1.7 Summarize the techniques used in security assessments.

Question 1

Threat hunting

Answer 1

Activity of seeking to identify new threats
-A proactive search through IoCs, log files, or other observables to locate malware or intruders lurking on a system

Question 2

Intelligence fusion

Answer 2

Combination of local logs w/multi sources of threat intel integrated into a useful analysis or report

Question 3

Threat feeds

Answer 3

Sources of info about attacks and exploits

Question 4

Advisories and bulletins

Answer 4

Published by vendors, threat intel services, and other security focused orgs

Question 5

Maneuver

Answer 5

Considering the parameters of an attack to gain better understanding through adjusting focus, sensor location, or analysis perspective

Question 6

Vulnerability scans

Answer 6

Used to discover weaknesses in deployed security systems to improve or repair them before a breach occurs

Question 7

Common Vulnerabilities and Exposures (CVE) / Common Vulnerability Scoring System (CVSS)

Answer 7

Led by NIST

CVE Assigns identifiers to publicly known system vulnerabilities to be used for cross-link and cross-referencing purposes

Question 8

Syslog/Security information and event management (SIEM)

Answer 8

A centralized application to automate monitoring of network systems

Question 9

Sentiment analysis

Answer 9

Concept of analyzing text info for context and context to identify and extract subjective information

Question 10

Security orchestration, automation, and response (SOAR)

Answer 10

Collection of software solutions that can automate process of collecting and analyzing log and real-time data, evaluate it, then trigger response to low and mid-level security issues w/no need for human involvement