Bash, the Crucial Exams Chat Bot
AI Bot
Vulnerability Assessment Tools and Analysis Flashcards
CompTIA PenTest+ PT0-002 Flashcards
Study our Vulnerability Assessment Tools and Analysis flashcards for the CompTIA PenTest+ PT0-002 exam with 10+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| How do you validate a false positive? | Verify the vulnerability details against real-world exploitation or vendor documentation. |
| Name a common manual vulnerability discovery technique | Manual inspection such as reviewing code or configuration settings. |
| What does risk-based prioritization mean? | Assigning fix priority based on impact and likelihood of exploitation. |
| What is a false positive in vulnerability assessment? | A flagged issue that appears to be a vulnerability but isn't actually exploitable. |
| What is an advantage of using OpenVAS? | OpenVAS is open source, making it highly configurable and cost-effective. |
| What is CVSS? | The Common Vulnerability Scoring System for quantifying severity. |
| What is Nessus used for? | Nessus is a vulnerability scanner that identifies security flaws in an environment. |
| What is the benefit of combining automated and manual techniques? | It ensures comprehensive coverage of both known and unique vulnerabilities. |
| Which scanning approach is used by Qualys? | Qualys uses cloud-based scanning with an extensive vulnerability database. |
| Why is vulnerability classification important? | It helps categorize and prioritize vulnerabilities based on severity. |