EXAM OBJECTIVES COVERED IN THIS CHAPTER:
2.1 Given a scenario, implement an information security vulnerability management process.
2.2 Given a scenario, analyze the output resulting from a vulnerability scan.
2.3 Compare and contrast common vulnerabilities found in the following targets within an organization.
Kim is preparing to deploy a new vulnerability scanner and wants to ensure that she can get the most accurate view of configuration issues on laptops belonging to traveling salespeople. Which technology will work best in this situation?
Carla runs a vulnerability scan of a new appliance that engineers are planning to place on her organization’s network and finds the results shown here. Of the actions listed, which would correct the highest criticality vulnerability?
In what type of attack does the adversary leverage a position on a guest operating system to gain access to hardware resources assigned to other operating systems running in the same hardware environment?
Julie is developing a vulnerability scanning approach that will unify the diverse approaches used throughout her organization’s different operating locations. She would like to ensure that everyone uses the same terminology when referring to different applications and operating systems. Which SCAP component can assist Julie with this task?
Josh is responsible for the security of a network used to control systems within his organization’s manufacturing plant. The network connects manufacturing equipment, sensors, and controllers. He runs a vulnerability scan on this network and discovers that several of the controllers are running very out-of-date firmware that introduces security issues. The manufacturer of the controllers is out of business. What action can Josh take to best remediate this vulnerability in an efficient manner?
Vic scanned a Windows server used in his organization and found the result shown here. The server is on an internal network with access limited to IT staff and is not part of a domain. How urgently should Vic remediate this vulnerability?
Gina would like to leverage the Security Content Automation Protocol (SCAP) in her organization to bring a standard approach to their vulnerability management efforts. What SCAP component can Gina use to provide a common language for describing vulnerabilities?
Rob’s manager recently asked him for an overview of any critical security issues that exist on his network. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?
Wendy is the security administrator for a membership association that is planning to launch an online store. As part of this launch, she will become responsible for ensuring that the website and associated systems are compliant with all relevant standards. What regulatory regime specifically covers credit card information?
During a port scan of a server, Miguel discovered that the following ports are open on the internal network:
The scan results provide evidence that a variety of services are running on this server. Which one of the following services is not indicated by the scan results?
Beth is a software developer and she receives a report from her company’s cybersecurity team that a vulnerability scan detected a SQL injection vulnerability in one of her applications. She examines her code and makes a modification in a test environment that she believes corrects the issue. What should she do next?
George recently ran a port scan on a network device used by his organization. Which one of the following open ports represents the most significant possible security vulnerability?
Questions 13 through 15 refer to the following scenario:
Harold runs a vulnerability scan of a server that he is planning to move into production and finds the vulnerability shown here.
What operating system is most likely running on the server in this vulnerability scan report?
Harold is preparing to correct the vulnerability. What service should he inspect to identify the issue?
Harold would like to secure the service affected by this vulnerability. Which one of the following protocols/versions would be an acceptable way to resolve the issue?
Seth found the vulnerability shown here in one of the systems on his network. What component requires a patch to correct this issue?
Ken is responsible for the security of his organization’s network. His company recently contracted with a vendor that will be using laptops that he does not control to connect to their systems. Ken is concerned because he believes that these laptops contain vulnerabilities. What can he do to best mitigate the risk to other devices on the network without having administrative access to the devices?
Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server?
The presence of ____________ triggers specific vulnerability scanning requirements based upon law or regulation.
Questions 20 through 22 refer to the following scenario:
What priority should Stella place on remediating this vulnerability?
What operating system is most likely running on the server in this vulnerability scan report?
What is the best way that Stella can correct this vulnerability?
Harry is developing a vulnerability scanning program for a large network of sensors used by his organization to monitor a transcontinental gas pipeline. What term is commonly used to describe this type of sensor network?
This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was announced by a software manufacturer yesterday afternoon. The scanner did not detect the vulnerability although Eric knows that at least two of his servers should have the issue. Eric contacted the vulnerability scanning vendor who assured him that they released a signature for the vulnerability overnight. What should Eric do as a next step?
Natalie ran a vulnerability scan of a web application recently deployed by her organization, and the scan result reported a blind SQL injection. She reported the vulnerability to the developers who scoured the application and made a few modifications but did not see any evidence that this attack was possible. Natalie reran the scan and received the same result. The developers are now insisting that their code is secure. What is the most likely scenario?
Frank discovers a missing Windows security patch during a vulnerability scan of a server in his organization’s data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?
Andrew is frustrated at the high level of false positive reports produced by his vulnerability scans and is contemplating a series of actions designed to reduce the false positive rate. Which one of the following actions is least likely to have the desired effect?
Joe is conducting a network vulnerability scan against his data center and receives reports from system administrators that the scans are slowing down their systems. There are no network connectivity issues, only performance problems on individual hosts. He looks at the scan settings shown here. Which setting would be most likely to correct the problem?
Brenda runs a vulnerability scan of the management interface for her organization’s DNS service. She receives the vulnerability report shown here. What should be Brenda’s next action?
Donna is prioritizing vulnerability scans and would like to base the frequency of scanning on the information asset value. Which of the following criteria would be most appropriate for her to use in this analysis?
Laura is working to upgrade her organization’s vulnerability management program. She would like to add technology that is capable of retrieving the configurations of systems, even when they are highly secured. Many systems use local authentication, and she wants to avoid the burden of maintaining accounts on all of those systems. What technology should Laura consider to meet her requirement?
Javier discovered the vulnerability shown here in a system on his network. He is unsure what system component is affected. What type of service is causing this vulnerability?
Alicia runs a vulnerability scan of a server being prepared for production and finds the vulnerability shown here. Which one of the following actions is least likely to reduce this risk?
After scanning his organization’s email server, Frank discovered the vulnerability shown here. What is the most effective response that Frank can take in this situation?
A SQL injection exploit typically gains access to a database by exploiting a vulnerability in a(n) ____________.
Questions 36 through 38 refer to the following scenario:
Ryan ran a vulnerability scan of one of his organization’s production systems and received the report shown here. He would like to understand this vulnerability better and then remediate the issue.
Ryan will not be able to correct the vulnerability for several days. In the meantime, he would like to configure his intrusion prevention system to watch for issues related to this vulnerability. Which one of the following protocols would an attacker use to exploit this vulnerability?
Which one of the following actions could Ryan take to remediate the underlying issue without disrupting business activity?
If an attacker is able to exploit this vulnerability, what is the probable result that will have the highest impact on the organization?
Ted is configuring vulnerability scanning for a file server on his company’s internal network. The server is positioned on the network as shown here. What types of vulnerability scans should Ted perform to balance the efficiency of scanning effort with expected results?
Kristen is attempting to determine the next task that she should take on from a list of security priorities. Her boss told her that she should focus on activities that have the most “bang for the buck.” Of the tasks shown here, which should she tackle first?
Kevin manages the vulnerability scans for his organization. The senior director that oversees Kevin’s group provides a report to the CIO on a monthly basis on operational activity, and he includes the number of open critical vulnerabilities. Kevin would like to provide this information to his director in as simple a manner as possible each month. What should Kevin do?
Morgan is interpreting the vulnerability scan from her organization’s network, shown here. She would like to determine which vulnerability to remediate first. Morgan would like to focus on vulnerabilities that are most easily exploitable by someone outside her organization. Assuming the firewall is properly configured, which one of the following vulnerabilities should Morgan give the highest priority?
Mike runs a vulnerability scan against his company’s virtualization environment and finds the vulnerability shown here in several of the virtual hosts. What action should Mike take?
Juan recently scanned a system and found that it was running services on ports 139 and 445. What operating system is this system most likely running?
Gene is concerned about the theft of sensitive information stored in a database. Which one of the following vulnerabilities would pose the most direct threat to this information?
Which one of the following protocols is not likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?
Rahul ran a vulnerability scan of a server that will be used for credit card processing in his environment and received a report containing the vulnerability shown here. What action must Rahul take?
Questions 48 and 49 refer to the following scenario:
Aaron is scanning a server in his organization’s data center and receives the vulnerability report shown here. The service is exposed only to internal hosts.
What is the normal function of the service with this vulnerability?
What priority should Aaron place on remediating this vulnerability?
Without access to any additional information, which one of the following vulnerabilities would you consider the most severe if discovered on a production web server?
Gina ran a vulnerability scan on three systems that her organization is planning to move to production and received the results shown here. How many of these issues should Gina require be resolved before moving to production?
Morgan recently restarted an old vulnerability scanner that had not been used in more than a year. She booted the scanner, logged in, and configured a scan to run. After reading the scan results, she found that the scanner was not detecting known vulnerabilities that were detected by other scanners. What is the most likely cause of this issue?
Carla runs both internal and external vulnerability scans of a web server and detects a possible SQL injection vulnerability. The vulnerability only appears in the internal scan and does not appear in the external scan. When Carla checks the server logs, she sees the requests coming from the internal scan and sees some requests from the external scanner but no evidence that a SQL injection exploit was attempted by the external scanner. What is the most likely explanation for these results?
Rick discovers the vulnerability shown here in a server running in his data center. What characteristic of this vulnerability should concern him the most?
Carla is designing a vulnerability scanning workflow and has been tasked with selecting the person responsible for remediating vulnerabilities. Which one of the following people would normally be in the best position to remediate a server vulnerability?
During a recent vulnerability scan, Ed discovered that a web server running on his network has access to a database server that should be restricted. Both servers are running on his organization’s VMware virtualization platform. Where should Ed look first to configure a security control to restrict this access?
Carl runs a vulnerability scan of a mail server used by his organization and receives the vulnerability report shown here. What action should Carl take to correct this issue?
Renee is configuring a vulnerability scanner that will run scans of her network. Corporate policy requires the use of daily vulnerability scans. What would be the best time to configure the scans?
Ahmed is reviewing the vulnerability scan report from his organization’s central storage service and finds the results shown here. Which action can Ahmed take that will be effective in remediating the highest-severity issue possible?
Questions 60 and 61 refer to the following scenario:
Glenda ran a vulnerability scan of workstations in her organization. She noticed that many of the workstations reported the vulnerability shown here. She would like to not only correct this issue but also prevent the likelihood of similar issues occurring in the future.
What action should Glenda take to achieve her goals?
What priority should Glenda place on remediating this vulnerability?
After reviewing the results of a vulnerability scan, Beth discovered a flaw in her Oracle database server that may allow an attacker to attempt a direct connection to the server. She would like to review netflow logs to determine what systems have connected to the server recently. What TCP port should Beth expect to find used for this communication?
Greg runs a vulnerability scan of a server in his organization and finds the results shown here. What is the most likely explanation for these results?
Jim is reviewing a vulnerability scan of his organization’s VPN appliance. He wants to remove support for any insecure ciphers from the device. Which one of the following ciphers should he remove?
Terry recently ran a vulnerability scan against his organization’s credit card processing environment that found a number of vulnerabilities. Which vulnerabilities must he remediate in order to have a “clean” scan under PCI DSS standards?
Beth discovers the vulnerability shown here on several Windows systems in her organization. There is a patch available, but it requires compatibility testing that will take several days to complete. What type of file should Beth be watchful for because it may directly exploit this vulnerability?
During a vulnerability scan, Patrick discovered that the configuration management agent installed on all of his organization’s Windows servers contains a serious vulnerability. The manufacturer is aware of this issue, and a patch is available. What process should Patrick follow to correct this issue?
Matthew is creating a new forum for system engineers from around his organization to discuss security configurations of their systems. What SCAP component can Matthew take advantage of to help administrators have a standard language for discussing configuration issues?
Aaron is configuring a vulnerability scan for a Class C network and is trying to choose a port setting from the list shown here. He would like to choose a scan option that will efficiently scan his network but also complete in a reasonable period of time. Which setting would be most appropriate?
Hunter discovered that a server in his organization has a critical web application vulnerability and would like to review the logs. The server is running Apache on CentOS with a default configuration. What is the name of the file where Hunter would expect to find the logs?
Ken is reviewing the results of a vulnerability scan, shown here, from a web server in his organization. Access to this server is restricted at the firewall so that it may not be accessed on port 80 or 443. Which of the following vulnerabilities should Ken still address?
Brian is considering the use of several different categories of vulnerability plug-ins. Of the types listed here, which is the most likely to result in false positive reports?
Rob conducts a vulnerability scan and finds three different vulnerabilities, with the CVSS scores shown here. Which vulnerability should be his highest priority to fix, assuming all three fixes are of equal difficulty?
Which one of the following is not an appropriate criteria to use when prioritizing the remediation of vulnerabilities?
Landon is preparing to run a vulnerability scan of a dedicated Apache server that his organization is planning to move into a DMZ. Which one of the following vulnerability scans is least likely to provide informative results?
Ken recently received the vulnerability report shown here that affects a file server used by his organization. What is the primary nature of the risk introduced by this vulnerability?
Molly is assessing the criticality of a vulnerability discovered on her organization’s network. It has the CVSS information shown here. What is the greatest risk exposed by this server?
Bill is creating a vulnerability management program for his company. He has limited scanning resources and would like to apply them to different systems based upon the sensitivity and criticality of the information that they handle. What criteria should Bill use to determine the vulnerability scanning frequency?
Tom recently read a media report about a ransomware outbreak that was spreading rapidly across the Internet by exploiting a zero-day vulnerability in Microsoft Windows. As part of a comprehensive response, he would like to include a control that would allow his organization to effectively recover from a ransomware infection. Which one of the following controls would best achieve Tom’s objective?
Kaitlyn discovered the vulnerability shown here on a workstation in her organization. Which one of the following is not an acceptable method for remediating this vulnerability?
Brent ran a vulnerability scan of several network infrastructure devices on his network and obtained the result shown here. What is the extent of the impact that an attacker could have by exploiting this vulnerability directly?
Ted runs the cybersecurity vulnerability management program for his organization. He sends a database administrator a report of a missing database patch that corrects a high severity security issue. The DBA writes back to Ted that he has applied the patch. Ted reruns the scan, and it still reports the same vulnerability. What should Ted do next?
Miranda is reviewing the results of a vulnerability scan and identifies the issue shown here in one of her systems. She consults with developers who check the code and assure her that it is not vulnerable to SQL injection attacks. An independent auditor confirms this for Miranda. What is the most likely scenario?
Eric is reviewing the results of a vulnerability scan and comes across the vulnerability report shown here. Which one of the following services is least likely to be affected by this vulnerability?
Questions 85 and 86 refer to the following scenario:
Larry recently discovered a critical vulnerability in one of his organization’s database servers during a routine vulnerability scan. When he showed the report to a database administrator, the administrator responded that they had corrected the vulnerability by using a vendor-supplied workaround because upgrading the database would disrupt an important process. Larry verified that the workaround is in place and corrects the vulnerability.
How should Larry respond to this situation?
What is the most likely cause of this report?
Breanne ran a vulnerability scan of a server in her organization and found the vulnerability shown here. What is the use of the service affected by this vulnerability?
Margot discovered that a server in her organization has a SQL injection vulnerability. She would like to investigate whether attackers have attempted to exploit this vulnerability. Which one of the following data sources is least likely to provide helpful information?
Krista is reviewing a vulnerability scan report and comes across the vulnerability shown here. She comes from a Linux background and is not as familiar with Windows administration. She is not familiar with the runas command mentioned in this vulnerability. What is the closest Linux equivalent command?
After scanning a web application for possible vulnerabilities, Barry received the result shown here. Which one of the following best describes the threat posed by this vulnerability?
Michelle would like to share information about vulnerabilities with partner organizations who use different vulnerability scanning products. What component of SCAP can best assist her in ensuring that the different organizations are talking about the same vulnerabilities?
Javier ran a vulnerability scan of a network device used by his organization and discovered the vulnerability shown here. What type of attack would this vulnerability enable?
Amanda scans a Windows server in her organization and finds that it has multiple critical vulnerabilities, detailed in the report shown here. What action can Amanda take that will have the most significant impact on these issues without creating a long-term outage?
Ben is preparing to conduct a vulnerability scan for a new client of his security consulting organization. Which one of the following steps should Ben perform first?
Katherine coordinates the remediation of security vulnerabilities in her organization and is attempting to work with a system engineer on the patching of a server to correct a moderate impact vulnerability. The engineer is refusing to patch the server because of the potential interruption to a critical business process that runs on the server. What would be the most reasonable course of action for Katherine to take?
During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability?
Grace ran a vulnerability scan and detected an urgent vulnerability in a public-facing web server. This vulnerability is easily exploitable and could result in the complete compromise of the server. Grace wants to follow best practices regarding change control while also mitigating this threat as quickly as possible. What would be Grace’s best course of action?
Doug is preparing an RFP for a vulnerability scanner for his organization. He needs to know the number of systems on his network to help determine the scanner requirements. Which one of the following would not be an easy way to obtain this information?
Mary runs a vulnerability scan of her entire organization and shares the report with another analyst on her team. An excerpt from that report appears here. Her colleague points out that the report contains only vulnerabilities with severities of 3, 4, or 5. What is the most likely cause of this result?
James is reviewing the vulnerability shown here, which was detected on several servers in his environment. What action should James take?
Which one of the following approaches provides the most current and accurate information about vulnerabilities present on a system because of the misconfiguration of operating system settings?
Questions 102 through 104 refer to the following scenario:
Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks:
He detected the following vulnerabilities:
Absent any other information, which one of the vulnerabilities in the report should Pete remediate first?
Pete is working with the desktop support manager to remediate vulnerability 3. What would be the most efficient way to correct this issue?
Pete recently conferred with the organization’s CISO, and the team is launching an initiative designed to combat the insider threat. They are particularly concerned about the theft of information by employees seeking to exceed their authorized access. Which one of the vulnerabilities in this report is of greatest concern given this priority?
Wanda recently discovered the vulnerability shown here on a Windows server in her organization. She is unable to apply the patch to the server for six weeks because of operational issues. What workaround would be most effective in limiting the likelihood that this vulnerability would be exploited?
Garrett is configuring vulnerability scanning for a new web server that his organization is deploying on its DMZ network. The server hosts the company’s public website. What type of scanning should Garrett configure for best results?
Frank recently ran a vulnerability scan and identified a POS terminal that contains an unpatchable vulnerability because of running an unsupported operating system. Frank consults with his manager and is told that the POS is being used with full knowledge of management and, as a compensating control, it has been placed on an isolated network with no access to other systems. Frank’s manager tells him that the merchant bank is aware of the issue. How should Frank handle this situation?
James is configuring vulnerability scans of a dedicated network that his organization uses for processing credit card transactions. What types of scans are least important for James to include in his scanning program?
Helen performs a vulnerability scan of one of the internal LANs within her organization and finds a report of a web application vulnerability on a device. Upon investigation, she discovers that the device in question is a printer. What is the most likely scenario in this case?
Joe discovered a critical vulnerability in his organization’s database server and received permission from his supervisor to implement an emergency change after the close of business. He has eight hours before the planned change window. In addition to planning the technical aspects of the change, what else should Joe do to prepare for the change?
Julian recently detected the vulnerability shown here on several servers in his environment. Because of the critical nature of the vulnerability, he would like to block all access to the affected service until it is resolved using a firewall rule. He verifies that the following TCP ports are open on the host firewall. Which one of the following does Julian not need to block to restrict access to this service?
Ted recently ran a vulnerability scan of his network and was overwhelmed with results. He would like to focus on the most important vulnerabilities. How should Ted reconfigure his vulnerability scanner?
After running a vulnerability scan, Janet discovered that several machines on her network are running Internet Explorer 8 and reported the vulnerability shown here. Which one of the following would not be a suitable replacement browser for these systems?
Sunitha discovered the vulnerability shown here in an application developed by her organization. What application security technique is most likely to resolve this issue?
Pete ran a vulnerability scan of several network appliances in his organization and received the scan result shown here. What is the simplest tool that an attacker could use to cause a denial-of-service attack on these appliances, provided that they are running ClearCase?
Which one of the following protocols might be used within a virtualization platform for monitoring and management of the network?
Sherry runs a vulnerability scan and receives the high-level results shown here. Her priority is to remediate the most important vulnerabilities first. Which system should be her highest priority?
Victor is configuring a new vulnerability scanner. He set the scanner to run scans of his entire data center each evening. When he went to check the scan reports at the end of the week, he found that they were all incomplete. The scan reports noted the error “Scan terminated due to start of preempting job.” Victor has no funds remaining to invest in the vulnerability scanning system. He does want to cover the entire data center. What should he do to ensure that scans complete?
Vanessa ran a vulnerability scan of a server and received the results shown here. Her boss instructed her to prioritize remediation based upon criticality. Which issue should she address first?
Gil is configuring a scheduled vulnerability scan for his organization using the QualysGuard scanner. If he selects the Relaunch On Finish scheduling option shown here, what will be the result?
Terry is reviewing a vulnerability scan of a Windows server and came across the vulnerability shown here. What is the risk presented by this vulnerability?
Andrea recently discovered the vulnerability shown here on the workstation belonging to a system administrator in her organization. What is the major likely threat that should concern Andrea?
Craig completed the vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following is not a critical remediation action dictated by these results?
Tom’s company is planning to begin a bring your own device (BYOD) policy for mobile devices. Which one of the following technologies allows the secure use of sensitive information on personally owned devices, including providing administrators with the ability to wipe corporate information from the device without affecting personal data?
Sally discovered during a vulnerability scan that a system that she manages has a high-priority vulnerability that requires a patch. The system is behind a firewall and there is no imminent threat, but Sally wants to get the situation resolved as quickly as possible. What would be her best course of action?
Gene runs a vulnerability scan of his organization’s data center and produces a summary report to share with his management team. The report includes the chart shown here. When Gene’s manager reads the report, she points out that the report is burying important details because it is highlighting too many unimportant issues. What should Gene do to resolve this issue?
Veronica recently conducted a PCI DSS vulnerability scan of a web server and noted a critical PHP vulnerability that required an upgrade to correct. She applied the update. How soon must Veronica repeat the scan?
Chandra’s organization recently upgraded the firewall protecting the network where they process credit card information. This network is subject to the provisions of PCI DSS. When is Chandra required to schedule the next vulnerability scan of this network?
Bruce is concerned about the security of an industrial control system that his organization uses to monitor and manage systems in their factories. He would like to reduce the risk of an attacker penetrating this system. Which one of the following security controls would best mitigate the vulnerabilities in this type of system?
Glenda routinely runs vulnerability scans of servers in her organization. She is having difficulty with one system administrator who refuses to correct vulnerabilities on a server used as a jumpbox by other IT staff. The server has had dozens of vulnerabilities for weeks and would require downtime to repair. One morning, her scan reports that all of the vulnerabilities suddenly disappeared overnight, while other systems in the same scan are reporting issues. She checks the service status dashboard, and the service appears to be running properly with no outages reported in the past week. What is the most likely cause of this result?
Frank discovered during a vulnerability scan that an administrative interface to one of his storage systems was inadvertently exposed to the Internet. He is reviewing firewall logs and would like to determine whether any access attempts came from external sources. Which one of the following IP addresses reflects an external source?
Nick is configuring vulnerability scans for his network using a third-party vulnerability scanning service. He is attempting to scan a web server that he knows exposes a CIFS file share and contains several significant vulnerabilities. However, the scan results only show ports 80 and 443 as open. What is the most likely cause of these scan results?
Thomas learned this morning of a critical security flaw that affects a major service used by his organization and requires immediate patching. This flaw was the subject of news reports and is being actively exploited. Thomas has a patch and informed stakeholders of the issue and received permission to apply the patch during business hours. How should he handle the change management process?
Questions 134 through 136 refer to the bare-metal virtualization environment shown here:
What component is identified by A in the image?
What component is identified by B in the image?
What component is identified by C in the image?
After running a vulnerability scan of systems in his organization’s development shop, Mike discovers the issue shown here on several systems. What is the best solution to this vulnerability?
Chris is preparing to conduct vulnerability scans against a set of workstations in his organization. He is particularly concerned about system configuration settings. Which one of the following scan types will give him the best results?
Brian is configuring a vulnerability scan of all servers in his organization’s data center. He is configuring the scan to only detect the highest-severity vulnerabilities. He would like to empower system administrators to correct issues on their servers but also have some insight into the status of those remediations. Which approach would best serve Brian’s interests?
Tonya is configuring a new vulnerability scanner for use in her organization’s data center. Which one of the following values is considered a best practice for the scanner’s update frequency?
Ben was recently assigned by his manager to begin the remediation work on the most vulnerable server in his organization. A portion of the scan report appears below. What remediation action should Ben take first?
Tom is planning a series of vulnerability scans and wants to ensure that the organization is meeting its customer commitments with respect to the scans’ performance impact. What two documents should Tom consult to find these obligations?
Don is evaluating the success of his vulnerability management program and would like to include some metrics. Which one of the following would be the least useful metric?
Don completed a vulnerability scan of his organization’s virtualization platform from an external host and discovered the vulnerability shown here. How should Don react?
Elliott runs a vulnerability scan of one of the servers belonging to his organization and finds the results shown here. Which one of these statements is not correct?
Donna is working with a system engineer who wants to remediate vulnerabilities in a server that he manages. Of the report templates shown here, which would be most useful to the engineer?
James received the vulnerability report shown here for a server in his organization. What risks does this vulnerability present?
Tom runs a vulnerability scan of the file server shown here.
He receives the vulnerability report shown next. Assuming that the firewall is configured properly, what action should Tom take immediately?
Dave is running a vulnerability scan of a client’s network for the first time. The client has never run such a scan and expects to find many results. What security control is likely to remediate the largest portion of the vulnerabilities discovered in Dave’s scan?
Matt is working to integrate his organization’s network with that of a recently acquired company. He is concerned that the acquired company’s network contains systems with vulnerabilities that may be exploited and wants to protect his network against compromised hosts on the new network. Which one of the following controls would be least effective at reducing the risk from network interconnection?
Rhonda is planning to patch a production system to correct a vulnerability detected during a scan. What process should she follow to correct the vulnerability but minimize the risk of a system failure?
William is preparing a legal agreement for his organization to purchase services from a vendor. He would like to document the requirements for system availability, including the vendor’s allowable downtime for patching. What type of agreement should William use to incorporate this requirement?
Given no other information, which one of the following vulnerabilities would you consider the greatest threat to information confidentiality?
Which one of the following mobile device strategies is most likely to result in the introduction of vulnerable devices to a network?
Kassie discovered the vulnerability shown here on one of the servers running in her organization. What action should she take?
Morgan recently completed the security analysis of a web browser deployed on systems in her organization and discovered that it is susceptible to a zero-day integer overflow attack. Who is in the best position to remediate this vulnerability in a manner that allows continued use of the browser?
Jeff’s team is preparing to deploy a new database service, and he runs a vulnerability scan of the test environment. This scan results in the four vulnerability reports shown here. Jeff is primarily concerned with correcting issues that may lead to a confidentiality breach. Which vulnerability should Jeff remediate first?
Eric is a security consultant and is trying to sell his services to a new client. He would like to run a vulnerability scan of their network prior to their initial meeting to show the client the need for added security. What is the most significant problem with this approach?
Renee is assessing the exposure of her organization to the denial-of-service vulnerability in the scan report shown here. She is specifically interested in determining whether an external attacker would be able to exploit the denial-of-service vulnerability. Which one of the following sources of information would provide her with the best information to complete this assessment?
Mary is trying to determine what systems in her organization should be subject to vulnerability scanning. She would like to base this decision upon the criticality of the system to business operations. Where should Mary turn to best find this information?
Paul ran a vulnerability scan of his vulnerability scanner and received the result shown here. What is the simplest fix to this issue?
Sarah is designing a vulnerability management system for her organization. Her highest priority is conserving network bandwidth. She does not have the ability to alter the configuration or applications installed on target systems. What solution would work best in Sarah’s environment to provide vulnerability reports?
Terry is conducting a vulnerability scan when he receives a report that the scan is slowing down the network for other users. He looks at the performance configuration settings shown here. Which setting would be most likely to correct the issue?
Laura received a vendor security bulletin that describes a zero-day vulnerability in her organization’s main database server. This server is on a private network but is used by publicly accessible web applications. The vulnerability allows the decryption of administrative connections to the server. What reasonable action can Laura take to address this issue as quickly as possible?
Emily discovered the vulnerability shown here on a server running in her organization. What is the most likely underlying cause for this vulnerability?
Raul is replacing his organization’s existing vulnerability scanner with a new product that will fulfill that functionality moving forward. As Raul begins to build out the policy, he notices some conflicts in the scanning settings between different documents. Which one of the following document sources should Raul give the highest priority when resolving these conflicts?
Rex recently ran a vulnerability scan of his organization’s network and received the results shown here. He would like to remediate the server with the highest number of the most serious vulnerabilities first. Which one of the following servers should be on his highest priority list?
Beth is configuring a vulnerability scanning tool. She recently learned about a privilege escalation vulnerability that requires the user already have local access to the system. She would like to ensure that her scanners are able to detect this vulnerability as well as future similar vulnerabilities. What action can she take that would best improve the scanner’s ability to detect this type of issue?
Shannon reviewed the vulnerability scan report for a web server and found that it has multiple SQL injection and cross-site scripting vulnerabilities. What would be the least difficult way for Shannon to address these issues?
Ron is responsible for distributing vulnerability scan reports to system engineers who will remediate the vulnerabilities. What would be the most effective and secure way for Ron to distribute the reports?
Karen ran a vulnerability scan of a web server used on her organization’s internal network. She received the report shown here. What circumstances would lead Karen to dismiss this vulnerability as a false positive?
Which one of the following vulnerabilities is the most difficult to confirm with an external vulnerability scan?
Ann would like to improve her organization’s ability to detect and remediate security vulnerabilities by adopting a continuous monitoring approach. Which one of the following is not a characteristic of a continuous monitoring program?
Holly ran a scan of a server in her data center and the most serious result was the vulnerability shown here. What action is most commonly taken to remediate this vulnerability?
Nitesh would like to identify any systems on his network that are not registered with his asset management system. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?
What strategy can be used to immediately report configuration changes to a vulnerability scanner?
During a recent vulnerability scan, Mark discovered a flaw in an internal web application that allows cross-site scripting attacks. He spoke with the manager of the team responsible for that application and was informed that he discovered a known vulnerability and the manager worked with other leaders and determined that the risk is acceptable and does not require remediation. What should Mark do?
Jacquelyn recently read about a new vulnerability in Apache web servers that allows attackers to execute arbitrary code from a remote location. She verified that her servers have this vulnerability, but this morning’s vulnerability scan report shows that the servers are secure. She contacted the vendor and determined that they have released a signature for this vulnerability and it is working properly at other clients. What action can Jacquelyn take that will most likely address the problem efficiently?
Dennis is developing a checklist that will be used by different security teams within his broad organization. What SCAP component can he use to help write the checklist and report results in a standardized fashion?
Vincent is a security manager for a U.S. federal government agency subject to FISMA. Which one of the following is not a requirement that he must follow for his vulnerability scans to maintain FISMA compliance?
Sharon is designing a new vulnerability scanning system for her organization. She must scan a network that contains hundreds of unmanaged hosts. Which of the following techniques would be most effective at detecting system configuration issues in her environment?
Questions 182 through 184 refer to the following scenario:
Arlene ran a vulnerability scan of a VPN server used by contractors and employees to gain access to her organization’s network. An external scan of the server found the vulnerability shown here.
Which one of the following hash algorithms would not trigger this vulnerability?
What is the most likely result of failing to correct this vulnerability?
How can Josh correct this vulnerability?
After reviewing the results of a vulnerability scan, Bruce discovered that many of the servers in his organization are susceptible to a brute-force SSH attack. He would like to determine what external hosts attempted SSH connections to his servers and is reviewing firewall logs. What TCP port would relevant traffic most likely use?
Terry runs a vulnerability scan of the network devices in his organization and sees the vulnerability report shown here for one of those devices. What action should he take?
Lori is studying vulnerability scanning as she prepares for the CySA+ exam. Which of the following is not one of the principles she should observe when preparing for the exam to avoid causing issues for her organization?
Meredith is configuring a vulnerability scan and would like to configure the scanner to perform credentialed scans. Of the menu options shown here, which will allow her to directly configure this capability?
Norman is working with his manager to implement a vulnerability management program for his company. His manager tells him that he should focus on remediating critical and high-severity risks and that the organization does not want to spend time worrying about risks rated medium or lower. What type of criteria is Norman’s manager using to make this decision?
After running a vulnerability scan against his organization’s VPN server, Chis discovered the vulnerability shown here. What type of cryptographic situation does a birthday attack leverage?
Meredith recently ran a vulnerability scan on her organization’s accounting network segment and found the vulnerability shown here on several workstations. What would be the most effective way for Meredith to resolve this vulnerability?
Questions 192 through 197 refer to the vulnerability shown here.
Based upon the information presented in the vulnerability report, what type of access must an attacker have to exploit this vulnerability?
Based upon the information presented in the vulnerability report, how difficult would it be for an attacker to exploit this vulnerability?
Based upon the information presented in the vulnerability report, what authentication hurdles would an attacker need to clear to exploit this vulnerability?
What level of confidentiality risk does this vulnerability pose to the organization?
What level of integrity risk does this vulnerability pose to the organization?
What level of availability risk does this vulnerability pose to the organization?
Dan is the vulnerability manager for his organization and is responsible for tracking vulnerability remediation. There is a critical vulnerability in a network device that Dan has handed off to the device’s administrator, but it has not been resolved after repeated reminders to the engineer. What should Dan do next?
Sara’s organization has a well-managed test environment. What is the most likely issue that Sara will face when attempting to evaluate the impact of a vulnerability remediation by first deploying it in the test environment?
How many vulnerabilities listed in the report shown here are significant enough to warrant immediate remediation in a typical operating environment?
Laura discovered an operating system vulnerability on a system on her network. After tracing the IP address, she discovered that the vulnerability is on a search appliance installed on her network. She consulted with the responsible engineer who informed her that he has no access to the underlying operating system. What is the best course of action for Laura?
Which one of the following types of data is subject to regulations in the United States that specify the minimum frequency of vulnerability scanning?
Jim is responsible for managing his organization’s vulnerability scanning program. He is experiencing issues with scans aborting because the previous day’s scans are still running when the scanner attempts to start the current day’s scans. Which one of the following solutions is least likely to resolve Jim’s issue?
Trevor is working with an application team on the remediation of a critical SQL injection vulnerability in a public-facing service. The team is concerned that deploying the fix will require several hours of downtime and that will block customer transactions from completing. What is the most reasonable course of action for Trevor to suggest?
While conducting a vulnerability scan of his organization’s data center, Renee discovers that the management interface for the organization’s virtualization platform is exposed to the scanner. In typical operating circumstances, what is the proper exposure for this interface?
Richard is designing a remediation procedure for vulnerabilities discovered in his organization. He would like to make sure that any vendor patches are adequately tested prior to deploying them in production. What type of environment could Richard include in his procedure that would best address this issue?
Becky is scheduling vulnerability scans for her organization’s data center. Which one of the following is a best practice that Becky should follow when scheduling scans?
Given the CVSS information shown here, where would an attacker need to be positioned on the network to exploit this vulnerability?