vulnerability

professional hacker

John a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victim and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by john in the above scenario?

John a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victim and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by john in the above scenario? Option 1 : Network-based scanner Option 2 : Agent-based scanner Option …

John a disgruntled ex-employee of an organization, contacted a professional hacker to exploit the organization. In the attack process, the professional hacker installed a scanner on a machine belonging to one of the victim and scanned several machines on the same network to identify vulnerabilities to perform further exploitation. What is the type of vulnerability assessment tool employed by john in the above scenario? Read More »

whitelisting

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting?

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non – whitelisting programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Option 1 : Phishing malware Option 2 : File-less malware …

Security administrator John Smith has noticed abnormal amounts of traffic coming from local computers at night. Upon reviewing, he finds that user data have been exfiltered by an attacker. AV tools are unable to find any malicious software, and the IDS/IPS has not reported on any non-whitelisted programs. What type of malware did the attacker use to bypass the company ‘s application whitelisting? Read More »

vulnerability assessment

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols founds on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevent tests. What is the type of vulnerability assessment solution that James employed in the above scenario?

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols founds on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevent tests. What is the type of vulnerability assessment solution …

An organization is performing a vulnerability assessment for mitigating threats. James, a pen tester, scanned the organization by building an inventory of the protocols founds on the organization’s machines to detect which ports are attached to services such as an email server, a web server, or a database server. After identifying the services, he selected the vulnerabilities on each machine and started executing only the relevent tests. What is the type of vulnerability assessment solution that James employed in the above scenario? Read More »

vulnerability management

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in?

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability management life cycle is David currently in? Option 1 : Vulnerability scan Option 2 : Verification Option 3 …

David is a security professional working in an organization, and he is implementing a vulnerability management program in the organization to evaluate and control the risk and vulnerabilities in its IT infrastructure. He is currently executing the process of applying fixes on vulnerable systems to reduce the impact and severity of vulnerabilities. Which phase of the vulnerability-management life cycle is David currently in? Read More »

scan

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Option 1 : Credential assessment Option 2 : Internal assessment Option 3 : External assessment Option 4 : …

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the user who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization? Read More »

Scoring

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in?

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in? Option 1 : 4.0-6.9 Option 2 : 3.9-6.9 Option 3 : 3.0-6.9 Option 4 : 4.0-6.0 The Common Vulnerability Scoring System (CVSS) is an open structure for conveying the attributes and seriousness of programming weaknesses. CVSS comprises of three measurement gatherings: Base, Temporal, and Environmental. The Base measurements produce a score going from 0 to 10, which would …

In the Common Vulnerability Scoring System (CVSS) v3.1 severity ratings, what range does medium vulnerability fall in? Read More »

stage

You are a penetration tester working to test the user awareness of the employees of the client XYZ . You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at?

You are a penetration tester working to test the user awareness of the employees of the client XYZ . You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at? Option 1 : Command and control Option 2 : Reconnaissance Option 3 : Exploitation Option 4 : Weaponization 1. Command and control This …

You are a penetration tester working to test the user awareness of the employees of the client XYZ . You harvested two employees’ emails from some public sources and are creating a client-side backdoor to send it to the employees via email. Which stage of the cyber kill chain are you at? Read More »

CISSP Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements – Bk1D3T5

Assessing information security vulnerabilities can be done by inspection or testing. Inspection can be manual, reviewing the design and implementation looking for vulnerabilities, or automated, in which software analyzes the configuration or code. Testing can be white-box, in which the tester knows the details of the system’s design and implementation; black-box, in which the tester knows nothing about the internals of the system; or gray-box, in which the tester has some knowledge. Related Product : …

CISSP Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements – Bk1D3T5 Read More »

ISO-27001-Annex-A.9.3-User-Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities

ISO 27001 Annex : A.9.3 User Responsibilities Its objective is the Responsibility of users for safeguarding their authentication information. A.9.3.1 Use of Secret Authentication Information Control- Use of secret authentication information should be allowed for users to follow the organization’s practices. Implementation Guidance- It is recommended that all users: maintain confidential information on secure authentication to ensure that it is not leaked to the other parties, including people of authority; Avoid maintaining a record of …

ISO 27001 Annex : A.9.3 User Responsibilities Read More »

Overview of Network Security Objectives

Overview of Network Security Objectives this blog is based on Understanding Network and Information Security with it’s objective Confidentiality, Integrity and Availability etc. Understanding Network and information Security Basics Security is very important, and therefore the lack of it risks financial, legal, political, and PR implications. This section covers a number of the concepts, terms, and methodologies employed in preparing for and dealing with secure networks. Network Security Objectives When considering networks, you’ll view them …

Overview of Network Security Objectives Read More »