Chapter 1 - Threats, Attacks, and Vulnerabilities

Question 1

Phishing

Answer 1

Social Engineering with a touch of spoofing
Usually by mail, text, etc.
Usually something wrong with the URL

Question 2

Smishing (SMS Phishing)

Answer 2

Done by text message
Forwards links or asks for personal information
Examples: fake check, phone code verification, boss/ CEO

Question 3

Vishing (Voice Phishing)

Answer 3

Done over the phone or voicemail
Caller ID spoofing is common
Examples: fake security checks or bank updates

Question 4

Spam

Answer 4

Unsolicited messages
Examples: emails or forums

Question 5

Mail Gateways

Answer 5

A filter that identifies spam and throws it away

Question 6

Spam Over Instant Messaging (SPIM)

Answer 6

Unsolicited messages over instant messaging

Question 7

Spear Phishing

Answer 7

Targeted phishing with inside information

Question 8

Whaling

Answer 8

Spear phishing/ targeting the higher ups of a company
Have a ton of information for a bigger catch

Question 9

Dumpster Diving

Answer 9

Physically going through a dumpster to find important details (for an attack) people/ companies have thrown out

Question 10

Shoulder Surfing

Answer 10

Physically peeking over someone’s shoulder to look at their screen to try and steal information

Question 11

Pharming

Answer 11

Redirecting a legit website to a bogus site
Harvest large group of people instead of just one person

Question 12

Tailgating

Answer 12

Use an authorized person to gain unauthorized access to a building

Question 13

Eliciting Information

Answer 13

Extracting information from the victim
Often used with vishing

Question 14

Prepending

Answer 14

Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”

Question 15

Identity Fraud

Answer 15

Someone else using your identity
Examples: credit card, bank, loan, government benefits fraud

Question 16

Invoice Scams

Answer 16

Sending a fake invoice to the person/ department paying the bills at a company and the attacker ends up with the payment details

Question 17

Credential Harvesting

Answer 17

Attackers collecting login credentials
Opening a document that runs a macro to start harvesting
Called password harvesting

Question 18

Reconnaissance

Answer 18

Gather information on the victim
Usually background information
Examples: social media, corporate website

Question 19

Hoax

Answer 19

A threat that doesn’t actually exist but seems like it COULD be real

Question 20

Impersonation

Answer 20

Attacker pretends to be someone they are not
Uses details from reconnaissance

Question 21

Watering Hole Attack

Answer 21

Strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware
Eventually, some member of the targeted group will become infected

Question 22

Typosquatting

Answer 22

A type of URL hijacking
Purposely misspelling an URL
Example: “https:professormessor.com”

Question 23

Pretexting

Answer 23

Lying to a victim to get information
Example: “Hi, we are calling from Visa regarding…”

Question 24

Influence Campaigns

Answer 24

Sway public opinion on political and social issues

Question 25

Influence Campaigns - Hybrid Warfare

Answer 25

A military strategy that can influence elections and fake news
Usually called cyberwarfare
Attack an entity with technology

Question 26

Influence Campaigns - Social Media

Answer 26

Amplifying fake content on social media used by millions of people

Question 27

Social Engineering Principles - Authority

Answer 27

The social engineer is in charge
Example: “I am calling from the off of the CEO…”

Question 28

Social Engineering Principles - Intimidation

Answer 28

Things will be bad if you do not do this
Example: “If you don’t help me…”

Question 29

Social Engineering Principles - Consensus/ Social Proof

Answer 29

Convince the victim based on what’s normally expected
Example: “Your co-worker, Jill, did this for me…”

Question 30

Social Engineering Principles - Scarcity

Answer 30

The situation will not be this way for long
Example: Must make the change before time expires

Question 31

Social Engineering Principles - Familiarity/ Liking

Answer 31

Someone you know, we have common friends

Question 32

Social Engineering Principles - Trust

Answer 32

Someone who is safe
Example: “I am from IT, I am here to help”

Question 33

Social Engineering Principles - Urgency

Answer 33

Paired with scarcity
Example: Act quickly, don’t think

Question 34

Social Engineering Principles

Answer 34

Common methods used to increase social engineering for attacks

Question 35

Defending Waterhole Attack

Answer 35

Defense in depth
Firewalls and IPS
Anti-virus/ anti-malware signature updates

Question 36

Malware

Answer 36

Malicious software used to intend harm and gather information

Question 37

Ransomware

Answer 37

Taking away data and requiring victim to pay to get it back

Question 38

Trojans

Answer 38

Software that pretends to be something else to conquer your computer

Question 39

Worms

Answer 39

Malware that self-replicates itself
Does NOT need to be executed by the user

Question 40

Potentially Unwanted Programs (PUPs)

Answer 40

Usually downloaded by trojans
Software that a user may perceive as unwanted or unnecessary

Question 41

File less Virus

Answer 41

A stealth attack operated in memory
Avoids anti-virus detection and is never installed in a file or application

Question 42

Command and Control

Answer 42

Responsible for sending out commands to bots

Question 43

Bots (Robots)

Answer 43

A type of software application or script that performs automated tasks on command

Question 44

Cryptomalware

Answer 44

Newer generation of ransomware
Uses cryptography to encrypt victim information and sends the victim the key to decrypt if the victim sends them cryptocurrency

Question 45

Logic Bombs

Answer 45

Waits for a predefined moment before attack is executed
Example: time, date, event

Question 46

Keyloggers

Answer 46

A form of malware or hardware that keeps track of and records your keystrokes as you type

Question 47

Remote Access Trojan (RATs)

Answer 47

Installed as a backdoor
Malware use to gain complete control of operating system

Question 48

Rootkit

Answer 48

Modifies files in the foundational building blocks of the operating system (the core)

Question 49

Backdoor

Answer 49

A new way to get into system with out going through front door and as much security
Placed on system through malware

Question 50

Virus

Answer 50

Malware that can reproduce itself
Executed by user when a program is run
Examples: program, boot sector, script, macro viruses

Question 51

Adware

Answer 51

Pop-ups that can cause performance issues on your device

Question 52

Spyware

Answer 52

Malware that spies on you and everything you do

Question 53

Botnets

Answer 53

A group of bots working together
DDoS

Question 54

Spraying Attack

Answer 54

Attacking an account with the top three (or more) passwords
Move on if they do not work so there are no lockouts, alarms, or alerts

Question 55

Dictionary Attack

Answer 55

Using a dictionary to find common words or wordlists

Question 56

Brute Force Attack

Answer 56

Trying every possible password combination until the hash is met

Question 57

Brute Force Attack - Online

Answer 57

Keep trying the login process
Very slow
Might lockout after a certain amount of attempts

Question 58

Brute Force Attack - Offline

Answer 58

Brute forcing the hash
Get a list of users and hashes
Calculate a password hash, compare it to the stored hash

Question 59

Rainbow Table

Answer 59

Pre-built/ calculated set of hashes
Increases speed

Question 60

Plaintext/ Unencrypted

Answer 60

Storing passwords in the “clear”
There is no encryption and you can read the stored password

Question 61

Malicious Universal Serial Bus (USB) Cable

Answer 61

Looks like a normal USB cable but has additional electronics inside
Human Interface Device (HID)
Downloads and installs malicious software

Question 62

Malicious Flash Drive

Answer 62

Looks like a normal flash drive but can cause damage
Load malware documents, boot device, ethernet adapter

Question 63

Card Cloning

Answer 63

Get card details from a skimmer
Create a duplicate of a card

Question 64

Skimming

Answer 64

Stealing credit card information during a normal transaction

Question 65

Tainted Training Data for Machine Learning (ML)

Answer 65

Attackers sending modified training data that causes AI to behave incorrectly

Question 66

Security of Machine Learning Algorithms

Answer 66

Check the training data
Retrain with new data
Train the AI with possible poisoning

Question 67

Evasion Attacks

Answer 67

Used to trick the AI into giving off confidential information

Question 68

Supply Chain Attacks

Answer 68

Attackers can affect the supply chain by infecting different parts without suspicion
One exploit can infect the entire chain

Question 69

Birthday Attack

Answer 69

Finding a hash collision through the effect of chance

Question 70

Collision Attack

Answer 70

Finding two inputs producing the same hash value

Question 71

Downgrade Attack

Answer 71

Having a system downgrade their encryption making it easy to exploit
Could use an on-path attack

Question 72

Privilege Escalation

Answer 72

Gaining higher-level access to a system
More capabilities

Question 73

Cross-Site Scripting (XSS)

Answer 73

Type of injection, in which malicious scripts are injected into otherwise benign and trusted websites

Question 74

Non-persistent (Reflected) Cross-Site Scripting Attack

Answer 74

The injected malicious script is “reflected” off the web server as a response that includes some or all of the input sent to the server as part of the request

Question 75

Persistent (Stored) Cross-Site Scripting Attack

Answer 75

Posting a message to a social network that includes a malicious payload
Posted and propagated to others

Question 76

Code Injection

Answer 76

Adding your own information into a data stream

Question 77

Structured Query Language (SQL) Injection

Answer 77

Inserting an SQL query into regular input or form fields in order to get credentials such as a username or password

Question 78

Extensible Markup Language (XML) Injection

Answer 78

Modify requests and sending data and storing it in a different location

Question 79

Lightweight Directory Access Protocol (LDAP) Injection

Answer 79

Modify requests and gaining directory information you normally would not have access to

Question 80

Dynamic-Link Library Injection

Answer 80

Inject a DLL into an application and have that application run the code for us

Question 81

Buffer Overflows

Answer 81

Overwriting a buffer memory and have it spill over into other memory areas

Question 82

Replay Attacks

Answer 82

Data transfer is maliciously repeated or delayed
NOT an On-path attack

Question 83

Cross-Site Request Forgery

Answer 83

Malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts

Question 84

Pointer/ Object Dereference

Answer 84

Programming technique that references a portion of memory

Question 85

Directory Traversal/ Path Traversal

Answer 85

Reading files from a web server that are outside the website’s file directory

Question 86

Race Conditions

Answer 86

Two commands happening at the same time without being planned for

Question 87

Error Handling

Answer 87

Giving just enough information when an error is made so an attacker exploit the system

Question 88

Improper Input Handling

Answer 88

Finding input that can be malicious so an attack can be executed

Question 89

Session Replays

Answer 89

Reproduction of a user’s interactions on a website or web application exactly how the user actually experienced it

Question 90

Integer Overflow

Answer 90

When you attempt to store inside an integer variable a value that is larger than the maximum value the variable can hold

Question 91

Server-Side Request Forgery

Answer 91

Attacker abuses the functionality of a server causing it to access or manipulate information in the realm of that server that would otherwise not be directly accessible to the attacker

Question 92

Application Programming Interface (API) Attacks

Answer 92

The malicious usage or attempted usage of an API from automated threats such as access violations, bot attacks or abuse

Question 93

Resource Exhaustion

Answer 93

Happens when a system or system user uses up all the available resources that the system has, leading it to be completely drained
Specialized DoS attack
Zip Bomb

Question 94

Memory Leak

Answer 94

When unused memory is not properly released, begins to grow in size, eventually uses all available memory, and the system crashes

Question 95

Secure Sockets Layer (SSL) Stripping

Answer 95

Combines on-path attack with a downgrade attack
Type of cyberattack in which an attacker downgrades a website from secure HTTPS to an insecure HTTP connection

Question 96

Driver Manipulation

Answer 96

The alteration of system drivers to achieve a malicious outcome

Question 97

Shimming

Answer 97

Filling in the space between two objects (middleman)
Inserting a layer between an application and the operating system to modify the behavior of the application

Question 98

Refactoring

Answer 98

Appears different each time malware is downloaded
Add loops, points string codes, etc.
Can intelligently redesign itself

Question 99

Pass the Hash (PtH)

Answer 99

Type of cybersecurity attack in which an attacker steals a “hashed” user credential and uses it to create a new user session on the same network

Question 100

Time-of-check to Time-of-use Attack (TOCTOU)

Answer 100

Race condition that occurs when a resource is checked for a particular value, such as whether a file exists or not, and that value then changes before the resource is used, invalidating the results of the check

Question 101

Evil Twin

Answer 101

Access point that looks like an existing network
Wireless version of phishing

Question 102

Rogue Access Point

Answer 102

Unauthorized wireless access point
Not necessarily malicious
Potential backdoor

Question 103

Bluesnarfing

Answer 103

Access a Bluetooth device and transfer data
Examples: contact list, calendar, emails, pictures, videos, etc.

Question 104

Bluejacking

Answer 104

Sending unsolicited messages to another device via Bluetooth

Question 105

Disassociation

Answer 105

Cyberattack where a hacker forces a device to lose internet connectivity either temporarily or for an extended time
Wireless DoS attack

Question 106

Jamming

Answer 106

Prevent wireless communication by transmitting interfering wireless signals
DoS
Could be accidental: microwaves, lights, etc.

Question 107

Radio Frequency Identification (RFID)

Answer 107

Electromagnetic fields to automatically identify and track tags attached to objects
Examples: access badges, pet/ animal identification, etc.

Question 108

Near-field Communication (NFC)

Answer 108

Set of communication protocols that enables communication between two electronic devices over a short distance

Question 109

Initialization Vector (IV)

Answer 109

A type of nonce
Used for randomizing an encryption scheme
Examples: encryption ciphers, WEP, SSL implementations

Question 110

On-Path Network Attack (man-in-the-middle attack/ main-in-the-browser attack)

Answer 110

When an aggressor sits in the center between two stations and can catch, and sometimes, change that data that is being sent intelligently across the organization

Question 111

Address Resolution Protocol (ARP) Poisoning

Answer 111

A form of spoofing attack that hackers use to intercept data
Used by attacker in an on-path attack

Question 112

Media Access Control (MAC) Flooding

Answer 112

The flooding of MAC addresses in the MAC table forcing out the legitimate MAC addresses
Switch begins flooding traffic to all interfaces
Switch turns into a hub and all traffic is transmitted to all interfaces

Question 113

MAC Cloning

Answer 113

Attacker changes their MAC address to match the MAC address of an existing device

Question 114

Domain Hijacking

Answer 114

Getting access to the domain registration letting you have control where the traffic goes

Question 115

DNS Poisoning

Answer 115

When fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website

Question 116

Uniform Resource Locator (URL) Redirection

Answer 116

Vulnerability which allows an attacker to force users of your application to an untrusted external site
Click a link and get sent to a malicious site

Question 117

Domain Reputation

Answer 117

The health or condition of your branded domain
Example: email - might not be able to send or receive emails

Question 118

Domain Name System

Answer 118

The system by which internet domain names and addresses are tracked and regulated

Question 119

Distributed Denial-of-service (DDoS)

Answer 119

An army of computer to overload and bring down a service
Use all bandwidth or resources

Question 120

Application DoS

Answer 120

Making an application break or work harder
Examples: fill disk space, overuse of resources, increase response time

Question 121

Operational Technology (OT) DoS

Answer 121

Overload the hardware and software for industrial equipment
Examples: Power grids, traffic lights, etc.

Question 122

PowerShell (Malicious Code)

Answer 122

Attacks windows systems by accessing domains and files
.ps1 file extension

Question 123

Python (Malicious Code)

Answer 123

Attacks infrastructure (routers, switches, servers) and used for cloud orchestration
.py file extension

Question 124

Bash (Malicious Code)

Answer 124

Used in shell script to attack the Linux/ Unix environment (web, database, etc.)
.sh file extension

Question 125

Macros (Malicious Code)

Answer 125

Use to automate functions and make application easier to use
Attackers create automated exploits by the user opening the file and have the macro run

Question 126

Visual Basic for Applications (VBA) (Malicious Code)

Answer 126

Automates processes within Windows applications
CVE-2010-0815 / MS10-031 - Allows arbitrary code embedded in a document to run

Question 127

On-Path Browser Attack

Answer 127

An aggressor is on the same computer as the victim using malware that takes information from victim

Question 128

Denial of Service

Answer 128

Overload a service and force it to fail

Question 129

Advanced Persistent Threat (APT)

Answer 129

Attackers being in the network and undetected for a long while to get highly sensitive data

Question 130

Insider Threats

Answer 130

A threat to an organization that comes from people within the organization, such as employees or former employees who have inside information concerning the organization’s security practices, data and computer systems

Question 131

State Actors

Answer 131

People or groups who use their technology skills to facilitate hacking, sabotage, theft, misinformation and other operations on behalf of a country

Question 132

Hacktivists

Answer 132

A hacker that has a purpose of social change or with a political agenda

Question 133

Script Kiddies

Answer 133

An unsophisticated attacker who runs pre-made scripts without any knowledge of what’s really happening

Question 134

Criminal Syndicates

Answer 134

Professional criminals doing organized crime motivated by money

Question 135

Hackers

Answer 135

Person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle

Question 136

Hackers (authorized)

Answer 136

An ethical hacker with good intentions and has permission to hack

Question 137

Hackers (unauthorized)

Answer 137

A malicious hacker who violates security for personal gain

Question 138

Hackers (semi-authorized)

Answer 138

A hacker who finds a vulnerability but doesn’t use it

Question 139

Shadow IT

Answer 139

The use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization

Question 140

Competitors (Threat Actor)

Answer 140

A different organization having negative intents against your company by trying to take information or corrupt databases

Question 141

Attributes of Actors

Answer 141

Internal/ external, level of sophistication/ capability, resources/ funding, intent/ motivation

Question 142

Attack Vectors

Answer 142

A method used by the attacker to gain access or infect the target

Question 143

Attack Vectors (Direct Access)

Answer 143

Physically accessing the data center and modifying the operating system
Examples: keylogger, transfer files, DoS, etc.

Question 144

Attack Vectors (Wireless)

Answer 144

Modifying the access point of configuration
Examples: rogue access point, evil twin, etc.

Question 145

Attack Vectors (Email)

Answer 145

Using an email to attack someone
Examples: phishing, delivery of malware, etc.

Question 146

Attack Vectors (Supply Chain)

Answer 146

Tamper with underlying infrastructure or manufacturing process

Question 147

Attack Vectors (Social Media)

Answer 147

Putting personal information online and using it against the user
Examples: user profiling

Question 148

Attack Vectors (Removable Media)

Answer 148

Using attacks to remove media from systems
Examples: USB, flash drive, data exfiltration

Question 149

Attack Vectors (Cloud)

Answer 149

Using security misconfigurations against applications and services
Examples: Brute force, orchestration attacks, DoS

Question 150

Open-source Intelligence (OSINT)

Answer 150

Researching threat using public open-source resources
Examples: Internet, government data, commercial data

Question 151

Closed/ Proprietary Intelligence

Answer 151

The purchase of compiled threat information someone else already has

Question 152

Vulnerability Databases

Answer 152

Places where vulnerabilities can be researched
Examples: common vulnerabilities and exposures (CVE)

Question 153

Public/ Private Information Sharing Centers

Answer 153

Provides a central resource for gathering information on cyber and related threats to critical infrastructure and providing two-way sharing of information between the private and public sectors

Question 154

Dark Web

Answer 154

Overlay networks that use the Internet but require specific software, configurations, or authorization to access

Question 155

Indicators of Compromise (IOC)

Answer 155

An event that indicates an intrusion
Examples: uncommon login patterns, unusual amount of connectivity

Question 156

Automated Indicator Sharing (AIS)

Answer 156

A way for the intelligence industry to share important threat data or indicators

Question 157

Structured Threat Information eXpression (STIX)

Answer 157

Describes cyber threat information
Examples: motivations, abilities, capabilities, etc.

Question 158

Trusted Automated eXchange of Intelligence Information (TAXII)

Answer 158

Securely shares the STIX data over HTTPS

Question 159

Predictive Analysis

Answer 159

Analyze a large amount of data, identify behaviors, and create a forecast for potential attacks

Question 160

Threat Maps

Answer 160

A map created from real attack data to identify attacks and trends

Question 161

File/ Code Repositories

Answer 161

Places to see code of what hackers are building and what people are accidentally releasing
Examples: GitHub

Question 162

Threat Research

Answer 162

Seeking out potential risks and delivering insights to take action

Question 163

Vendor Websites (research sources)

Answer 163

Them knowing when problems occur

Question 164

Vulnerability Feeds (research sources)

Answer 164

Automated vulnerability notifications for when threats occur

Question 165

Conferences (research sources)

Answer 165

A place to gathering information from other professionals about attacks

Question 166

Academic Journals (research sources)

Answer 166

Research from academic professionals about security technologies

Question 167

Request for Comments (RFC) (research sources)

Answer 167

Document that contains specifications and organizational notes about topics related to the internet and computer networking, such as routing, addressing and transport technologies

Question 168

Local Industry Groups (research sources)

Answer 168

A gathering of local peers for shared industry and technology insights

Question 169

Social Media (research sources)

Answer 169

Profiles with group conversations - professionals discussing details

Question 170

Threat Feeds (research sources)

Answer 170

Monitoring threat announcements to stay informed
Examples: U.S. department of homeland security, etc.

Question 171

Adversary Tactics, Techniques, and Procedures (TTP)

Answer 171

Describe the behaviors, strategies and methods used by attackers to develop and execute cyber attacks on enterprise networks

Question 172

Threat Intelligence

Answer 172

Research threats and threat actors so you can make educated decisions and preventions

Question 173

Zero-day Attacks

Answer 173

An attack that has not been discovered yet

Question 174

Open Permissions

Answer 174

No security on data allowing attackers to perform actions that exploit and system

Question 175

Unsecure Root Accounts

Answer 175

Vulnerable to takeover due to poor security configuration
Example: weak passwords

Question 176

Errors

Answer 176

Messages that can provide useful information to an attacker
Examples: service type, version information, debug data

Question 177

Weak Encryption

Answer 177

The uses a key of insufficient length making it easier to attack

Question 178

Insecure Protocols

Answer 178

A protocol that introduces security concerns due to the lack of controls over confidentiality and/or integrity

Question 179

Default Settings

Answer 179

Having preset credentials allowing access to all configurations

Question 180

Open Ports and Services

Answer 180

Services open ports in which provides a pathway for attackers to exploit vulnerabilities in your system
Defend with a firewall

Question 181

Third-Party Risks

Answer 181

The risk of outsourcing certain services or use software built by third parties to accomplish certain tasks

Question 182

System Integration Risk

Answer 182

The potential for integration of technology, processes, information, departments or organizations to fail

Question 183

Lack of Vendor Support Risk

Answer 183

Vendors not taking initiative to fix their products

Question 184

Supply Chain Risk

Answer 184

The implementation of strategies to manage both everyday and exceptional risks along the supply chain based on continuous risk assessment with the objective of reducing vulnerability and ensuring continuity

Question 185

Outsourced Code Development

Answer 185

Hiring a third-party service provider to handle software development projects

Question 186

Data Storage

Answer 186

Storing data with a third-party trust?

Question 187

Improper Patch Management

Answer 187

The process of not distributing and applying updates to software

Question 188

Firmware Patch Management

Answer 188

The BIOS of the device

Question 189

Operating System Patch Management

Answer 189

Monthly and on-demand patches

Question 190

Applications Patch Management

Answer 190

Provided by the manufacturer as needed

Question 191

Legacy Platforms

Answer 191

An outdated computer system still in use

Question 192

Impacts to Third-Party Risks

Answer 192

Data loss, data breaches, data exfiltration, identity theft, financial, reputation, availability loss

Question 193

Threat Hunting

Answer 193

The practice of proactively searching for cyber threats that are lurking undetected in a network

Question 194

Intelligence Fusion

Answer 194

Combining pieces of information to produce higher-quality information, knowledge, and understanding

Question 195

Maneuver

Answer 195

Application of force to capture, disrupt, deny, degrade, destroy or manipulate computing and information resources in order to achieve a position of advantage in respect to competitors

Question 196

Vulnerability Scans

Answer 196

Scanning used to discover the weaknesses of a given system

Question 197

False Positive Scans

Answer 197

A vulnerability that was identified but doesn’t really exist

Question 198

False Negatives Scans

Answer 198

A vulnerability exists, but wasn’t detected

Question 199

Vulnerability Scan Log Review

Answer 199

The process of discovering, analyzing, and reporting on security flaws and vulnerabilities of what the scanner picked up

Question 200

Credentialed Scans vs. Non-credentialed Scans

Answer 200

Credentialed scans - normal user, emulating an insider attack
Non-credentialed scans - The scanner can’t login to the remote device

Question 201

Intrusive Scans vs. Non-intrusive Scans

Answer 201

Intrusive scans - You’ll try out the vulnerability to see if it works
Non-intrusive scans - Gather information, don’t try to exploit a vulnerability

Question 202

Application Scans

Answer 202

Desktop, mobile apps

Question 203

Web Application Scans

Answer 203

Software on a web server

Question 204

Network Scans

Answer 204

Misconfigured firewalls, open ports, vulnerable devices

Question 205

Common Vulnerabilities and Exposures (CVE)/ Common Vulnerability Scoring System (CVSS)

Answer 205

Provides a reference method for publicly known information-security vulnerabilities and exposures

Question 206

Configuration Review

Answer 206

Validating the security of device configurations

Question 207

Security Information and Event Management (SIEM)

Answer 207

Logging of security events and information

Question 208

Syslog

Answer 208

Standard for message logging (integrated in SIEM)

Question 209

SIEM - Packet Capture

Answer 209

Can intercept and log traffic that passes over a computer network or part of a network

Question 210

SIEM - Data Inputs

Answer 210

Server authentication attempts
VPN connections
Firewall log sessions
Denied outbound traffic flows
Network utilizations

Question 211

SIEM - User and Entity Behavior Analysis (UBEA)

Answer 211

Cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network

Question 212

SIEM - Sentiment Analysis

Answer 212

The process of analyzing digital text to determine if the emotional tone of the message is positive, negative, or neutral

Question 213

SIEM - Security Monitoring

Answer 213

Automated process of collecting and analyzing indicators of potential security threats, then triaging these threats with appropriate action

Question 214

SIEM - Log Aggregation

Answer 214

Mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data

Question 215

SIEM - Log Collectors

Answer 215

Collecting real-time log data within an organization’s network and bringing them together in a central location for better analysis

Question 216

Security Orchestration, Automation, and Response (SOAR)

Answer 216

Software solution that enables security teams to integrate and coordinate separate tools into streamlined threat response workflows

Question 217

SOAR - Orchestration

Answer 217

Connect many different tools together
Examples: firewalls, account management, email filters, etc.

Question 218

SOAR - Automation

Answer 218

Handle security tasks automatically

Question 219

SOAR - Response

Answer 219

Make changes immediately

Question 220

Penetration Testing (Pentest)

Answer 220

Authorized simulated cyberattack on a computer system, performed to evaluate the security of the system

Question 221

Pentest - Known Environment

Answer 221

Performed by a security expert trained to identify and document issues that are present in an environment

Question 222

Pentest - Unknown Environment

Answer 222

Performed by a security expert that knows nothing about the systems under attack
“Blind” test

Question 223

Pentest - Partially Known Environment

Answer 223

Performed by a security expert that has partial knowledge or access to an internal network or web application

Question 224

Pentest - Rules of Engagement

Answer 224

Meant to list out the specifics of your penetration testing project to ensure that both the client and the engineers working on a project know exactly what is being testing, when its being tested, and how its being tested

Question 225

Pentest - Lateral Movement

Answer 225

Once in the network, can move from system to system

Question 226

Pentest - Persistence

Answer 226

Once in a system, you need to make sure there is a way back in
Examples: backdoor, change passwords, etc.

Question 227

Pentest - Cleanup

Answer 227

Removing all malicious activity from the pentest attack, leave the network in its original state
Examples: remove backdoors, change passwords back

Question 228

Bug Bounty

Answer 228

A reward offered to a person who identifies an error or vulnerability in a computer program or system

Question 229

Pivoting

Answer 229

Using a compromised system to spread between different computer systems once inside the network, simulating the behavior of a real attacker

Question 230

Passive Reconnaissance

Answer 230

Attempt to gain information about targeted computers and networks without actively engaging with the systems

Question 231

Active Reconnaissance

Answer 231

Attempt to gain information about targeted computers and networks by actively engaging with the systems

Question 232

War Flying

Answer 232

Used with a drone and a wireless network detector to find wifi wireless network locations

Question 233

Active Footprinting

Answer 233

Process of using tools and techniques, like using the traceroute commands or a ping sweep – Internet Control Message Protocol sweep – to collect data about a specific target

Question 234

Passive Footprinting

Answer 234

Collecting data without actively engaging with the target system

Question 235

Open Source Intelligence (OSINT)

Answer 235

The collection and analysis of information from many open sources

Question 236

War Driving

Answer 236

Drive around with a wireless network detector to find wifi wireless network locations

Question 237

Red Team

Answer 237

The offensive security team
Hired ethical hackers

Question 238

Blue Team

Answer 238

The defensive security team

Question 239

White Team

Answer 239

Not on a team
Manages the interactions between the red teams and blue teams
Referees

Question 240

Purple Team

Answer 240

Red and blue teams working together
Both share their findings to see how it can benefit the organization