Chapter 1: Key Terms

Question 1

Threat Actor

Answer 1

The individual or entity that is responsible `for attacks against the technology of enterprises and users.

Question 2

Attributes

Answer 2

Characteristic features of the different groups of threat actors.

Question 3

Intent/Motivation

Answer 3

Reasons for an attack by threat actors.

Question 4

Hacker

Answer 4

A person who uses advanced computer skills to attack computers.

Question 5

Black hat hackers

Answer 5

Threat actors who violate computer security for personal gain or to inflict malicious damage.

Question 6

White hat hackers

Answer 6

Hackers that probe a system with an organization’s permission to find weaknesses and report them to the organization.

Question 7

Gray hat hackers

Answer 7

Hackers that probe a system without an organization’s permission to expose flaws the system and get the company to take action.

Question 8

Script Kiddies

Answer 8

Individuals who want to perform attacks yet lack the technical knowledge to carry them out.

Question 9

Hacktivists

Answer 9

A group of attackers that is strongly motivated by ideology.

Question 10

State Actors

Answer 10

Government-sponsored attackers who launch cyberattacks against the foes of the state.

Question 11

Advanced Persistent Threat (APT)

Answer 11

An attack that uses advanced methods to infect and silently extract data over an extended period of time.

Question 12

Insider Threat

Answer 12

Trusted employees that attack an organization from the inside.

Question 13

Competitors

Answer 13

Attackers who launch attacks against an opponent’s system to steal classified information.

Question 14

Criminal Syndicates

Answer 14

Attackers that contract out their services to aid in criminal activity.

Question 15

Shadow IT

Answer 15

Employees that install their own equipment or software that violates company policy and exposes the company to attacks.

Question 16

Brokers

Answer 16

Attackers that sell their knowledge of a weakness to other attackers or governments.

Question 17

Cyberterrorists

Answer 17

Attackers that attack a nation’s network to cause disruption and panic among citizens.

Question 18

Legacy Platform

Answer 18

An older platform that no longer widespread.

Question 19

On-premises Platform

Answer 19

A platform that remains within the physical confines of an enterprise.

Question 20

Cloud Platform

Answer 20

A pay-per-use computing model in which customers pay only for the online computing resources they need.

Question 21

Third Parties

Answer 21

External entities outside of the organization.

Question 22

Outsourced Code Development

Answer 22

Contracting third parties to aid in the development of a program.

Question 23

Data Storage

Answer 23

Third-party facilities used for storing important data.

Question 24

Vendor Management

Answer 24

The process where organizations monitor and manage third party companies they are working with.

Question 25

System Integration

Answer 25

Connectivity between the systems of an organization and its third parties.

Question 26

Lack of Vendor Support

Answer 26

A lack of expertise to handle system integration.

Question 27

Patch

Answer 27

An officially released software security update intended to repair a vulnerability.

Question 28

Firmware

Answer 28

Software that is embedded into hardware to provide low-level controls and instructions.

Question 29

Zero Day

Answer 29

A vulnerability that is exploited by attackers before anyone else even knows it exists.

Question 30

Attack Vector

Answer 30

A pathway or avenue used by a threat actor to penetrate a system.

Question 31

Email Vector

Answer 31

An attack vector in which an attacker delivers malware through email.

Question 32

Wireless Vector

Answer 32

An attack vector in which an attacker intercepts data as it travels across a wireless network.

Question 33

Removable Media Vector

Answer 33

An attack vector in which an attacker uses removeable media such as a flash drive to infect a system.