(9) Incident Threat Classification

Question 1

Describe the Attrition attack vector

Answer 1

If an attack happens by way of attrition, then it uses brute force methods to compromise, degrade, or destroy systems, networks, etc. DDoS is a good example

Question 2

Describe the Web attack vector

Answer 2

The web attack vector could include a cross site scripting attack used to steal credentials or to redirect to a site that takes advantage of a browser weakness and puts malware on a system

Question 3

Describe the Impersonation attack vector

Answer 3

The impersonation attack vector is about replacing something ok with something not ok, This can include spoofing, Man-in-the-middle (on-path) attacks, rogue access points, etc.

Question 4

Describe the improper usage attack vector

Answer 4

The improper usage attack vector is about a user violating an organization’s acceptable use policy by a real user. Also could include installing file sharing software, or if a user does something illegal

Question 5

Describe the unknown and other attack vector

Answer 5

Unknown is an attack that doesn’t come from a known origin. The other attack vector is an attack from a spot that doesn’t fit into a known category

Question 6

What are Advanced Persistent Threats (APTs)?

Answer 6

APTs are very skilled hackers that are often funded by nation states and have a specific goal in mind. They take advantage of zero day vulnerabilities, which are those that aren’t known in the security world and aren’t detectable by a security scanner