type of information gathering and analysis. External assessment - Correct Answers: This type of assessment looks for ways to access the network infrastructure through open firewall ports, routers, web servers, web pages, and public DNS servers. Internal assessment - Correct Answers: The ethical hacker can also be inside the network, testing the internal networks and systems.

Design flaws - Correct Answers: Every operating system or device has bugs or defects in its design. Hackers take advantage of design flaws such as broken authentication and access control, cross-site scripting, insufficient logging and monitoring, and incorrect encryption. Operating system flaws - Correct Answers: Flaws in the OS can leave a system susceptible to malicious applications such as viruses, Trojan horses, and worms through scripts, undesirable software, or code. Firewalls, minimal software application usage, and regular system patches create protection from this form of attack. Application flaws - Correct Answers: Flaws in the validation and authorization of users present the greatest threat to security in transactional applications. This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Both open-source and commercial tools are recommended for this assessment. Open services - Correct Answers: Ports and services must be checked regularly to prevent unsecure, open, or unnecessary ports, which can lead to attacks on connected nodes or devices, loss of private information, or even denial of service. Default usernames and passwords - Correct Answers: Passwords should always be immediately changed after installation or setup. Passwords should always be kept secret. vulnerability research - Correct Answers: discovering vulnerabilities and design flaws Baseline creation - Correct Answers: The lifecycle starts by defining the effectiveness of the current security policies and procedures. You should establish any risks that may be associated with the enforcement of current security procedures and what may have been overlooked. Try to see what the organization looks like from an outsider's perspective, as well as from an insider's point of view. No organization is immune to security gaps. Work with management to set goals with start dates and end dates. Determine which systems to begin with, set up testing standards, get approval in writing, and keep management informed as you go

For my protection - Correct Answers: Fully disclose to management what you are doing, how you will do it, and the timing for each phase of the project. This protects you and reassures the organization's management of your integrity and professionalism. Vulnerability assessment - Correct Answers: identifying vulnerabilities including the operating system, web applications, and web server. This is the phase where penetration testing begins. Vulnerability tips - Correct Answers: best times to test. Choose the best security assessment tools for the systems you choose to test. Correct tests with the correct tools to be able to accurately assess the security vulnerabilities. All remaining phases depend on the effectiveness of this vulnerability assessment phase. Risk assessment - Correct Answers: organize the results according to risk level by sensitivity and access. Identify the problem areas Produce a plan of action to address, protect, and harden Communicate with management - Correct Answers: Findings and your recommendations for locking down the systems and patching problems. You will be protected and valued as you communicate and receive written approval for implementing the suggested remediation. Remediation - Correct Answers: steps to mitigate vulnerabilities, locating risks, and designing responses for the vulnerabilities. Implement the controls and protections. Do highest-impact and highest-likelihood first, then lower-impact and lower- likelihood Verification - Correct Answers: Verify whether all the previous phases have been effectively executed. Retest. Prove and have verifiable evidence to show that your patching and hardening implementations have been effective Monitoring - Correct Answers: Post-assessment phase, which is also known as the recommendation phase. At this point, recommend ongoing monitoring and routine penetration testing to be proactive in protecting the organization and its customers

Itemize open port and service Test each open port Risk assessment matrix - Correct Answers: risk level (1-3) access sensitivity evaluate environment first step - Correct Answers: define the effectiveness of a the current security policies and procedures Service based risk - Correct Answers: outside based testing leaves potential for hacker to gain access Inference based test - Correct Answers: relies on each step to determine the next step only test relevant areas of concert adjust and go CVSS v2 rating - Correct Answers: low 4 medium 7 high 10 CVSS v3 rating - Correct Answers: none 0 low 4 medium 7 high 9 critical 10 Base - Correct Answers: denotes vulnrability unique characteristic Temporal - Correct Answers: changeable attributes of a vulnerability

Environmental - Correct Answers: vunlrabilities present in only certain enviroments or implementations CVE - Correct Answers: standarized identifies for known vuln and exposures 94 CVE authorities from 16 countries providing baseline lists best assessment tools supplies the NVD NVD - Correct Answers: 2000 extended details from CVE searchable CISA - Correct Answers: info exchange training/exercises risk/vuln assessments data synthesis analysis op planning and coord incident response and recovery CWE - Correct Answers: community developed list of common security weaknesses CAPEC - Correct Answers: dictionary of known attack patterns JPCERT - Correct Answers: Japans security alerts and JVN source products impacts solutions vendor statements reference documents

prioritize, and fix smartphone vulnerabilities. Then it analyzes and reports its findings from a centralized data warehouse. SecurityMetrics Mobile - Correct Answers: Detects vulnerabilities in mobile devices. It can help you protect customers' data, avoid unwanted app privileges, mobile malware, device theft, connectivity issues, and threats to device storage and unauthorized account access. You can expect a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Nessus - Correct Answers: Offers scanning on mobile devices and will let you know which devices are unauthorized or non-compliant. It also finds outdated versions of Apple IOS. Nessus highlights devices that have not connected for a period of time. It helps to overcome the difficulty of identifying network vulnerabilities when mobile devices are connecting and disconnecting between testing. Net Scan - Correct Answers: Provides discovery through network and port scanning. Net Scan can find vulnerabilities, security flaws, and open ports in your network. Network Scanner - Correct Answers: Provides an understanding of the use of a network. Network Scanner generates reports of security issues and vulnerabilities. These reports are autosaved and can be backed up to your web storage. Security vulnerability report - Correct Answers: Here, you will find information on all the scanned devices and servers including open and detected ports, new vulnerabilities, and suggestions for remediation with links to patches. Security vulnerability summary - Correct Answers: This report covers every device or server that was scanned. It provides information on current security flaws and categories of vulnerabilities including severity level. It also lists resolved vulnerabilities. Scan information - Correct Answers: The name of the scanning tool, its version, and the network ports that have been scanned. Target information - Correct Answers: The target system's name and address are listed.

Results - Correct Answers: This section provides a complete scanning report. Target, Services, Classification, Assessment Classification - Correct Answers: origin of scan Target - Correct Answers: each hosts detailed information Services - Correct Answers: defines the network services by their names and ports Assessment - Correct Answers: scanners assessment of the vulnerability