$0-$day vulnerabilities

Question $1$ options:

should be checked for a patch on NVD$.$

do not have a patch.$$

are due to buffer overflow.

can't result in attacks.

Question $2($Mandatory$)(10$ points$)$

$$

Some organizations don't set up their computers for automatic updates because such updates may require administrative privileges.$$So$,$they do the updates during off hours or in case of emergency.$$The automatic updates

Question $2$ options:

could install malware.

is not the same thing as patching, so they have no use really.

could be better for patching$$of$$OS than non$-$automatic$$updates as they narrow down the vulnerability window.

do not have any patches.

Question $3($Mandatory$)(10$ points$)$

$$

Common vulnerabilities and exposures $($CVE$)$on the National Vulnerability Database $($NVD$)$contains information about vulnerabilities relating to$$SQL injections, authentication issues and buffer overflow errors.$$This CVE database

Question $3$ options:

also includes$$information about the fixes.

does not include the year they were discovered.

are in software only.

are in operating systems only.

Question $4($Mandatory$)(10$ points$)$

$$

Patch management tools can report what$$patches are available

Question $4$ options:

and relate them to known vulnerabilities.

but can't install them.

but do not support vulnerability management.

but can't relate them to specific vulnerabilities.

Question $5($Mandatory$)(10$ points$)$

$$

No vulnerability management capability $($VUL$)$can verify the absence of those vulnerabilities$$that are reported$$in the CVE database.

Question $5$ options:

TrueFalse

Question $6($Mandatory$)(10$ points$)$

$$

NMAP and NESSUS both can be used for port scanning. NESSUS also gives an output about the vulnerabilities.$$But it's not free,$$like NMAP.$$The NMAP can get information about OS and Application versions

Question $6$ options:

this information can be used along with CVE to find $0-$day vulnerabilities in the OS and applications.

this information can be used along with CVE to find$$known$$vulnerabilities in the OS and applications.

this information can't be used to find$$known$$vulnerabilities in the OS and applications.$$

this information is useful for an attacker but can't help in patch management.

Question $7($Mandatory$)(10$ points$)$

$$

Penetration testing is a better way of testing than vulnerability scanners,$$as you can also test for the attack vectors,$$such as access weaknesses and privilege escalation. In fact

Question $7$ options:

vulnerability scanner will be part of penetration testing.

vulnerability scanner has nothing to do with$$penetration testing.

penetration testing can't be done for your own organization and can only be done through a third party who can break into your system externally.

penetration testing is another name for vulnerability scanning.

Question $8($Mandatory$)(10$ points$)$

$$

Sandboxing, Intrusion Detection Systems, Honey pots and data back ups are ways of

Question $8$ options:

OS patching.

vulnerability management.

penetration testing.

countermeasures against attacks.

Question $9($Mandatory$)(10$ points$)$

$$

Kernel space vulnerabilities are in general more dangerous than user space vulnerabilities because a break into kernel can expose device drivers and OS modules.

Question $9$ options:

TrueFalse

Question $10($Mandatory$)(10$ points$)$

$$

A mobile phone connected to the Internet is more prone to attacks than a mobile phone not connected to the Internet.

Question $10$ options:

TrueFalse

Submit Quiz$0$ of $10$ questions saved