Scan That Asset
This scanning approach identifies devices by listening quietly on a network without sending packets.
What is passive scanning
This type of analysis examines code without running it.
What is static analysis
In CVSS, this metric defines whether a vulnerability affects only one component or others as well.
What is scope
These industrial systems control physical processes like water treatment or energy distribution.
What are SCADA systems
This scanning type can impact network performance due to its intrusive nature.
What is active scanning
These two types of scans differ in that one looks at open ports while the other gathers detailed system information.
What are map scans and device fingerprinting
This CVSS metric measures how easily a vulnerability can be exploited, considering factors like required privileges and user interaction.
What is Exploitability sub-score
This is the term for a vulnerability that is unknown to vendors and unpatched.
What is a zero-day
This compliance framework provides security benchmarks for payment card data.
What is PCI DSS
This scanning strategy respects network segmentation to avoid disrupting critical zones.
What is scheduled scanning
This scanning approach is typically used from inside a network's firewall.
What is internal scanning
This method involves feeding unexpected or malformed input into software to identify security flaws.
What is fuzzing
CVSS assigns a score based in part on how easy a vulnerability is to exploit—known as this metric.
What is attack complexity
This OWASP document lists the ten most critical security risks for web applications
What is the OWASP Top 10
Scans originating from outside the firewall are known as this.
What are external scans
This kind of scan uses installed software on the target machine to gather detailed data.
What is agent-based scanning
This reverse technique starts with compiled software and works backward to analyze its structure.
What is reverse engineering
The criticality of a vulnerability is often influenced by this aspect of the asset it affects.
What is asset value
This ISO series focuses on information security management standards.
What is ISO 27000
This hands-off investment strategy aims to mirror market indexes and often boasts lower fees and less stress for the average investor.
What is passive investing
This scanning method operates without needing login credentials or an install to the systems it checks
What is agentless scanning
This scan checks a system against a list of known secure configurations.
What is a security baseline scan
This type of scanning evaluates an environment without referencing other systems or networks.
What is isolated context awareness
In regulated industries, this term refers to information that must be protected due to legal or business needs.
What is sensitive data
This consideration helps balance performance impact with vulnerability coverage during operations.
What is operational segmentation