Flashcards
Checking access...
Q1: What is the difference between authenticated and unauthenticated scanning?
Tip
A: Unauthenticated scanning sees the network-facing attack surface only (open ports, service banners). Authenticated scanning provides valid credentials to the scanner, allowing it to inspect the OS, registry, installed software, missing patches, and configuration issues. Authenticated scans find 10x more vulnerabilities.
Q2: What is the difference between a vulnerability scan and a penetration test?
Tip
A: A vulnerability scan is automated, broad, and identifies known vulnerabilities. A penetration test is manual, deep, and attempts to exploit vulnerabilities to demonstrate business impact. Scans tell you WHAT; pen tests tell you SO WHAT.
Q3: What is CVSS and what are the three metric groups?
Tip
A: Common Vulnerability Scoring System. Three groups: Base (intrinsic characteristics — AV, AC, PR, UI, S, C, I, A), Temporal (changes over time — E, RL, RC), Environmental (organisational context — modified metrics). CVSS v3.1 range: 0.0-10.0.
Q4: What is EPSS and how is it different from CVSS?
Tip
A: Exploit Prediction Scoring System. While CVSS measures severity (how bad it COULD be), EPSS measures likelihood of exploitation (how likely it WILL be exploited in the wild). EPSS scores 0-100% and updates daily based on threat intelligence. Use EPSS to prioritise what to patch NOW vs later.
Q5: What are the three types of penetration testing based on information given?
Tip
A: Black box (no prior knowledge — simulates external attacker), Grey box (partial knowledge — some credentials, architecture docs), White box (full knowledge — source code, architecture, credentials). White box finds the most issues but is less realistic for external attacker simulation.
Q6: What is a bug bounty program?
Tip
A: A program where an organisation invites external security researchers to find and report vulnerabilities in exchange for monetary rewards (bounties). Bounties typically range from $500 for low-severity to $100,000+ for critical RCE vulnerabilities.
Q7: What is the difference between a VDP and a bug bounty program?
Tip
A: A VDP (Vulnerability Disclosure Program) is a policy-only framework — researchers report bugs but receive no financial reward. A bug bounty program includes financial rewards. VDPs are simpler to start; bounties attract more researchers and higher-quality reports.
Q8: What is CVE and who assigns it?
Tip
A: Common Vulnerabilities and Exposures — a dictionary of publicly known cybersecurity vulnerabilities. Each CVE has a unique ID (CVE-YYYY-NNNNN). Assigned by CVE Numbering Authorities (CNAs) such as MITRE, Microsoft, Google, and other organisations.
Q9: What is the vulnerability management lifecycle?
Tip
A: Discover → Classify → Prioritise → Remediate → Verify → Report. Continuous cycle: scanning feeds classification, classification feeds prioritisation, prioritisation drives remediation, remediation is verified, and reporting closes the loop.
Q10: What is the “known exploited vulnerabilities” catalog?
Tip
A: CISA’s Known Exploited Vulnerabilities (KEV) catalog — a list of vulnerabilities that are actively exploited in the wild. Federal agencies must patch KEV-listed vulnerabilities within specified timelines (e.g., 7 days for critical). This is the highest-priority patching list.