SN VR Module 2 Content 19 Questions with Verified Answers
National Vuln Database (NVD) - CORRECT ANSWER From the NIST and used to collect info on
... [Show More] vulns
The main vuln XML feed provides.... - CORRECT ANSWER Common Vulnerabilites and Exposure (CVE) data organized by the first four digits of a CVE identifier
NVD feeds are only updated.... - CORRECT ANSWER when modifications to entries change.
Common Weakness Enumeration (CWE) - CORRECT ANSWER community developed list of common software security weaknesses
When a CVE_ID matches a recorded CI in SN.... - CORRECT ANSWER a vulnerable item (VIT) is created. information in the CVE-ID is used to escalate the VIT
CVE ID - CORRECT ANSWER CVE name associated with the vulnerability. Common vulnerabilities and exposures
Vulnerable Item (VIT) - CORRECT ANSWER the vulernability as it relates to a specific Configuration Item (CI). A VIT can't exist without a CI
Vulnerability Groups - CORRECT ANSWER Used to group one of more vulnerable items
Vuln groups group VITs based on: - CORRECT ANSWER Vulernability (CVE Number)
Specific Conditions
pre-defined Filter Group
SN VR can ingest how my vulns at what rate? - CORRECT ANSWER 1.8 -2.4 million vulns per day
Depends on instance size:
XL - > 1,000,000
XXL 1-2.5 million
Ultra: 2.5 million +
Popular Scan tool: - CORRECT ANSWER Qualys. Partnered with SN to build a plugin supported by SN
Qualys Plugin Overview - CORRECT ANSWER synchronizes Quals IT asset disoceyr and classification with SN CMDB. Auto updates SN CMDB with assets discovered and up-to-date info
Qualys uses - CORRECT ANSWER maps vulns to configuration items and business services within SN.
Scheduled jobs that query and load scans to SN
QID - CORRECT ANSWER unique Qualys ID assigned to a vuln for vuln definition. Put in the third-party Vulnerability Entires Table [sn_vul_third_party_entry]
third-party Vulnerability Entires Table [sn_vul_third_party_entry] extends from: - CORRECT ANSWER the Vulnerability Table. contains fields tha are not in this table as well.
Customization Recommendations for Qualys integration - CORRECT ANSWER Insert CIs into a separate class
Log instead of updating existing CIs
Customization: Insert CIs into a separate class - CORRECT ANSWER new Qualys created CIs can be steered and populated during the Qualys Host Transform
Customization: Log instaed of Updating CIs - CORRECT ANSWER instead of allowing Qualys to update CMDB CIs, you can ignore the update and log the updates for later review
Asset Tagging - CORRECT ANSWER can be applied with Qualys to separate custom related table for the CI for additional reporting [Show Less]