assessment

vulnerability assessment

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols founds on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevent tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

Leave a Comment / CEHv11 / By

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols founds on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevent tests. What is the type of vulnerability assessment solution …

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols founds on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevent tests. What is the type of vulnerability assessment solution that James employed in the above scenario? Read More »

configuration

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin?

Leave a Comment / CEHv11 / By

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin? Option 1 …

A newly joined employee, Janet, has been allocated an existing system used by a previous employee. Before issuing the system to Janet, it was assessed by Martin, the administrator. Martin found that there were possibilities of compromise through user directories, registries, and other system parameters. He also identified vulnerabilities such as native configuration tables, incorrect registry or file permissions, and software configuration errors. What is the type of vulnerability assessment performed by Martin? Read More »

vulnerability management

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

Leave a Comment / CEHv11 / By

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability management life cycle is David currently in? Option 1 : Vulnerability scan Option 2 : Verification Option 3 …

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in? Read More »

scan

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

Leave a Comment / CEHv11 / By

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Option 1 : Credential assessment Option 2 : Internal assessment Option 3 : External assessment Option 4 : …

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Read More »

ISO-27001-Annex-A.16.1.2-Reporting-Information-Security-Events

ISO 27001 Annex : A.16.1.2 Reporting Information Security Events, A.16.1.3 Reporting Information Security Weaknesses & A.16.1.4 Assessment of and Decision on Information Security Events

Leave a Comment / ISO 27001 La, Knowledge Base / By

In this article explain ISO 27001 Annex : A.16.1.2 Reporting Information Security Events, A.16.1.3 Reporting Information Security Weaknesses & A.16.1.4 Assessment of and Decision on Information Security Events this contols. A.16.1.2 Reporting Information Security Events Control- Information security incidents should be reported as quickly as possible through appropriate management channels. Implementation Guidance- Both employees and contractors will be made aware of their responsibility as soon as possible for reporting security incidents. The reporting protocols and …

ISO 27001 Annex : A.16.1.2 Reporting Information Security Events, A.16.1.3 Reporting Information Security Weaknesses & A.16.1.4 Assessment of and Decision on Information Security Events Read More »

Data-Analysis-&-Evidence-Assessment

Data Analysis & Evidence Assessment

Leave a Comment / CHFI / By

Data Analysis & Evidence Assessment refers to the process of going through the data and finding the relevant evidential data and its relevance to the crime. This section will explain the process of analyzing the data in order to use it for proving the crime and the perpetrator. Data Analysis Data analysis refers to the process of examining, identifying, separating, converting, and modeling data to isolate useful information. In forensic investigation, the data analysis helps …

Data Analysis & Evidence Assessment Read More »

Laboratory-Accreditation-Programs

Laboratory Accreditation Programs

Leave a Comment / CHFI / By

Laboratory Accreditation Programs in this article explain which of the accreditation using for forensic laboratory and what are there standards and also explain risk assesment, computer investigation methodology. ISO IEC 17025 Accreditation: ISO (the International Organization for Standardization) and IEC (the International Electro­technical Commission) are part of the specialized system for worldwide standardization. They develop International Standards in association with technical committees established by the respective organization for particular fields of technical activity. In 1999, …

Laboratory Accreditation Programs Read More »

forensics-investigation-method-of-computer

Forensics Investigation method of Computer

14 Comments / ECIH / By

Forensic Investigation of computer Discussed below, totally different phases of the computer forensics investigation process: Pre-investigation phase: This phase involves all the tasks performed before the commencement of the actual investigation. It involves setting up a computer forensics laboratory, building a forensics workstation, investigation toolkit, the investigation team, obtaining approval from the relevant authority, and so on. Investigation phase: Considered as the main phase of the computer forensics investigation, it involves acquisition, preservation, and analysis …

Forensics Investigation method of Computer Read More »

What-Is-Threat-Assessment

What Is Threat Assessment?

Leave a Comment / CTIA / By

Threat assessment Threat assessment is the process of examining, filtering, transforming, and modeling of acquired threat data for extracting threat intelligence. It is a process where the knowledge of internal and external threat information. The definition of threat varies from organization to organization and industry to industry. Even the threat assessment varies depending on the requirement of the organization. Threat assessment enriches the security measures of the organization with insight into internal and external threat …

What Is Threat Assessment? Read More »