Security Assessment
This process involves testing and evaluating a system’s security controls.
What is a security assessment?
This metric in CVSS measures potential damage caused by a successful exploit.
What is the impact score?
This type of scan probes a system without login credentials.
What is a non-credentialed (unauthenticated) vulnerability scan?
This program scans a system for known vulnerabilities, such as OpenVAS or Nessus.
What is a vulnerability scanner?
This metric measures how easy it is to exploit a vulnerability.
What is the exploitability score?
This type of scan uses login access to detect software misconfigurations.
What is a credentialed (authenticated) vulnerability scan?
This database assigns identifiers to publicly known cybersecurity vulnerabilities.
What is the Common Vulnerabilities and Exposures (CVE) database?
In CVSS, this attack vector means the vulnerability can be exploited remotely.
What is the Network (AV) attack vector?
This type of error occurs when a scanner reports a problem that doesn’t exist.
What is a false positive (Type I error)?