1.6

Question 1

are typically state-sponsored attackers that are highly skilled and well-funded, and can carry out long-term attacks to achieve specific goals and remain undetected

Answer 1

APT Advanced persistent threats

Question 2

Employees, contractors, or partners who have access to an organization’s systems or information and intentionally or accidentally misuse or disclose it

Answer 2

Insider Threats

Question 3

Government entities or military forces that use cyberattacks for political, military, or economic purposes

Answer 3

State Actors

Question 4

Activists or groups that use hacking techniques to promote a social or political cause or to protest against organizations or governments

Answer 4

Hacktivists

Question 5

Individuals with limited technical skills who use pre-existing tools or exploit code to launch simple attacks without understanding the underlying mechanisms

Answer 5

Script Kiddies

Question 6

Organized groups that conduct cyberattacks for financial gain, such as stealing sensitive information, ransomware attacks, or credit card fraud

Answer 6

Criminal Syndicates

Question 7

Employees or contractors who are authorized to conduct penetration testing, vulnerability assessments, or other security testing on behalf of an organization

Answer 7

Authorized Hackers

Question 8

Individuals or groups who conduct cyberattacks without permission or authority to do so, with the intent to gain access to sensitive data or cause harm to a system or network

Answer 8

Unauthorized Hackers

Question 9

Individuals who have some level of permission to access a system or network, but use this access to carry out unauthorized actions or to gain access to sensitive data

Answer 9

Semi-Authorized Hackers

Question 10

The use of unauthorized or unapproved applications or hardware by employees, which can pose a security risk if they are not properly secured or managed

Answer 10

Shadow IT

Question 11

Business rivals or competitors who may use cyberattacks to gain a competitive advantage or to disrupt the operations of their competitors

Answer 11

Competitors

Question 12

internal vs external

Answer 12

Internal actors are members of the organization, while external actors are not.

Question 13

This refers to the actor’s knowledge and capabilities in carrying out a security breach.

Answer 13

Level of Sophistication

Question 14

This refers to the actor’s access to financial resources, tools, and technology to facilitate a security breach.

Answer 14

Resources/Funding

Question 15

This refers to the reason or goal behind the actor’s attempt to breach the system’s security.

Answer 15

Intent/Motivation

Question 16

Attackers gain access to a system physically by bypassing or breaking through physical security measures.

Answer 16

Direct Access

Question 17

Attackers exploit vulnerabilities in wireless networks to gain unauthorized access to a system.

Answer 17

wireless

Question 18

Attackers use phishing or other social engineering techniques to gain access to a system through email.

Answer 18

email vulnerabilioty

Question 19

Attackers exploit vulnerabilities in the supply chain to gain access to a system by targeting third-party vendors.

Answer 19

supply chain

Question 20

Attackers use social media to gain access to a system through social engineering techniques or phishing attacks.

Answer 20

social media

Question 21

Attackers gain access to a system by introducing malware or other malicious code via removable media such as USB drives or CDs.

Answer 21

removable media

Question 22

cloud vulnberabilities

Answer 22

Attackers exploit vulnerabilities in cloud-based systems to gain unauthorized access to sensitive data.

Question 23

Publicly available information gathered from sources such as news articles, social media, or other online resources.

Answer 23

osint

Question 24

Intelligence sources that are available only to a specific organization or group and are not publicly available.

Answer 24

closed/propitery

Question 25

Publicly available databases of known vulnerabilities in hardware, software, and applications that can be used to identify potential threats.

Answer 25

Vulnerability Databases

Question 26

Organizations or groups that share information about threats and vulnerabilities among themselves and with trusted partners.

Answer 26

Public and Private Information Sharing Centers

Question 27

Part of the internet that is not indexed by traditional search engines, and is often used for illegal activities, including the sale of stolen data and tools for hacking.

Answer 27

Dark Web

Question 28

Specific pieces of data that are associated with a security breach or attack and can be used to identify the presence of a threat.

Answer 28

Indicators of Compromise (IOCs)

Question 29

Automated systems for sharing IOCs among organizations and partners to facilitate faster detection and response to threats.

Answer 29

Automated Indicator Sharing (AIS)

Question 30

A standard language for sharing threat intelligence that provides a consistent and structured format for organizing and exchanging threat information.

Answer 30

STIX (Structured Threat Information Expression)

Question 31

A protocol for exchanging IOCs and other threat intelligence that enables automated sharing and integration with security systems.

Answer 31

TAXII (Trusted Automated Exchange of Indicator Information)

Question 32

The use of historical data, statistical models, and machine learning algorithms to identify patterns and predict future security threats.

Answer 32

Predictive Analysis

Question 33

Visual representations of real-time or historical data that illustrate the geography and scope of cyber threats, such as the location and frequency of attacks.

Answer 33

Threat Maps

Question 34

Public or private repositories of code, software, or other files that may contain vulnerabilities or be used as tools for hacking.

Answer 34

File/Code Repositories

Question 35

Websites of software, hardware, and other technology vendors that provide information about products and services, including security updates, patches, and vulnerability disclosures.

Answer 35

Vendor Websites

Question 36

Feeds of information about newly discovered vulnerabilities in software, hardware, and other systems, which are often provided by vendors or other security researchers.

Answer 36

Vulnerability Feeds

Question 37

Events where security researchers, vendors, and other experts share information about emerging threats, best practices, and new technologies related to information security.

Answer 37

Conferences

Question 38

Peer-reviewed publications that provide in-depth research and analysis of topics related to information security, including trends, threats, and solutions.

Answer 38

Academic Journals

Question 39

Technical documents published by the Internet Engineering Task Force (IETF) that provide guidelines, standards, and recommendations for internet protocols and other networking technologies.

Answer 39

Request for Comments (RFCs)

Question 40

Organizations or groups of professionals who work in the same industry or geographic location, and who share information and collaborate on security-related issues.

Answer 40

Local Industry Groups

Question 41

Platforms such as Twitter, LinkedIn, and other social networks that are used by security professionals to share news, updates, and insights about emerging threats and best practices.

Answer 41

Social Media

Question 42

Real-time or near-real-time streams of information about threats, including indicators of compromise (IOCs) and other relevant data that can be used to identify and respond to potential threats.

Answer 42

Threat Feeds

Question 43

Information about the methods, tools, and techniques used by threat actors to carry out attacks, including information on specific threat groups, their motivations, and their preferred attack vectors.

Answer 43

Adversary Tactics, Techniques, and Procedures