SYO-601 EXAM WITH COMPLETE SOLUTIONS 100% CORRECT LATEST UPDATE (A+)

SYO-601 EXAM WITH COMPLETE SOLUTIONS 100%
CORRECT LATEST UPDATE (A+)


NIST - ANSWER National Institute of Standards and Technology



SCAP - ANSWER Security Content Automation Protocol

effort by the security community, with leadership from the National Institute of
Standards and Technology (NIST), to develop a standardized way of communicating
security-related information.



includes 6 standards CCE, CPE, CVE, CVSS, XCCDF, OVAL

Includes

CCE - ANSWER Common Configuration Enumeration

SCAP standard provides a standard nomenclature for discussing system configuration
issues

CPE - ANSWER Common Platform Enumeration

SCAP Standard provides a standard nomenclature for describing product names and
versions

CVE - ANSWER Common Vulnerabilities and Exposures

SCAP standard provides a standard nomenclature for describing security-related
software flaws

CVSS - ANSWER Common Vulnerability Scoring System



SCAP standard - defines a standardized way to measure and describe the severity of
security-related software flaws



XCCDF - ANSWER Extensible Configuration Checklist Description Format

,SCAP standard - checklists and the format for reporting checklist results are defined by
this language



OVAL - ANSWER Open Vulnerability Assessment Language



SCAP standard - the low-level testing done by checklists is defined by this language



Application scanning techniques - ANSWER static testing - code analysis without
executing the code



Dynamic testing: runs code as part of test - it runs all exposed interfaces



Interactive testing: is a mix between static/dynamic testing - source code is analyzed,
testers interactively work with exposed interfaces



XSS - ANSWER Cross-site scripting



It also allows an attacker to forward users to malicious websites and to pilfer cookies.
E-mail can contain an embedded HTML image object or JavaScript image tag as a part
of a malicious cross-site scripting attack. Websites avoid cross-site scripting attack
through the input validation mechanism that detects and blocks inputs, which may have
HTML and JavaScript tags in them. Many sites avoid using < and > characters to avoid
cross-site scripting.



CSRF - ANSWER Cross-site Request Forgery



an attack that forces an end user to execute unwanted actions on a web application in
which he/she is currently authenticated



CVSS metrics (8) - ANSWER Attack Vector Metric (AV)

Attack Complexity Metric (AC)

, Privileges Required Metric (PR)

User Interaction Metric (UI)

Confidentiality Metric (C)

Integrity Metric (I)

Availability Metric (A)

Scope Metric (S)



CVSS Attack Vector Metric - ANSWER describes how the attacker would exploit the
vulnerability



Physical (P) - The attacker must physically touch the vulnerable device. Local (L) - The
attacker must have either physical or logical access to the affected system. Adjacent
Network(A) - The attacker must be on the local network segment that the affected
system is connected to. Network (N) - The attacker can exploit the vulnerability remotely
across a network. CVSS Attack Complexity Metric - ANSWER describes the level of
difficulty to exploit the vulnerability.



High (H) - exploiting the vulnerability requires specialized conditions that would be
difficult to find

Low (L) - Exploiting the vulnerability does not require ant specialized conditions



CVSS Privileges Required Metric - ANSWER describes the type of account access that
an attacker would need to exploit a vulnerability



High (H) - attackers require admin privileges to conduct the attack

Low (L) - attackers require basic user privileges to conduct the attack

None (N) - attackers do not need to authenticate to exploit the vulnerability



CVSS User Interaction Metric - ANSWER says whether the attacker must convince
another human to perform some action(s) that assist in conducting the attack