Chapter 6 Study Guide

Using Risk Management Tools

CompTIA Security+ objectives covered in this chapter:

1.2 ​Given a scenario, analyze potential indicators to determine the type of attack. • Supply-chain attacks

1.3 ​Given a scenario, analyze potential indicators associated with application attacks. • Privilege escalation

1.5 ​Explain different threat actors, vectors, and intelligence sources. • Vectors (Supply chain) • Threat intelligence sources (Open source intelligence (OSINT)) • Research sources (Vulnerability feeds, Threat feeds, Adversary tactics, techniques, and procedures (TTP))

1.6 ​Explain the security concerns associated with various types of vulnerabilities. •        Weak configurations (Open permissions, Unsecure root accounts, Errors, Weak encryption, Unsecure protocols, Default settings, Open ports and services) • Improper or weak patch management (Firmware, Operating system (OS), Applications), Legacy platforms

1.7 ​Summarize the techniques used in security assessments. • Threat hunting (Intelligence fusion, Threat feeds, Advisories and bulletins, Maneuver) •        Vulnerability scans (False positives, False negatives, Log reviews, Credentialed vs. non-credentialed, Intrusive vs. non-intrusive, Application, Web application, Network, Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS), Configuration review)

1.8 ​Explain the techniques used in penetration testing. •        Penetration testing (Known environment, Unknown environment, Partially known environment, Rules of engagement, Lateral movement, Privilege escalation, Persistence, Cleanup, Bug bounty, Pivoting)

Passive and active reconnaissance (Footprinting) • Exercise types (Red team, Blue team, White team, Purple team)

4.1 ​Given a scenario, use the appropriate tool to assess organizational security. • Network reconnaissance and discovery (nmap, netcat, IP scanners, curl, theHarvester, sn1per, scanless, dnsenum, Nessus) • Packet capture and replay (Tcpreplay, Tcpdump, Wireshark) • Exploitation frameworks, Password crackers

4.3 Given an incident, utilize appropriate data sources to support an investigation. • Vulnerability scan output, Netflow/sFlow (Netflow, sFlow, IPFIX), Protocol analyzer output

5.2 ​Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture. • Regulations, standards, and legislation (Payment Card Industry Data Security Standard (PCI DSS)) •        Key frameworks (Center for Internet Security, National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)/Cybersecurity Framework (CSF), International Organization for Standardization (ISO) 27001/27002/27701/31000, SSAE SOC 2 Type I/II, Reference architecture) • Benchmarks/secure configuration guides (Platform/vendor-specific guides, Web server, OS, Application server, Network infrastructure devices)

5.4 ​Summarize risk management processes and concepts. • Risk types (External, Internal, Legacy systems, Multiparty, IP theft, Software compliance/licensing) • Risk management strategies (Acceptance, Avoidance, Transference (Cybersecurity insurance), Mitigation) •        Risk analysis (Risk register, Risk matrix/heat map, Risk control assessment, Risk control self-assessment, Risk awareness, Inherent risk, Residual risk, Control risk, Risk appetite, • Risk assessment types (Qualitative, Quantitative) •        Likelihood of occurrence, Impact, Asset value, Single loss expectancy (SLE), Annualized loss expectancy (ALE), Annualized rate of occurrence (ARO)

As a security professional, you need to be aware of the different security issues associated with threats, vulnerabilities, risks, and the tools available to combat them. This chapter digs into risk management concepts, including risk assessment methods. You’ll learn about vulnerability scanners and penetration testers, including key differences between them. This chapter also covers some specific tools used to assess networks and manage risks.