Domain 2 Automated Vulnerability Scanners

0.0(0)
studied byStudied by 0 people
0.0(0)
linked notesView linked note
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/9

flashcard set

Earn XP

Description and Tags

This set of flashcards covers terminology related to automated vulnerability scanning tools, their types, potential issues, and relevant scoring systems.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No study sessions yet.

10 Terms

1
New cards

Automated vulnerability scanning tools

Tools like Nessus or Qualys that scan environments for vulnerabilities in systems.

2
New cards

Credentialed scan

A scan where the scanning tool has the necessary credentials to log into the system, allowing for a deeper inspection.

3
New cards

Uncredentialed scan

A scan where the scanning tool does not have login credentials, simulating an attacker's view.

4
New cards

False positive

A result indicating a vulnerability exists when there is none; it shows incorrect detection.

5
New cards

Baseline

A documented configuration standard for how a system should be securely configured.

6
New cards

CVE (Common Vulnerability and Exposure)

An open-source dictionary that provides a unique identifier for reported vulnerabilities for consistency across tools.

7
New cards

CVSS (Common Vulnerability Scoring System)

A scoring system that rates vulnerabilities on a scale from 0 to 10 to help prioritize remediation efforts.

8
New cards

False negative

A scan result that indicates no vulnerabilities when there are actually vulnerabilities present, posing a serious risk.

9
New cards

Vulnerability

A weakness in a system that can be exploited to compromise its security.

10
New cards

False positives vs False negatives

False positives are false alerts of vulnerabilities, whereas false negatives are missed vulnerabilities that pose a significant danger.