A networking administrator was recently promoted to security administrator in an organization that handles highly sensitive data. The Chief Information Security
Officer (CISO) has just asked for all IT security personnel to review a zero-day vulnerability and exploit for specific application servers to help mitigate the organization’s exposure to that risk. Which of the following should the new security administrator review to gain more information? (Choose three.)
A. CVE database
B. Recent security industry conferences
C. Security vendor pages
D. Known vendor threat models
E. Secure routing metrics
F. Server’s vendor documentation
G. Verified security forums
H. NetFlow analytics
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
ACG Zero-day vulnerability is unknown and new.
A. CVE database (maybe… if it’s here, it’s not zero day… n-day or with a proper name)
B. Recent security industry conferences (no too stale)
C. Security vendor pages (Yes vendor could disclose new findings)
D. Known vendor threat models (Known… zero-day is unknown)
E. Secure routing metrics (how is this related???)
F. Server’s vendor documentation (documentation advertise all the good functions)
G. Verified security forums (yes could possibly be discussed here)
H. NetFlow analytics (zero-day has no signature to be analyzed. )
Did you pass?
A,C,G
A,C and G
If it is a zero-day vulnerability, it will not be described on CVE database. So, A is not a valid option.
I would go with C, D and G.
I am reviewing my answers before test and I was wrong here: there are some cases that you have a CVE and it is still a zero-day vulnerability. I would change my answer to A, C and G.
A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. These can exist in the CVE.