2.0 Threats, Vulnerabilities, and Mitigations

Question 1

A person or entity responsible for an event that has been identified as a security incident or as a risk.

Answer 1

Threat actor

Question 2

The degree of access that a threat actor possesses before initiating an attack. An external threat actor has no standing privileges, while an internal actor has been granted some access permissions.

Answer 2

Internal/external

Question 3

A formal classification of the resources and expertise available to a threat actor.

Answer 3

Level of sophistication/capability

Question 4

Resources/funding

Answer 4

The ability of threat actors to draw upon funding to acquire personnel, tools, and development of novel attack types.

Question 5

A type of attack that compromises the availability of an asset or business process.

Answer 5

Service disruption

Question 6

The process by which an attacker copies data from a private network to an external network.

Answer 6

Data exfiltration

Question 7

A type of attack that falsifies an information resource that is normally trusted by others.

Answer 7

Disinformation

Question 8

Demanding payment to prevent the release of information.

Answer 8

Blackmail

Question 9

Demanding payment to prevent or halt some type of attack.

Answer 9

Extortion

Question 10

Falsifying records, such as an internal fraud that involves tampering with accounts.

Answer 10

Fraud

Question 11

Often used to refer to someone who breaks into computer systems or spreads viruses. Ethical hackers prefer to think of themselves as experts on and explorers of computer security systems.

Answer 11

Hacker

Question 12

A hacker operating with malicious intent.

Answer 12

Unauthorized hacker

Question 13

A hacker engaged in authorized penetration testing or other security consultancy.

Answer 13

Authorized hacker

Question 14

An inexperienced attacker that typically uses tools or scripts created by others.

Answer 14

Unskilled attacker/script kiddie

Question 15

A threat actor that is motivated by a social issue or political cause.

Answer 15

Hacktivist

Question 16

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Answer 16

Advanced persistent threat (APT)

Question 17

A type of threat actor that is supported by the resources of its host country’s military and security services.

Answer 17

Nation-state actors

Question 18

A type of threat actor that uses hacking and computer fraud for commercial gain.

Answer 18

Organized crime

Question 19

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Answer 19

Internal threat

Question 20

A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.

Answer 20

Unintentional or inadvertent insider threat

Question 21

Computer hardware, software, or services used on a private network without authorization from the system owner.

Answer 21

Shadow IT

Question 22

The end-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer.

Answer 22

Supply chain

Question 22

Weakness in an application or OS that could be triggered accidentally or exploited intentionally to cause a security breach.

Answer 22

Vulnerable software

Question 23

An attack type that will entice a victim into using or opening a removable device, document, image, or program that conceals malware.

Answer 23

Lure

Question 23

Configuration that exposes a large attack surface, such as through unnecessary open service ports, weak or no authentication, use of default credentials, or lack of secure communications/encryption.

Answer 23

Unsecure network

Question 23

Product life cycle phase where mainstream vendor support is no longer available.

Answer 23

Unsupported systems

Question 24

A social engineering tactic where a team communicates, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood.

Answer 24

Pretexting

Question 24

An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

Answer 24

Social engineering

Question 25

A social engineering attack where an attacker pretends to be someone they are not.

Answer 25

Impersonation

Question 26

An email-based social engineering attack in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Answer 26

Phishing

Question 27

A human-based attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Answer 27

Vishing

Question 28

A form of phishing that uses SMS text messages to trick a victim into revealing information.

Answer 28

Smishing

Question 29

An impersonation attack in which the attacker gains control of an employee’s account and uses it to convince other employees to perform fraudulent actions.

Answer 29

Business email compromise

Question 29

An attack in which an attacker registers a domain name with a common misspelling of an existing domain, so that a user who misspells a URL in a browser is taken to the attacker’s website.

Answer 29

Typosquatting

Question 29

A type of attack that redirects users from a legitimate website to a malicious one.

Answer 29

Pharming

Question 30

An attack in which an attacker targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites.

Answer 30

Watering hole attack

Question 31

Software that serves a malicious purpose, typically installed without the user’s consent (or knowledge).

Answer 31

Malware

Question 32

A malicious software program hidden within an innocuous-seeming piece of software.

Answer 32

Trojan

Question 33

Software that cannot definitively be classed as malicious, but may not have been chosen or wanted by the user.

Answer 33

Potentially unwanted programs (PUPs)/potentially unwanted applications (PUAs)

Question 34

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.

Answer 34

Virus

Question 34

A process executed without proper authorization from the system owner for the purpose of damaging or compromising the system.

Answer 34

Malicious process

Question 35

A type of malware that replicates between processes in system memory and can spread over client/server network connections.

Answer 35

Worm

Question 36

A lightweight block of malicious code that exploits a software vulnerability to gain initial access to a victim system.

Answer 36

Shellcode

Question 37

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Answer 37

Advanced persistent threat (APT)

Question 38

Software that records information about a PC and its user. ______ is used to describe software that the user has acknowledged can record information about their habits.

Answer 38

Adware

Question 39

Malicious software or hardware that can record user keystrokes.

Answer 39

Keylogger

Question 40

A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

Answer 40

Backdoor

Question 41

Software that records information about a PC and its users, often installed without the user’s consent.

Answer 41

Spyware

Question 42

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Answer 42

Remote access Trojan (RAT)

Question 43

A group of hosts or devices that has been infected by a control program called a bot, which enables attackers to exploit the hosts to mount attacks.

Answer 43

Botnet

Question 43

A type of attack that subverts network security systems and policies to transfer data without authorization or detection.

Answer 43

Covert channel

Question 43

Command and control (C2 or C&C)

Answer 43

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

Question 44

A group communications protocol that enables users to chat, send private messages, and share files.

Answer 44

Internet Relay Chat (IRC)

Question 45

Class of malware that modifies system files, often at the kernel level, to conceal its presence.

Answer 45

Rootkit

Question 46

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment.

Answer 46

Ransomware

Question 47

Malware that hijacks computer resources to create cryptocurrency.

Answer 47

Crypto-mining

Question 48

A malicious program or script that is set to run under particular circumstances or in response to a defined event.

Answer 48

Logic bomb