Information Technology /Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 3
Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 3
This flashcard deck covers key concepts from Lesson 8 of the Security+ (SY0-701) syllabus, focusing on vulnerability management, including credentialed scans, application vulnerability scanning, threat feeds, and cyber threat intelligence.
Define a 'credentialed' scan
A scan that uses credentials with some form of privileged access to allow for a more in-depth analysis, especially in detecting when applications or security settings may be misconfigured.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/30
Key Terms
Term
Definition
Define a 'credentialed' scan
A scan that uses credentials with some form of privileged access to allow for a more in-depth analysis, especially in detecting when applications or s...
What is the purpose of a credentialed scan?
Shows what an insider attack, or an attack with a compromised user account, may be able to achieve.
Define an 'application vulnerability scanning'
Designed to identify issues with application code and platform configuration, including web servers and web applications.
Define 'static analysis'
Reviewing application code without executing it; Either manually or using automated tools.
Define 'dynamic analysis'
Testing running applications; Examines code behavior during runtime.
What can be discovered through dynamic analysis?
Unvalidated inputs/outputs, broken access controls, and injection vulnerabilities.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define a 'credentialed' scan | A scan that uses credentials with some form of privileged access to allow for a more in-depth analysis, especially in detecting when applications or security settings may be misconfigured. |
What is the purpose of a credentialed scan? | Shows what an insider attack, or an attack with a compromised user account, may be able to achieve. |
Define an 'application vulnerability scanning' | Designed to identify issues with application code and platform configuration, including web servers and web applications. |
Define 'static analysis' | Reviewing application code without executing it; Either manually or using automated tools. |
Define 'dynamic analysis' | Testing running applications; Examines code behavior during runtime. |
What can be discovered through dynamic analysis? | Unvalidated inputs/outputs, broken access controls, and injection vulnerabilities. |
Define 'package monitoring' | Techniques and tools designed to mitigate risks from application vulnerabilities in third-party code, such as libraries and dependencies. |
What is the role of package monitoring in vulnerability management? | Tracks and assesses the security of third-party software packages, libraries, and dependencies used within an organization. |
What mechanism is used to achieve package monitoring at an enterprise level? | Automated software composition analysis (SCA). |
Define 'Automated software composition analysis (SCA)' | Identifies outdated packages or packages with known vulnerabilities and suggests updates or replacements. |
Define a 'threat feed' | Aggregate data from various real-time sources, are integrated into vulnerability scanning tools to improve their detection capabilities. |
Define 'Tactics, Techniques, and Procedures (TTPs)' | Term to describe the behaviors, processes, actions, and strategies used by a threat actor to develop threats and engage in cyberattacks. |
What data does a threat feed contain? | Signatures and pattern-matching rules; Latest vulnerabilities, exploits, and threat actors. |
What are the most common threat feeds? | AlienVault's Open Threat Exchange (OTX), IBM's X-Force Exchange, and Recorded Future. |
Define 'cyber threat intelligence (CTI)' | Process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources. |
What are the 3 types of cyber threat intelligence (CTI)? |
|
Define 'Behavioral Threat Research' | Commentary describing examples of attacks and TTPs gathered through primary research sources. |
Define 'Reputational threat intelligence' | Blocklists of known threat sources, such as malware signatures, IP address ranges, and DNS domains. |
Define 'Threat Data' | Data from networks and logs that can correlate events with known TTPs, Behavioral threat research, and reputation threat intelligence. |
What can cyber threat intelligence (CTI) be coupled with to produce actionable intelligence? | All 3 types of CTI aggregated into a Security Information Event Management (SIEM). |
Define a 'proprietary treat feed' | Threat research and CTI data is available as a paid subscription to a commercial threat intelligence platform. |
Define 'Open-source intelligence (OSINT)' | Publicly available information plus the tools used to aggregate and search it. |
What is the function of Open-source intelligence (OSINT)? | Used to identify vulnerabilities and threat information by gathering data from many sources such as blogs, forums, social media platforms, and even the dark web. |
Define 'Shodan' | OSINT tool for investigating Internet-connected devices. |
Define 'Maltego' | OSINT tool for visualizing complex networks of information. |
Define 'Recon-ng' | OSINT tool or web-based reconnaissance activities. |
Define 'theHarvester' | OSINT tool for gathering emails, subdomains, hosts, and employee names from different public sources. |
Define the 'deep web' | Any part of the World Wide Web that is not indexed by a search engine. |
What are parts of the deep web? | Dark net, Dark web. |
Define the 'dark net' | Network established as an overlay to Internet infrastructure by software. |