Chapter 1.7 - Security Assessments

Question 1

Threat Hunting

Answer 1

The practice of proactively searching for cyber threats that are lurking undetected in a network

Question 2

Intelligence Fusion

Answer 2

Combining pieces of information to produce higher-quality information, knowledge, and understanding

Question 3

Maneuver

Answer 3

Application of force to capture, disrupt, deny, degrade, destroy or manipulate computing and information resources in order to achieve a position of advantage in respect to competitors

Question 4

Vulnerability Scans

Answer 4

Scanning used to discover the weaknesses of a given system

Question 5

False Positive Scans

Answer 5

A vulnerability that was identified but doesn’t really exist

Question 6

False Negatives Scans

Answer 6

A vulnerability exists, but wasn’t detected

Question 7

Vulnerability Scan Log Review

Answer 7

The process of discovering, analyzing, and reporting on security flaws and vulnerabilities of what the scanner picked up

Question 8

Credentialed Scans vs. Non-credentialed Scans

Answer 8

Credentialed scans - normal user, emulating an insider attack
Non-credentialed scans - The scanner can’t login to the remote device

Question 9

Intrusive Scans vs. Non-intrusive Scans

Answer 9

Intrusive scans - You’ll try out the vulnerability to see if it works
Non-intrusive scans - Gather information, don’t try to exploit a vulnerability

Question 10

Application Scans

Answer 10

Desktop, mobile apps

Question 11

Web Application Scans

Answer 11

Software on a web server

Question 12

Network Scans

Answer 12

Misconfigured firewalls, open ports, vulnerable devices

Question 13

Common Vulnerabilities and Exposures (CVE)/ Common Vulnerability Scoring System (CVSS)

Answer 13

Provides a reference method for publicly known information-security vulnerabilities and exposures

Question 14

Configuration Review

Answer 14

Validating the security of device configurations

Question 15

Security Information and Event Management (SIEM)

Answer 15

Logging of security events and information

Question 16

Syslog

Answer 16

Standard for message logging (integrated in SIEM)

Question 17

SIEM - Packet Capture

Answer 17

Can intercept and log traffic that passes over a computer network or part of a network

Question 18

SIEM - Data Inputs

Answer 18

Server authentication attempts
VPN connections
Firewall log sessions
Denied outbound traffic flows
Network utilizations

Question 19

SIEM - User and Entity Behavior Analysis (UBEA)

Answer 19

Cybersecurity solution that uses algorithms and machine learning to detect anomalies in the behavior of not only the users in a corporate network but also the routers, servers, and endpoints in that network

Question 20

SIEM - Sentiment Analysis

Answer 20

The process of analyzing digital text to determine if the emotional tone of the message is positive, negative, or neutral

Question 21

SIEM - Security Monitoring

Answer 21

Automated process of collecting and analyzing indicators of potential security threats, then triaging these threats with appropriate action

Question 22

SIEM - Log Aggregation

Answer 22

Mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data

Question 23

SIEM - Log Collectors

Answer 23

Collecting real-time log data within an organization’s network and bringing them together in a central location for better analysis

Question 24

Security Orchestration, Automation, and Response (SOAR)

Answer 24

Software solution that enables security teams to integrate and coordinate separate tools into streamlined threat response workflows

Question 25

SOAR - Orchestration

Answer 25

Connect many different tools together
Examples: firewalls, account management, email filters, etc.

Question 26

SOAR - Automation

Answer 26

Handle security tasks automatically

Question 27

SOAR - Response

Answer 27

Make changes immediately