4.4 Security Tools

Question 1

What is SCAP?

Answer 1

Security Content Automation Protocol

SCAP is maintained by the National Institute of Standards and Technology (NIST) and consolidates vulnerabilities into a single language for better understanding across different security tools.

Question 2

What is the main purpose of SCAP?

Answer 2

To allow diverse security tools to identify the same vulnerability using a unified language

Question 3

What does a vulnerability scanner do?

Answer 3

Identifies devices with vulnerabilities and can automate the patching process

Question 4

What is the benefit of automating the patching process?

Answer 4

Reduces the need for human intervention and can efficiently manage multiple devices

Question 5

What organization provides extensive security benchmarks?

Answer 5

Center for Internet Security (CIS)

Their website can be visited at cissecurity.org.

Question 6

What is a security benchmark?

Answer 6

A set of security best practices that ensures systems are configured securely

Question 7

What kind of system checks can be performed for compliance?

Answer 7

Agent-based and agentless checks

Question 8

What is an advantage of agent-based systems?

Answer 8

Always on and running to ensure compliance

Question 9

What is a disadvantage of agent-based systems?

Answer 9

Requires ongoing maintenance and updates

Question 10

What is a SIEM?

Answer 10

Security Information and Event Manager

SIEMs consolidate log files to a central database for reporting and analysis.

Question 11

What is the primary function of a SIEM?

Answer 11

To consolidate log files and create reports on security performance

Question 12

What types of malware can antivirus and anti-malware tools identify?

Answer 12

Trojan horses, worms, macro viruses, spyware, ransomware, fileless malware

Question 13

What does DLP stand for?

Answer 13

Data Loss Prevention

Question 14

What is the purpose of DLP?

Answer 14

To monitor and block the transfer of sensitive data across networks

Question 15

What protocol is used for monitoring software built into systems?

Answer 15

Simple Network Management Protocol (SNMP)

Question 16

What is a Management Information Base (MIB)?

Answer 16

A database of information collected on a system monitored by SNMP

Question 17

What are object identifiers (OID)?

Answer 17

A group of numbers used to identify metrics in a MIB

Question 18

What is an SNMP trap?

Answer 18

A proactive alert sent from a device to a management station when a specific event occurs

Question 19

What is NetFlow used for?

Answer 19

Monitoring traffic flows and application use statistics

Question 20

What type of information does SNMP gather?

Answer 20

Lower level metrics such as utilization and packet counts

Question 21

True or False: DLP can only be implemented on network appliances.

Answer 21

False

DLP can also be implemented on endpoints and cloud-based systems.

Question 22

Fill in the blank: The _______ allows for the automation of vulnerability detection and removal.

Answer 22

Security Content Automation Protocol (SCAP)

Question 23

What happens during an agentless check?

Answer 23

Runs without formal installation and checks compliance upon login or connection

Question 24

What is a key challenge in maintaining device security?

Answer 24

Constant changes and new vulnerabilities emerging

Question 25

What is NetFlow?

Answer 25

A standard for monitoring traffic flows and looking at statistics relating to application use. ## Footnote NetFlow allows for detailed analysis of network traffic and application performance.

Question 26

What are the components involved in NetFlow?

Answer 26

NetFlow compatible agents, NetFlow management stations, hardware devices, probes, and collectors. ## Footnote These components work together to gather and analyze network traffic data.

Question 27

How does a NetFlow probe collect data?

Answer 27

By compiling information for traffic flows, either built into a switch/router or as a separate external probe. ## Footnote Probes can connect through monitoring ports or physical taps.

Question 28

What is a Switched Port Analyzer (SPAN)?

Answer 28

A monitoring port from a switch that connects to a NetFlow probe. ## Footnote SPAN allows for the collection of traffic data without disrupting network performance.

Question 29

What does a NetFlow collector do?

Answer 29

Receives metrics from probes to create reports and details about application traffic flows. ## Footnote This data is crucial for network analysis and troubleshooting.

Question 30

What type of information can be obtained from a NetFlow collector?

Answer 30

Top 10 conversations, top 10 endpoints by IP address or domain name, and traffic sources. ## Footnote This information helps in understanding network usage and performance.

Question 31

What is a vulnerability scanner?

Answer 31

A tool designed to gather details about potential vulnerabilities in systems without performing exploits. ## Footnote It helps in assessing the security posture of a network.

Question 32

What additional functionality do many vulnerability scanners provide?

Answer 32

They can perform port scans to identify services installed on devices. ## Footnote This helps in understanding what services may be vulnerable.

Question 33

What is the benefit of performing vulnerability scans from outside the network?

Answer 33

To gain perspective on what a potential attacker might see. ## Footnote This external view can reveal vulnerabilities not visible from within the network.

Question 34

Why is it important to verify information collected by vulnerability scans?

Answer 34

Not everything collected is entirely accurate, and verification helps ensure security accuracy. ## Footnote False positives can lead to unnecessary remediation efforts.

Question 35

What types of vulnerabilities can be identified in a vulnerability scan?

Answer 35

Critical, high, medium, low, and informational vulnerabilities. ## Footnote Understanding the severity helps prioritize remediation efforts.

Question 36

What is one example of a critical vulnerability found in a scan?

Answer 36

An issue with the random number generator on a server. ## Footnote This vulnerability could allow unauthorized remote access.

Question 37

Why is it important to run vulnerability scans regularly?

Answer 37

To avoid having critical or high-level vulnerabilities active on the network. ## Footnote Regular scans help maintain security hygiene and compliance.