1.7 Summarize the techniques used in security assessments Flashcards

1
Q

What is Threat hunting?

A

Threat hunting is a proactive security technique focused on identifying and mitigating advanced threats and adversaries within an organization’s network by continuously searching for indicators of compromise or suspicious activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What term describes the proactive identification and mitigation of advanced threats within a network?

A

Threat hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Intelligence fusion?

A

Intelligence fusion is the process of integrating and analyzing data from multiple sources, such as open-source intelligence (OSINT), closed sources, and internal data, to produce actionable insights and intelligence for cybersecurity decision-making.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What term describes the integration and analysis of data from various sources to produce actionable insights?

A

Intelligence fusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Threat feeds?

A

Threat feeds are streams of curated cybersecurity data, such as indicators of compromise (IOCs), threat intelligence reports, or security advisories, provided by external sources to help organizations detect, prevent, and respond to security threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What term describes streams of curated cybersecurity data provided by external sources?

A

Threat feeds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Advisories and bulletins?

A

Advisories and bulletins are official communications issued by cybersecurity organizations, vendors, or authorities to inform the public about security vulnerabilities, threats, patches, or best practices to protect against emerging risks and attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What term describes official communications about security vulnerabilities, threats, or patches?

A

Advisories and bulletins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Maneuver in security assessments?

A

Maneuver refers to the actions taken by attackers or defenders during security assessments to gain or maintain control over systems, networks, or data, often involving tactics such as lateral movement, privilege escalation, or data exfiltration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What term describes actions taken by attackers or defenders to gain control during security assessments?

A

Maneuver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Vulnerability scans?

A

Vulnerability scans are automated or manual assessments conducted to identify security vulnerabilities, misconfigurations, or weaknesses in systems, applications, or networks, helping organizations prioritize and remediate potential risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What term describes assessments conducted to identify security vulnerabilities in systems or networks?

A

Vulnerability scans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are False positives in security assessments?

A

False positives are incorrect or erroneous alerts, findings, or indications generated by security tools or assessments, mistakenly identifying benign activities or normal behavior as malicious or indicative of a security threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What term describes incorrect alerts or findings mistakenly identifying benign activities as security threats?

A

False positives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are False negatives in security assessments?

A

False negatives are security incidents, threats, or vulnerabilities that are missed or undetected by security tools or assessments, failing to identify actual malicious activities or risks, which may lead to security breaches or compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What term describes missed security incidents or vulnerabilities in security assessments?

A

False negatives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are Log reviews in security assessments?

A

Log reviews involve analyzing logs and audit trails generated by systems, applications, or networks to identify abnormal or suspicious activities, unauthorized access attempts, or potential security breaches, aiding in incident detection and response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What term describes analyzing logs to identify abnormal or suspicious activities in security assessments?

A

Log reviews

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the difference between credentialed and non-credentialed scans?

A

Credentialed scans use privileged credentials or access rights to assess systems and applications comprehensively, while non-credentialed scans are conducted without such access, providing limited visibility and potentially missing certain vulnerabilities or misconfigurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are Intrusive and non-intrusive assessments?

A

Intrusive assessments involve actively probing, testing, or exploiting systems, networks, or applications to identify vulnerabilities or security weaknesses. Non-intrusive assessments, on the other hand, rely on passive observation, analysis, or review of systems without actively engaging or disrupting them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What terms describe assessment methods involving active probing and passive observation, respectively?

A

Intrusive and non-intrusive assessments

22
Q

What is an Application security assessment?

A

An Application security assessment is a systematic evaluation of software applications to identify and mitigate security risks, vulnerabilities, or weaknesses that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or functionality.

23
Q

What term describes the evaluation of software applications to identify security risks or vulnerabilities?

A

Application security assessment

24
Q

What is a Web application security assessment?

A

A Web application security assessment is a specialized form of application security assessment focused on evaluating the security posture of web-based applications, including websites, web services, and web APIs, to identify and remediate vulnerabilities or weaknesses.

25
Q

What term describes the evaluation of security in web-based applications such as websites or web services?

A

Web application security assessment

26
Q

What is a Network security assessment?

A

A Network security assessment is an evaluation of an organization’s network infrastructure, architecture, and security controls to identify vulnerabilities, misconfigurations, or weaknesses that could be exploited by attackers to gain unauthorized access or disrupt operations.

27
Q

What term describes the evaluation of an organization’s network infrastructure and security controls?

A

Network security assessment

28
Q

What are CVE and CVSS?

A

CVE (Common Vulnerabilities and Exposures) is a dictionary of publicly known information security vulnerabilities and exposures, while CVSS (Common Vulnerability Scoring System) is a standardized framework for assessing and rating the severity of vulnerabilities based on their characteristics and potential impact.

29
Q

What terms describe a dictionary of security vulnerabilities and a framework for rating their severity?

A

CVE and CVSS

30
Q

What is a Configuration review in security assessments?

A

A Configuration review involves examining and analyzing the settings, configurations, and parameters of systems, applications, or networks to ensure they align with security best practices, policies, or industry standards and to identify any deviations or weaknesses that could pose security risks.

31
Q

What term describes the examination of system or network settings to ensure alignment with security best practices?

A

Configuration review

32
Q

What is Syslog/Security information and event management (SIEM)?

A

Syslog is a standard protocol for logging and transmitting event messages within a network, while SIEM (Security Information and Event Management) is a comprehensive approach to security management that combines real-time monitoring, event correlation, and incident response capabilities.

33
Q

What terms describe a logging protocol and a comprehensive security management approach?

A

Syslog and SIEM

34
Q

What are Review reports in security assessments?

A

Review reports are detailed documents or summaries produced as part of security assessments, audits, or evaluations, providing findings, recommendations, and remediation steps based on the analysis of vulnerabilities, risks, or security controls.

35
Q

What term describes detailed documents providing findings and recommendations from security assessments?

A

Review reports

36
Q

What is Packet capture in security assessments?

A

Packet capture, also known as packet sniffing or network sniffing, is the process of intercepting and logging data packets flowing through a network for analysis, monitoring, or troubleshooting purposes, allowing security analysts to inspect network traffic and identify security threats or anomalies.

37
Q

What term describes the process of intercepting and logging network traffic for analysis or monitoring?

A

Packet capture

38
Q

What are Data inputs in security assessments?

A

Data inputs in security assessments refer to the information, events, or data sources used for analysis, monitoring, or detection of security threats, vulnerabilities, or suspicious activities within an organization’s network, systems, or applications.

39
Q

What term describes the information or data sources used for security analysis or monitoring?

A

Data inputs

40
Q

What is User behavior analysis in security monitoring?

A

User behavior analysis in security monitoring involves the systematic analysis and interpretation of user activities, actions, or patterns within a network or system to detect anomalies, identify insider threats, or prevent unauthorized access or data breaches.

41
Q

What term describes the systematic analysis of user activities to detect anomalies or insider threats?

A

User behavior analysis

42
Q

What is Sentiment analysis in security monitoring?

A

Sentiment analysis in security monitoring is the process of analyzing textual data, such as social media posts, emails, or chat logs, to assess the sentiment, tone, or emotions expressed within the content, helping to identify potential security threats or public perception.

43
Q

What term describes the analysis of sentiment or emotions expressed in textual data?

A

Sentiment analysis

44
Q

What is Security monitoring?

A

Security monitoring is the continuous observation, analysis, and assessment of an organization’s systems, networks, or digital assets to detect and respond to security threats, suspicious activities, or unauthorized access attempts in real-time or near real-time.

45
Q

What term describes continuous observation and analysis of systems to detect security threats?

A

Security monitoring

46
Q

What is Log aggregation in security operations?

A

Log aggregation is the process of collecting, consolidating, and centralizing log data from various sources, such as systems, applications, or network devices, into a unified platform or repository for analysis, correlation, and monitoring in security operations.

47
Q

What term describes the process of collecting and centralizing log data from multiple sources?

A

Log aggregation

48
Q

What are Log collectors in security monitoring?

A

Log collectors are software or systems designed to gather, parse, and forward log data generated by devices, applications, or systems within an organization’s network to centralized log management or analysis tools for monitoring, analysis, or incident response purposes.

49
Q

What term describes software or systems used to gather and forward log data for centralized analysis?

A

Log collectors

50
Q

What is SOAR in cybersecurity operations?

A

SOAR (Security Orchestration, Automation, and Response) is a comprehensive approach to cybersecurity operations that integrates security tools, processes, and workflows to streamline incident response, automate repetitive tasks, and orchestrate security actions across an organization’s infrastructure.

51
Q

What term describes the integration of security tools and automation to streamline incident response?

A

Security Orchestration, Automation, and Response (SOAR)