Assess
Manage
Intelligence
Vulnerabilities
Tools
100

This type of result indicates that a vulnerability was correctly identified and is indeed present.

What is a true positive?

100

This type of control is implemented to satisfy the requirement for a security measure that is impractical to implement.

What is a compensating control?

100

This tool is used to find vulnerabilities in web applications and includes features like intercepting proxy and web application scanner.

What is Burp Suite?

100

This type of vulnerability is unknown to the software vendor and has no available patch.

What is a zero-day vulnerability?

100

This open-source web application security scanner is designed to find vulnerabilities in web applications.

What is Zed Attack Proxy (ZAP)?

200

This type of scanning compares the current state of a system against the normal everyday security conditions previously recorded.

What is security baseline scanning?

200

This risk management strategy involves transferring the risk to another party, such as through insurance.

What is risk transference?

200

This type of analysis uses machine learning to analyze user behavior and detect anomalies.

What is UEBA (User and Entity Behavior Analytics)?

200

This type of overflow occurs when more data is written to a buffer than it can hold, potentially leading to code execution.

What is buffer overflow?

200

This commercial vulnerability scanner is widely used for identifying and managing security vulnerabilities.

What is Nessus?

300

This type of scanning is performed from within the organization’s network to identify vulnerabilities that could be exploited by internal threats.

What is internal or credentialed scanning?

300

This practice involves ensuring that input data is properly checked and sanitized to prevent security vulnerabilities.

What is input validation?

300

This type of analysis involves collecting intelligence from publicly available sources.

What is OSINT (Open Source Intelligence)?

300

This term refers to the ease with which a vulnerability can be exploited to carry out an attack.

What is exploitability?

300

This tool is used for network discovery and security auditing, known for its graphical interface and extensive data visualization capabilities.

What is Maltego?

400

This measurable value demonstrates how effectively a cloud service provider is achieving key security objectives.

What is KPI (Key Performance Indicator)?

400

This framework is used by U.S. federal agencies to manage information security risk.

What is FISMA (Federal Information Security Management Act)?

400

This type of scanning does not require software to be installed on the target systems.

What is agentless scanning?

400

This type of attack involves exploiting a vulnerability to gain higher access rights than originally intended.

What is privilege escalation?

400

This free tool is widely used for network enumeration via a command line interface, but can be used from Windows via a graphical interface application.

What is network mapper (nmap)?

500

This language is used to authenticate and authorize data between parties in a cloud environment.

What is SAML (Security Assertion Markup Language)?

500

This framework is intended for developing, implementing, monitoring, and improving cloud IT governance and management practices

What is COBIT (Control Objectives for Information and Related Technologies)?

500

This debugger is widely used for analyzing and debugging programs written in C and C++, primarily in Linux.

What is GDB (GNU Debugger)?

500

This type of XSS attack occurs when malicious scripts are injected into otherwise benign and trusted websites.

What is reflected XSS?

500

This penetration testing framework is used for developing and executing exploit code against target systems.

What is Metasploit Framework (MSF)?