1.7 Summarize the techniques used in security assessments

Question 1

What is Threat hunting?

Answer 1

Threat hunting is a proactive security technique focused on identifying and mitigating advanced threats and adversaries within an organization’s network by continuously searching for indicators of compromise or suspicious activities.

Question 2

What term describes the proactive identification and mitigation of advanced threats within a network?

Answer 2

Threat hunting

Question 3

What is Intelligence fusion?

Answer 3

Intelligence fusion is the process of integrating and analyzing data from multiple sources, such as open-source intelligence (OSINT), closed sources, and internal data, to produce actionable insights and intelligence for cybersecurity decision-making.

Question 4

What term describes the integration and analysis of data from various sources to produce actionable insights?

Answer 4

Intelligence fusion

Question 5

What are Threat feeds?

Answer 5

Threat feeds are streams of curated cybersecurity data, such as indicators of compromise (IOCs), threat intelligence reports, or security advisories, provided by external sources to help organizations detect, prevent, and respond to security threats.

Question 6

What term describes streams of curated cybersecurity data provided by external sources?

Answer 6

Threat feeds

Question 7

What are Advisories and bulletins?

Answer 7

Advisories and bulletins are official communications issued by cybersecurity organizations, vendors, or authorities to inform the public about security vulnerabilities, threats, patches, or best practices to protect against emerging risks and attacks.

Question 8

What term describes official communications about security vulnerabilities, threats, or patches?

Answer 8

Advisories and bulletins

Question 9

What is Maneuver in security assessments?

Answer 9

Maneuver refers to the actions taken by attackers or defenders during security assessments to gain or maintain control over systems, networks, or data, often involving tactics such as lateral movement, privilege escalation, or data exfiltration.

Question 10

What term describes actions taken by attackers or defenders to gain control during security assessments?

Answer 10

Maneuver

Question 11

What are Vulnerability scans?

Answer 11

Vulnerability scans are automated or manual assessments conducted to identify security vulnerabilities, misconfigurations, or weaknesses in systems, applications, or networks, helping organizations prioritize and remediate potential risks.

Question 12

What term describes assessments conducted to identify security vulnerabilities in systems or networks?

Answer 12

Vulnerability scans

Question 13

What are False positives in security assessments?

Answer 13

False positives are incorrect or erroneous alerts, findings, or indications generated by security tools or assessments, mistakenly identifying benign activities or normal behavior as malicious or indicative of a security threat.

Question 14

What term describes incorrect alerts or findings mistakenly identifying benign activities as security threats?

Answer 14

False positives

Question 15

What are False negatives in security assessments?

Answer 15

False negatives are security incidents, threats, or vulnerabilities that are missed or undetected by security tools or assessments, failing to identify actual malicious activities or risks, which may lead to security breaches or compromise.

Question 16

What term describes missed security incidents or vulnerabilities in security assessments?

Answer 16

False negatives

Question 17

What are Log reviews in security assessments?

Answer 17

Log reviews involve analyzing logs and audit trails generated by systems, applications, or networks to identify abnormal or suspicious activities, unauthorized access attempts, or potential security breaches, aiding in incident detection and response.

Question 18

What term describes analyzing logs to identify abnormal or suspicious activities in security assessments?

Answer 18

Log reviews

Question 19

What is the difference between credentialed and non-credentialed scans?

Answer 19

Credentialed scans use privileged credentials or access rights to assess systems and applications comprehensively, while non-credentialed scans are conducted without such access, providing limited visibility and potentially missing certain vulnerabilities or misconfigurations.

Question 20

What are Intrusive and non-intrusive assessments?

Answer 20

Intrusive assessments involve actively probing, testing, or exploiting systems, networks, or applications to identify vulnerabilities or security weaknesses. Non-intrusive assessments, on the other hand, rely on passive observation, analysis, or review of systems without actively engaging or disrupting them.

Question 21

What terms describe assessment methods involving active probing and passive observation, respectively?

Answer 21

Intrusive and non-intrusive assessments

Question 22

What is an Application security assessment?

Answer 22

An Application security assessment is a systematic evaluation of software applications to identify and mitigate security risks, vulnerabilities, or weaknesses that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or functionality.

Question 23

What term describes the evaluation of software applications to identify security risks or vulnerabilities?

Answer 23

Application security assessment

Question 24

What is a Web application security assessment?

Answer 24

A Web application security assessment is a specialized form of application security assessment focused on evaluating the security posture of web-based applications, including websites, web services, and web APIs, to identify and remediate vulnerabilities or weaknesses.

Question 25

What term describes the evaluation of security in web-based applications such as websites or web services?

Answer 25

Web application security assessment

Question 26

What is a Network security assessment?

Answer 26

A Network security assessment is an evaluation of an organization’s network infrastructure, architecture, and security controls to identify vulnerabilities, misconfigurations, or weaknesses that could be exploited by attackers to gain unauthorized access or disrupt operations.

Question 27

What term describes the evaluation of an organization’s network infrastructure and security controls?

Answer 27

Network security assessment

Question 28

What are CVE and CVSS?

Answer 28

CVE (Common Vulnerabilities and Exposures) is a dictionary of publicly known information security vulnerabilities and exposures, while CVSS (Common Vulnerability Scoring System) is a standardized framework for assessing and rating the severity of vulnerabilities based on their characteristics and potential impact.

Question 29

What terms describe a dictionary of security vulnerabilities and a framework for rating their severity?

Answer 29

CVE and CVSS

Question 30

What is a Configuration review in security assessments?

Answer 30

A Configuration review involves examining and analyzing the settings, configurations, and parameters of systems, applications, or networks to ensure they align with security best practices, policies, or industry standards and to identify any deviations or weaknesses that could pose security risks.

Question 31

What term describes the examination of system or network settings to ensure alignment with security best practices?

Answer 31

Configuration review

Question 32

What is Syslog/Security information and event management (SIEM)?

Answer 32

Syslog is a standard protocol for logging and transmitting event messages within a network, while SIEM (Security Information and Event Management) is a comprehensive approach to security management that combines real-time monitoring, event correlation, and incident response capabilities.

Question 33

What terms describe a logging protocol and a comprehensive security management approach?

Answer 33

Syslog and SIEM

Question 34

What are Review reports in security assessments?

Answer 34

Review reports are detailed documents or summaries produced as part of security assessments, audits, or evaluations, providing findings, recommendations, and remediation steps based on the analysis of vulnerabilities, risks, or security controls.

Question 35

What term describes detailed documents providing findings and recommendations from security assessments?

Answer 35

Review reports

Question 36

What is Packet capture in security assessments?

Answer 36

Packet capture, also known as packet sniffing or network sniffing, is the process of intercepting and logging data packets flowing through a network for analysis, monitoring, or troubleshooting purposes, allowing security analysts to inspect network traffic and identify security threats or anomalies.

Question 37

What term describes the process of intercepting and logging network traffic for analysis or monitoring?

Answer 37

Packet capture

Question 38

What are Data inputs in security assessments?

Answer 38

Data inputs in security assessments refer to the information, events, or data sources used for analysis, monitoring, or detection of security threats, vulnerabilities, or suspicious activities within an organization’s network, systems, or applications.

Question 39

What term describes the information or data sources used for security analysis or monitoring?

Answer 39

Data inputs

Question 40

What is User behavior analysis in security monitoring?

Answer 40

User behavior analysis in security monitoring involves the systematic analysis and interpretation of user activities, actions, or patterns within a network or system to detect anomalies, identify insider threats, or prevent unauthorized access or data breaches.

Question 41

What term describes the systematic analysis of user activities to detect anomalies or insider threats?

Answer 41

User behavior analysis

Question 42

What is Sentiment analysis in security monitoring?

Answer 42

Sentiment analysis in security monitoring is the process of analyzing textual data, such as social media posts, emails, or chat logs, to assess the sentiment, tone, or emotions expressed within the content, helping to identify potential security threats or public perception.

Question 43

What term describes the analysis of sentiment or emotions expressed in textual data?

Answer 43

Sentiment analysis

Question 44

What is Security monitoring?

Answer 44

Security monitoring is the continuous observation, analysis, and assessment of an organization’s systems, networks, or digital assets to detect and respond to security threats, suspicious activities, or unauthorized access attempts in real-time or near real-time.

Question 45

What term describes continuous observation and analysis of systems to detect security threats?

Answer 45

Security monitoring

Question 46

What is Log aggregation in security operations?

Answer 46

Log aggregation is the process of collecting, consolidating, and centralizing log data from various sources, such as systems, applications, or network devices, into a unified platform or repository for analysis, correlation, and monitoring in security operations.

Question 47

What term describes the process of collecting and centralizing log data from multiple sources?

Answer 47

Log aggregation

Question 48

What are Log collectors in security monitoring?

Answer 48

Log collectors are software or systems designed to gather, parse, and forward log data generated by devices, applications, or systems within an organization’s network to centralized log management or analysis tools for monitoring, analysis, or incident response purposes.

Question 49

What term describes software or systems used to gather and forward log data for centralized analysis?

Answer 49

Log collectors

Question 50

What is SOAR in cybersecurity operations?

Answer 50

SOAR (Security Orchestration, Automation, and Response) is a comprehensive approach to cybersecurity operations that integrates security tools, processes, and workflows to streamline incident response, automate repetitive tasks, and orchestrate security actions across an organization’s infrastructure.

Question 51

What term describes the integration of security tools and automation to streamline incident response?

Answer 51

Security Orchestration, Automation, and Response (SOAR)