CSS CSS Vulnerability Management & Penetration Testing

Question 1

What does the Common Vulnerability Scoring System (CVSS) measure?

Accepted Answer

The severity of security vulnerabilities using a standardized numerical score from 0 to 10

Answer

CVSS assigns numerical scores to vulnerabilities based on metrics such as attack vector, complexity, privileges required, and impact, enabling consistent prioritization.

Question 2

What is the difference between a vulnerability scan and a penetration test?

Accepted Answer

A vulnerability scan identifies known weaknesses automatically; a penetration test actively attempts to exploit them

Answer

Vulnerability scanning uses automated tools to identify potential weaknesses, while penetration testing involves skilled professionals who attempt to exploit those weaknesses to assess real impact.

Question 3

What is a zero-day vulnerability?

Accepted Answer

A vulnerability that is unknown to the software vendor and has no available patch

Answer

A zero-day vulnerability is one that the vendor is unaware of, meaning there are zero days between discovery and exploitation — no patch exists yet.

Question 4

Which penetration testing phase involves gathering information about the target without directly interacting with its systems?

Accepted Answer

Passive reconnaissance

Answer

Passive reconnaissance collects publicly available information (OSINT) about the target without sending any traffic to its systems, making it harder to detect.

Question 5

What is the purpose of patch management in vulnerability management?

Accepted Answer

Systematically identifies, tests, and deploys software updates to remediate known vulnerabilities

Answer

Patch management reduces the attack surface by ensuring that known vulnerabilities in software and firmware are remediated in a timely, tested manner.

(CSS) Certified Security Sentinel Practice Test

(CSS) Certified Security Sentinel Practice Test

CSS CSS Vulnerability Management & Penetration Testing