Information Technology /Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 1
Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 1
This deck covers key concepts and definitions related to vulnerability management, including types of vulnerabilities, system configurations, and security practices.
Define ‘Vulnerability management’
Identifying/reporting, evaluating, and remediating, security vulnerabilities in OSs, applications, and other components of IT operations.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
Define ‘Vulnerability management’
Identifying/reporting, evaluating, and remediating, security vulnerabilities in OSs, applications, and other components of IT operations.
Define ‘Vulnerability scanning’
Utilized to identify potential weaknesses in an organization’s digital assets automatically.
Define a ‘Vulnerability’
Flaws in the operating system’s design, errors in code, or insecure default settings.
What are typical vulnerabilities found in Microsoft Windows OS’?
Buffer overflows, lack of input validation, and privilege flaws.
What are typical vulnerabilities found in Mac OS?
Weak access controls, insecure boot processes, and third-party software.
What are typical vulnerabilities found in Linux OS?
Kernel vulnerabilities, misconfigurations, and unpatched systems are common issues in Linux.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define ‘Vulnerability management’ | Identifying/reporting, evaluating, and remediating, security vulnerabilities in OSs, applications, and other components of IT operations. |
Define ‘Vulnerability scanning’ | Utilized to identify potential weaknesses in an organization’s digital assets automatically. |
Define a ‘Vulnerability’ | Flaws in the operating system’s design, errors in code, or insecure default settings. |
What are typical vulnerabilities found in Microsoft Windows OS’? | Buffer overflows, lack of input validation, and privilege flaws. |
What are typical vulnerabilities found in Mac OS? | Weak access controls, insecure boot processes, and third-party software. |
What are typical vulnerabilities found in Linux OS? | Kernel vulnerabilities, misconfigurations, and unpatched systems are common issues in Linux. |
Define a ‘Legacy and End-of-Life (EOL) System’ | The manufacturer or vendor no longer supports EOL systems, so they do not receive updates, including critical security patches. |
What is the difference between a ‘legacy system’ and an ‘End-of-life system’? | Legacy systems typically describe outdated software methods, technology, computer systems, or application programs that continue to be used despite their shortcomings. |
Define ‘firmware’ | Software that controls hardware. |
Define ‘VM escape’ | An attacker with access to a VM breaks out of its isolated environment and gains access to the host system or other VMs running on the same host. |
Define a ‘Zero-day vulnerability’ | Previously unknown software or hardware flaws that attackers can exploit before developers or vendors become aware of or have a chance to fix them. |
Define ‘responsible disclosure’ | A procedure followed by ethical hackers after a zero day is found, to privately inform the vendor so a patch can be developed before the vulnerability is publicly disclosed. |
How can misconfiguration of infrastructure lead to vulnerabilities? | Unauthorized access, data leaks, or even full-system compromises. |
What is the most common form of misconfiguration? | Leaving default configurations. |
How can troubleshooting lead to vulnerabilities? | Disabling security features or loosening access controls to help isolate a problem without changing back to secure configuration. |
Define a ‘Cryptographic vulnerability’ | Weaknesses in cryptographic systems, protocols, or algorithms that can be exploited to compromise data. |
Define ‘Rooting’ | Gaining superuser-level access over an Android-based mobile device. |
Define ‘Jailbreaking’ | Describes gaining full access to an iOS device by removing the limitations imposed by Apple’s iOS operating system. |
Define ‘Sideloading’ | Installing applications from sources other than the official app store of the platform |
How can an organization prevent rooting/jailbreaking/sideloading? | By disabling access to unverified app stores or installing apps from unofficial sources. |
Define an ‘Application race condition’ vulnerability | Software flaws associated with the timing or order of events within a software program, which can be manipulated, causing undesirable or unpredictable outcomes. |
What is the outcome of an Application race condition vulnerability? | Data corruption or unauthorized access. |
Define a ‘time-of-check to time-of-use (TOCTOU)’ vulnerability | Type of application race condition; A system state changes between the time an app performs the check (verification) stage and the use (execution) stage. |
Define a ‘memory injection’ vulnerability | Type of security flaw where an attacker can introduce (inject) malicious code into a running application’s process memory. |
What is a direct outcome of an attacker exploiting a memory injection vulnerability? | Threat actor can run malicious code with the same privilege level as the vulnerable process that can lead to full system compromise. |
What is the desired goal of a threat actor once a memory injection is successful? | To provide unauthorized access or control over the system; Install malware, exfiltrate sensitive data, or create a backdoor for future access. |
What controls are used to mitigate memory injection vulnerabilities? | Secure coding practices; Input/output validation, encoding, type-casting, access controls, application testing. |
Define a 'buffer' | An area of memory that the application reserves to store expected data. |
Define a 'buffer overflow' vulnerability | A form of memory injection; An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. |
How does a threat actor perform a buffer overflow attack? | The attacker passes data that deliberately overfills the buffer. |