Section 1: Conceptual Quiz

30:00

Instructions: Answer all 8 questions within 30 minutes. The quiz will auto-submit when time expires. Questions include multiple choice, true/false, and short answer formats.

Question 1 (3 points) - Multiple Choice

What does CVSS stand for and why is it critical in vulnerability triage?

Common Vulnerability Scoring System - provides standardized risk assessment

Cyber Vulnerability Security Standard - ensures compliance requirements

Critical Vulnerability Scanning Service - automates threat detection

Common Vector Security Score - measures attack complexity

Question 2 (3 points) - Multiple Choice

Which three vulnerabilities are part of the OWASP Top 10 2021?

SQL Injection, XSS, CSRF

Broken Access Control, Cryptographic Failures, Injection

Buffer Overflow, Race Conditions, Memory Leaks

DDoS, Phishing, Social Engineering

Question 3 (3 points) - Multiple Choice

What is a "public bucket" in AWS S3 and what is its risk level?

A bucket with read-only access - Low risk

A bucket accessible to the internet without authentication - High risk

A bucket shared between AWS accounts - Medium risk

A bucket with public encryption keys - Low risk

Question 4 (3 points) - Multiple Choice

Which scanning tool is primarily used for web application vulnerability assessment?

Nmap

Wireshark

OWASP ZAP

Metasploit

Question 5 (3 points) - True/False

DNS reputation analysis can help identify command and control (C2) communications.

True

False

Question 6 (3 points) - True/False

Cloud misconfigurations are typically identified through network traffic analysis.

True

False

Question 7 (4 points) - Short Answer

List three key components that should be included in a vulnerability assessment report.

Hint: Consider executive summary, risk assessment, findings, remediation, etc.

Question 8 (3 points) - Short Answer

Explain the difference between vulnerability scanning and penetration testing.

Hint: Consider automation, scope, depth, and objectives.