2 - Cybersecurity Threat Landscape Flashcards
Explain the following: threats actors, vectors, and intel sources; and know security concerns associated with various vulnerabilities
What measures are commonly used to assess threat intelligence?
Timeliness, Accuracy, and Relevance
What language is STIX based on?
XML
Kolin is a penetration tester. Kolin is working to gain access to a system that belongs to the hospital. What term best describes Kolin’s work?
White Hat (Hacking)
What kind of Attack is most likely to be associated with an APT (advanced persistent threat)?
Nation-state Actor
What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?
ISACs
Which threat actor typically has the greatest access to resources (time, money, skill)?
Nation-state Actors
Which threat vector is most commonly exploited by attackers who are at a distant location?
Who is a good example of a hacktivist group?
Anonymous
What type of assessment is particularly useful for identifying insider threats?
Behavioral
Cindy wants to send threat info via a standardized protocol specifically designed to exchange cyber threat info. What should she use?
TAXII
Greg believes an attacker installed malicious firmware in a network device before it was provided to his org by the supplier. What type of threat vector best describes this attack?
Supply Chain
Ken is doing threat research on Transport Layer Security (TLS) and would like to consult the authoritative reference for the protocol’s technical specification. What resource would best meet his needs?
Internet RFCs
Wendy is scanning cloud-based repositories for sensitive info. What should concern her MOST, if discovered in a public repository?
API Keys
What threat research tool is used to visually display info about the location of threat actors?
Threat Map
Vince recently received the hash values of malicious software that several other firms in his industry found installed on their compromised systems. What term best describes this info?
IoC