What is the goal of asset discovery in vulnerability management?
To identify systems and services that must be assessed and tracked.
When is an internal vulnerability scan used?
When assessing assets from inside the organizations network boundary.
When is an external vulnerability scan used?
When assessing the attack surface visible from outside the organization.
What is the difference between agent-based and agentless scanning?
Agent-based uses software on the host; agentless probes remotely.
What is a credentialed scan?
A scan that logs into the target to inspect configuration and patch state.
Why can non-credentialed scans miss important findings?
They only see what is exposed externally and cannot inspect internal settings.
What is the difference between passive and active vulnerability scanning?
Passive observes traffic without touching hosts; active sends probes to hosts.
What is static application security testing (SAST)?
Testing source code or binaries without running the application.
What is dynamic application security testing (DAST)?
Testing a running application from the outside.
What is Nmap mainly used for during assessment?
To identify hosts, ports, services, and some service details.
What do Nessus or OpenVAS primarily provide?
Automated vulnerability scanning and reporting.
What are Burp Suite and OWASP ZAP commonly used for?
Web application security testing.
What does the CVSS base score estimate?
The inherent severity of a vulnerability.
Why is CVSS alone not enough for prioritization?
Because exploitability, asset value, exposure, and business impact also matter.
What is a false positive in vulnerability management?
A reported issue that is not actually exploitable or present.
What is the difference between a vulnerability and an exploit?
A vulnerability is a weakness; an exploit is a method of abusing it.
What is a compensating control?
An alternate safeguard used when the primary fix cannot be applied immediately.
Why are maintenance windows important for patching?
They reduce operational disruption while changes are applied and tested.
What is the purpose of threat modeling?
To identify likely attack paths and design controls before deployment.
What is secure SDLC intended to achieve?
To build security activities into every phase of software development.
