3. Threat Actors

Question 1

Unskilled Attacker

Answer 1

Limited technical expertise, use readily available tools

Question 2

Hacktivists

Answer 2

Driven by political, social, or environmental ideologies

Question 3

Organized Crime

Answer 3

Execute cyberattacks for financial gain

Question 4

Nation-state Actor

Answer 4

Highly skilled attackers sponsored by governments for cyber espionage or warfare

Question 5

Insider Threats

Answer 5

Security threats originating from within the organization

Question 6

Shadow IT

Answer 6

IT systems, devices, software or services managed without explicit organizational approval

Question 7

Honeypots

Answer 7

Decoy systems to attract and deceive attackers

Question 8

Honeynets

Answer 8

Network of decoy systems for observing complex attacks

Question 9

Honeyfiles

Answer 9

Decoy files to detect unauthorized access or data breaches

Question 10

Honeytokens

Answer 10

Fake data to alert administrators when accessed or used

Question 11

Data Exfiltration

Answer 11

Unauthorized transfer of data from a computer

Question 12

Script Kiddie

Answer 12

An individual with limited technical knowledge.
use pre-made software or scripts

Question 13

Distributed Denial of Service (DDoS) Attack

Answer 13

Attempt to overwhelm the victim’s system or network so they cannot be accessed by the organization’s legitimate users

Question 14

Threat Vector

Answer 14

The pathway by which an attacker can gain unauthorized access to a computer or network to deliver a malicious payload or carry out an unwanted action.

Question 15

Attack Surface

Answer 15

Encompasses all the various points where an unauthorized user can try to enter data or extract data from an environment.