Shared Flashcard Set

Details

CompTIA Sec+ 1.5
Explain vulnerability scanning concepts
10
Computer Science
Professional
11/06/2018
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term
Passively Test Security COntrols
 Definition
-No disruption to the business
-Observes and reports findings
-Does not take down systems, applications, or services
Term
Identify Vulnerability
 Definition
Scanners Report on the various vulnerabilities found such as:
-Missing patches
-Security Misconfigurations
-Known exploits
Term
Identify lack of security controls
 Definition
Security Control is misconfigured, missing a patch or completely missing. No AntiVirus or Firewall.
Review Logs
Interview Personnel
Term
Identify Common misconfigurations
 Definition
Tools such as Nessus, Metasploit
REview logs and perform audits of key assets
-open ports
weak passwords
active default accounts and passwords
-Sensitive data leakage
-Audit security baseline deviations
Term
Intrusive
 Definition
Testing that can be disruptive and reduce system responsiveness
Term
Credentialed Scan
 Definition
Testing that has easy access, less impact, and more accurate results
Term
False Positive
 Definition
-A vulnerability is identified that does not actually exist
-Results must be verified and audited for completeness and accuracy
Term
Non Credentialed Scan
 Definition
Requires more resources as a system may try to brute-force access or try multiple things to gain access.
Term
Non-Intrusive
 Definition
Testing that simply identifies vulnerabilities and reports findings
Term
False Negative
 Definition
When a scan indicates no vulnerabilities exist when there is one.
Supporting users have an ad free experience!