1.5 Explain different threat actors, vectors, and intelligence sources

Question 1

What are Actors and threats?

Answer 1

Actors and threats refer to the various entities and risks that can compromise the security of a system or organization, including individuals, groups, and malicious activities.

Question 2

What term describes the various entities and risks that can compromise the security of a system or organization?

Answer 2

Actors and threats

Question 3

What is an Advanced persistent threat (APT)?

Answer 3

An Advanced persistent threat (APT) is a sophisticated and stealthy cyber attack carried out by highly skilled threat actors over an extended period, often targeting specific organizations or industries.

Question 4

What term describes a sophisticated and stealthy cyber attack carried out by highly skilled threat actors over an extended period?

Answer 4

Advanced persistent threat (APT)

Question 5

What are Insider threats?

Answer 5

Insider threats are security risks posed by individuals within an organization who misuse their access, knowledge, or privileges to compromise the organization’s security or data.

Question 6

What term describes security risks posed by individuals within an organization who misuse their access or privileges?

Answer 6

Insider threats

Question 7

What are State actors?

Answer 7

State actors are government-sponsored or affiliated entities that conduct cyber operations for political, economic, or military purposes, often targeting other nations or organizations.

Question 8

What term describes government-sponsored or affiliated entities conducting cyber operations for political or military purposes?

Answer 8

State actors

Question 9

What are Hacktivists?

Answer 9

Hacktivists are individuals or groups who use hacking techniques for politically or socially motivated purposes, such as activism, protest, or ideological advocacy.

Question 10

What term describes individuals or groups who use hacking techniques for politically or socially motivated purposes?

Answer 10

Hacktivists

Question 11

What are Script kiddies?

Answer 11

Script kiddies are individuals with limited technical skills who use pre-packaged hacking tools or scripts to conduct cyber attacks without understanding the underlying technology or vulnerabilities.

Question 12

What term describes individuals with limited technical skills who use pre-packaged hacking tools to conduct cyber attacks?

Answer 12

Script kiddies

Question 13

What are Criminal syndicates?

Answer 13

Criminal syndicates are organized groups engaged in illegal activities, including cybercrime, such as hacking, identity theft, fraud, and other financially motivated offenses.

Question 14

What term describes organized groups engaged in illegal activities, including cybercrime?

Answer 14

Criminal syndicates

Question 15

What are Hackers?

Answer 15

Hackers are individuals with advanced technical skills who use their knowledge to penetrate computer systems or networks for various purposes, including security testing, activism, or criminal activities.

Question 16

What term describes individuals with advanced technical skills who penetrate computer systems for various purposes?

Answer 16

Hackers

Question 17

What is Authorized access?

Answer 17

Authorized access refers to permissions granted to users or entities to access specific resources or perform certain actions within a system or organization, based on their roles or privileges.

Question 18

What term describes permissions granted to users or entities to access specific resources within a system?

Answer 18

Authorized access

Question 19

What is Unauthorized access?

Answer 19

Unauthorized access refers to attempts to gain access to resources or systems without proper authorization or permission, often constituting a security breach or violation of policies.

Question 20

What term describes attempts to gain access to resources or systems without proper authorization?

Answer 20

Unauthorized access

Question 21

What is Semiauthorized access?

Answer 21

Semiauthorized access refers to access granted to users or entities beyond their normal privileges or roles, often resulting from misconfigurations, vulnerabilities, or exploitation of access controls.

Question 22

What term describes access granted to users beyond their normal privileges or roles?

Answer 22

Semiauthorized access

Question 23

What is Shadow IT?

Answer 23

Shadow IT refers to the use of unauthorized or unapproved hardware, software, or services within an organization, often by individual employees or departments without oversight or IT approval.

Question 24

What term describes the use of unauthorized or unapproved hardware, software, or services within an organization?

Answer 24

Shadow IT

Question 25

What are Competitors?

Answer 25

Competitors are rival individuals, companies, or organizations operating in the same market or industry, who may engage in espionage, cyber attacks, or other tactics to gain competitive advantage.

Question 26

What term describes rival individuals, companies, or organizations operating in the same market?

Answer 26

Competitors

Question 27

What are Attributes of actors?

Answer 27

Attributes of actors refer to the characteristics or traits associated with individuals, groups, or entities involved in cyber threats or attacks, including their internal/external nature, sophistication, resources, and motivations.

Question 28

What term describes the characteristics associated with individuals, groups, or entities involved in cyber threats?

Answer 28

Attributes of actors

Question 29

What is Internal/external?

Answer 29

Internal/external refers to whether an actor operates from within the target organization or externally, often influencing their level of access, visibility, and potential impact.

Question 30

What term describes whether an actor operates from within the target organization or externally?

Answer 30

Internal/external

Question 31

What is Level of sophistication/capability?

Answer 31

Level of sophistication/capability refers to the technical expertise, skills, and resources possessed by threat actors, influencing their ability to carry out complex or advanced cyber attacks.

Question 32

What term describes the technical expertise and resources possessed by threat actors?

Answer 32

Level of sophistication/capability

Question 33

What are Resources/funding?

Answer 33

Resources/funding refers to the financial, technological, or human resources available to threat actors to conduct cyber attacks, influencing the scale, scope, and effectiveness of their operations.

Question 34

What term describes the financial, technological, or human resources available to threat actors?

Answer 34

Resources/funding

Question 35

What is Intent/motivation?

Answer 35

Intent/motivation refers to the goals, objectives, or reasons driving the actions of threat actors, such as financial gain, political ideology, espionage, sabotage, or revenge.

Question 36

What term describes the goals or reasons driving the actions of threat actors?

Answer 36

Intent/motivation

Question 37

What are Vectors?

Answer 37

Vectors refer to the different methods or pathways used by threat actors to launch cyber attacks or infiltrate target systems, including direct access, wireless, email, and social engineering.

Question 38

What term describes the methods or pathways used by threat actors to launch cyber attacks?

Answer 38

Vectors

Question 39

What is Direct access?

Answer 39

Direct access is a cyber attack vector where threat actors gain physical or remote access to a system, network, or device without intermediaries or additional steps.

Question 40

What term describes gaining access to a system without intermediaries or additional steps?

Answer 40

Direct access

Question 41

What is Wireless?

Answer 41

Wireless is a cyber attack vector that exploits vulnerabilities in wireless networks, devices, or protocols to gain unauthorized access, intercept data, or launch attacks.

Question 42

What term describes exploiting vulnerabilities in wireless networks or devices to gain unauthorized access?

Answer 42

Wireless

Question 43

What is Email?

Answer 43

Email is a cyber attack vector that involves the use of malicious emails or attachments to deliver malware, phishing scams, or other threats to individuals or organizations.

Question 44

What term describes the use of malicious emails or attachments to deliver threats?

Answer 44

Email

Question 45

What is Supply chain?

Answer 45

Supply chain is a cyber attack vector where threat actors target third-party suppliers, vendors, or service providers to compromise the security of products, services, or infrastructure used by the target organization.

Question 46

What term describes targeting third-party suppliers to compromise the security of products or services?

Answer 46

Supply chain

Question 47

What is Social media?

Answer 47

Social media is a cyber attack vector where threat actors exploit social networking platforms or communication channels to spread misinformation, launch phishing attacks, or manipulate public opinion.

Question 48

What term describes exploiting social networking platforms to spread misinformation or launch attacks?

Answer 48

Social media

Question 49

What is Removable media?

Answer 49

Removable media is a cyber attack vector involving the use of USB drives, CDs, or other portable storage devices to introduce malware, steal data, or compromise systems when connected to computers or networks.

Question 50

What term describes using USB drives or portable storage devices to introduce malware?

Answer 50

Removable media

Question 51

What is Cloud?

Answer 51

Cloud is a cyber attack vector where threat actors target cloud computing platforms, services, or applications to exploit misconfigurations, vulnerabilities, or weak access controls, compromising data or resources.

Question 52

What term describes targeting cloud computing platforms to exploit vulnerabilities or weak access controls?

Answer 52

Cloud

Question 53

What are Threat intelligence sources?

Answer 53

Threat intelligence sources refer to the various repositories, databases, or platforms that provide information and insights about cyber threats, adversaries, vulnerabilities, and mitigation strategies.

Question 54

What term describes repositories or platforms providing information about cyber threats and adversaries?

Answer 54

Threat intelligence sources

Question 55

What is Opensource intelligence (OSINT)?

Answer 55

Opensource intelligence (OSINT) is publicly available information collected from open sources such as websites, social media, forums, or public records, used for threat analysis and intelligence gathering.

Question 56

What term describes publicly available information collected from open sources for threat analysis?

Answer 56

Opensource intelligence (OSINT)

Question 57

What is Closed/proprietary?

Answer 57

Closed/proprietary refers to threat intelligence sources that are restricted, confidential, or proprietary, typically available only to authorized users or subscribers.

Question 58

What term describes restricted or confidential threat intelligence sources?

Answer 58

Closed/proprietary

Question 59

What are Vulnerability databases?

Answer 59

Vulnerability databases are repositories of known vulnerabilities in software, hardware, or systems, providing information about weaknesses that can be exploited by threat actors.

Question 60

What term describes repositories of known weaknesses in software, hardware, or systems?

Answer 60

Vulnerability databases

Question 61

What are Public/private information-sharing centers?

Answer 61

Public/private information-sharing centers are organizations or platforms where stakeholders share information, intelligence, or insights about cyber threats, vulnerabilities, and incidents to improve collective defense.

Question 62

What term describes organizations or platforms for sharing information about cyber threats and vulnerabilities?

Answer 62

Public/private information-sharing centers

Question 63

What is Dark web?

Answer 63

Dark web is a part of the internet that is not indexed by search engines and is often used for illicit activities, including the buying and selling of stolen data, hacking tools, or other illegal goods and services.

Question 64

What term describes the part of the internet used for illicit activities and not indexed by search engines?

Answer 64

Dark web

Question 65

What are Indicators of compromise?

Answer 65

Indicators of compromise (IoCs) are signs or evidence indicating that a system or network has been breached or compromised, including unusual activities, behaviors, or artifacts left by attackers.

Question 66

What term describes signs indicating that a system or network has been breached or compromised?

Answer 66

Indicators of compromise

Question 67

What is Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)?

Answer 67

Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII) is a standardized framework for exchanging threat intelligence, including IoCs, among security communities and organizations.

Question 68

What term describes a standardized framework for exchanging threat intelligence, including IoCs, among security communities?

Answer 68

Automated Indicator Sharing (AIS): Structured Threat Information eXpression (STIX)/Trusted Automated eXchange of Intelligence Information (TAXII)

Question 69

What is Predictive analysis?

Answer 69

Predictive analysis is the process of using data, statistical algorithms, and machine learning techniques to forecast future events or behaviors, such as identifying potential cyber threats or attacks.

Question 70

What term describes using data and algorithms to forecast future events or behaviors, such as cyber threats?

Answer 70

Predictive analysis

Question 71

What are Threat maps?

Answer 71

Threat maps are visual representations of cyber threats, attacks, or vulnerabilities, often displayed geographically or in real-time, to provide situational awareness and threat intelligence.

Question 72

What term describes visual representations of cyber threats or attacks, often displayed geographically?

Answer 72

Threat maps

Question 73

What are File/code repositories?

Answer 73

File/code repositories are platforms or databases used to store, manage, and share source code, scripts, or executable files, often targeted by threat actors for reconnaissance or exploitation.

Question 74

What term describes platforms used to store and share source code or executable files?

Answer 74

File/code repositories

Question 75

What are Research sources?

Answer 75

Research sources are academic journals, publications, or reports containing studies, analyses, or findings related to cybersecurity, threat intelligence, or emerging technologies.

Question 76

What term describes academic journals or reports containing studies related to cybersecurity?

Answer 76

Research sources

Question 77

What are Vendor websites?

Answer 77

Vendor websites are online platforms maintained by software or hardware vendors, providing information, updates, or patches for their products, often targeted by threat actors for vulnerabilities or exploits.

Question 78

What term describes online platforms providing information or updates for software products?

Answer 78

Vendor websites

Question 79

What are Vulnerability feeds?

Answer 79

Vulnerability feeds are subscription services or data streams delivering information about newly discovered vulnerabilities, patches, or security advisories to organizations or security tools.

Question 80

What term describes services delivering information about newly discovered vulnerabilities?

Answer 80

Vulnerability feeds

Question 81

What are Conferences?

Answer 81

Conferences are events, seminars, or summits where cybersecurity professionals, researchers, or experts gather to share knowledge, discuss trends, and present findings about cyber threats or defenses.

Question 82

What term describes events where cybersecurity professionals gather to discuss trends and present findings?

Answer 82

Conferences

Question 83

What are Academic journals?

Answer 83

Academic journals are scholarly publications containing research articles, studies, or analyses written by experts or researchers in the field of cybersecurity or related disciplines.

Question 84

What term describes scholarly publications containing research articles written by experts in cybersecurity?

Answer 84

Academic journals

Question 85

What are Request for comments (RFC)?

Answer 85

Request for comments (RFC) documents are publications containing technical specifications, standards, or proposals developed by Internet Engineering Task Force (IETF) working groups.

Question 86

What term describes documents containing technical specifications developed by Internet Engineering Task Force (IETF)?

Answer 86

Request for comments (RFC)

Question 87

What are Local industry groups?

Answer 87

Local industry groups are organizations or associations comprised of businesses, professionals, or experts within a specific geographic area or industry sector, often collaborating on cybersecurity initiatives or sharing threat intelligence.

Question 88

What term describes organizations comprised of businesses collaborating on cybersecurity initiatives?

Answer 88

Local industry groups

Question 89

What is Social media?

Answer 89

Social media is a cyber attack vector where threat actors exploit social networking platforms or communication channels to spread misinformation, launch phishing attacks, or manipulate public opinion.

Question 90

What term describes exploiting social networking platforms to spread misinformation or launch attacks?

Answer 90

Social media

Question 91

What are Threat feeds?

Answer 91

Threat feeds are data streams or services providing real-time information about cyber threats, vulnerabilities, or malicious activities, often used by security teams for threat detection and analysis.

Question 92

What term describes services providing real-time information about cyber threats?

Answer 92

Threat feeds

Question 93

What are Adversary tactics, techniques, and procedures (TTP)?

Answer 93

Adversary tactics, techniques, and procedures (TTP) refer to the methods, tools, and behaviors used by threat actors to achieve their objectives during cyber attacks, including reconnaissance, infiltration, and exploitation.

Question 94

What term describes the methods or behaviors used by threat actors to achieve their objectives during cyber attacks?

Answer 94

Adversary tactics, techniques, and procedures (TTP)