Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

NP_S1 > Ch 3 SC > Flashcards

Ch 3 SC Flashcards

1
Q

CVE

A

Common Vulnerabilities and Exposures.
• An identifier of Common Vulnerabilities.
• A dictionary of publicly known Vulnerabilities and exposures in products and systems maintained by MITRE.
• CVE ID is the industry standard to identify Vulnerabilities.
• The goal of CVE is to make it easier to share data across tools, vulnerability repositories, and security services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability

A

An exploitable weakness in a system or its design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Threat

A
  • Any potential danger to an asset.
  • If a vulnerability exists but has not yet been exploited or, more importantly, it is not yet publicly known-the threat is latent and not yet realized.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Malicious actor

A

• The entity that takes advantage of the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Threat vector

A

• The path used by this actor to perform the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Countermeasure

A
  • A safeguard to mitigate a potential risk

* It does this by either reducing or eliminating the vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Threat Actor

A

• The individuals (or group) who perform an attack or are responsible for security.
Eg: script kiddies, organized crime, state sponsors and governments, Hactivists, terrorist groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Threat Intelligence

A
  • Knowledge about an existing or emerging threat to assets.
  • Threat intelligence includes context, mechanisms, indicators of compromise (IOCs), implications, and actionable advice.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IOC

A

• Indicator of compromise. Threat intelligence information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Exploit

A
  • Software or sequence of commands that takes advantage of a vulnerability in order to cause harm to a system or network.
  • Most Common exploit categories are remote and local exploits.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CVSS

A
  • Common Vulnerability Scoring System.

* Industry standard to convey vulnerability severity and to help determine urgency and priority of response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

PII

A
  • Personally identifiable information

* Name, Social Security number, DOB, Drivers license, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PHI

A

• Protected Health information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Separation of Duties

A

• An administrative control that dictates that a single individual should not perform all critical or privilege level duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

SOC

A
  • Security Operation Center
  • Provides detection, containment, and remediation via People, Processes, technology.
  • facilities where an organization asset’s, including applications, databases,servers, networks, desktops, and other endpoints are monitored.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Runbook

A

• A collection of procedures and operations performed by systems administrators, security professionals, or network operators.
Effectiveness measures for Runbooks:
1. Mean time to repair(MTTR)
2. Mean time between failures (MTBF)
3. Mean time to discover a security incident.
4. Mean time to contain or mitigate a security incident
5. Automating the provisioning of IT resources.

17
Q

Chain of Custody

A
  • The way you document and preserve evidence from when you started to the time presented to a court.
  • How the evidence was collected
  • When it was collected
  • How it was transported
  • How it was tracked; How stored
  • who had access and how
18
Q

Risk

A

• the possibility of a security incident (something bad) happening.

Risk = Threats x Vulnerabilities x Impact
• Risk pertains to the loss of confidentiality, integrity, availability of information.

19
Q

Attack Surface

A
  • The total sum of all the Vulnerabilities in a given system that is accessible to an attackers.
  • The Attack surface describes different points where an attacker could get into a system, and where they could extract data out of the system.
20
Q

Forensics

A

• Using scientific knowledge for collecting, analyzing, and presenting evidence to the courts.

21
Q

Exploit Kit

A

• A compilation of exploits that are often designed to be served from web servers.
Examples: Angler, Mpack, Fiesta, Phoenix, Blackhole, Crimepack, RIG

22
Q

5 Step Threat Intelligence Process

A
  • Step 1: Planning and Direction
  • Step 2: Collection
  • Step 3: Processing
  • Step 4: Analysis and Production
  • Step 5: Dissemination

NP_S1 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions