1.7

Question 1

Is the practice of proactively searching for cyber threats that are inside a network yet remain undetected.

Answer 1

Threat hunting

Question 2

______________ involves integrating multiple sources of threat intelligence to produce actionable insights and enhance situational awareness for cybersecurity operations.

Answer 2

Intelligence fusion

Question 3

Are streams of curated threat intelligence data

Answer 3

Threat feeds

Question 4

Are published sets of information from partners, such as security vendors, industry groups, the government, information-sharing groups, and other sources of information.

Answer 4

Advisories and bulletins

Question 5

Refers to the strategic movement or actions taken by attackers to exploit vulnerabilities, evade detection, or achieve their objectives within a target network or system.

Answer 5

Maneuver

Question 6

Are automated assessments conducted to assess security vulnerabilities present in systems.

Answer 6

Vulnerability scans

Question 7

Are instances where a security tool incorrectly identifies benign or legitimate activity as malicious or suspicious.

Answer 7

False positives

Question 8

Are instances where a security tool fails to detect genuine security threats or malicious activity, thereby allowing them to go undetected.

Answer 8

False negatives

Question 9

Involve analyzing log files generated by systems, applications, or network devices to identify security incidents, anomalies, or unauthorized activities.

Answer 9

Log reviews

Question 10

Accessing systems, devices, or applications using valid authentication credentials, to perform authorized actions or operations.

Answer 10

Credentialed

Question 11

Refers to accessing systems, devices, or applications without using valid authentication credentials.

Answer 11

non-credentialed

Question 12

Security assessments that involve actively probing, scanning, or interacting with systems, networks, or applications to identify vulnerabilities. May include penetration testing, vulnerability scanning, and other active reconnaissance techniques.

Answer 12

Intrusive

Question 13

Security assessments that involve passive observation, analysis, or monitoring of systems, networks, or applications without directly interacting with them. Aim to assess security posture without disrupting normal operations or risking system stability.

Answer 13

non-intrusive

Question 14

Is a standardized list of publicly known cybersecurity vulnerabilities identified by the MITRE Corporation. Each entry includes a unique identifier, description, and references to affected products or systems.

Answer 14

Common Vulnerabilities and
Exposures (CVE)

Question 15

Is a scoring system used to assess the severity of vulnerabilities based on various factors such as exploitability, impact, and complexity.

Answer 15

Common
Vulnerability Scoring System (CVSS)

Question 16

Involves evaluating the configuration settings of systems, devices, or applications to identify security weaknesses, misconfigurations, or deviations from best practices. Help ensure that systems are properly configured to minimize security risks and comply with security policies.

Answer 16

Configuration review

Question 17

Is a standard protocol used for sending and receiving log messages from network devices, servers, and applications.

Answer 17

Syslog

Question 18

Are applications that collect, aggregate, and analyze log data from various sources to provide real-time monitoring, threat detection, and incident response capabilities in cybersecurity operations.

Answer 18

Security information and
event management (SIEM)

Question 19

Also known as packet sniffing or network traffic analysis, involves capturing and analyzing network packets transmitted over a network.

Answer 19

Packet capture

Question 20

Is a cybersecurity technique that involves monitoring and analyzing user activities, behaviors, and patterns to detect anomalies, insider threats, and suspicious behavior indicative of security incidents.

Answer 20

User behavior analysis

Question 21

Is a cybersecurity technique that involves analyzing text data, such as social media posts, emails, or customer reviews, to determine the opinions, or attitudes expressed by individuals or groups.

Answer 21

Sentiment analysis

Question 22

Involves continuously monitoring and analyzing systems, networks, and data for signs of security threats, vulnerabilities, or unauthorized activities.

Answer 22

Security monitoring

Question 23

Is the process of combining logs together.

Answer 23

Log aggregation

Question 24

Are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a SIEM.

Answer 24

Log collectors

Question 25

Are systems that take SIEM data as well as data from other sources and assist in the creation of runbooks and playbooks.

Answer 25

Security orchestration,
automation, and response (SOAR)