Lesson 2

Question 1

Vunernability, threat, risk

Answer 1

Vulnerability + Threat = Risk (Impact*liklihood)

Vulnerability = Asset Value, Ease of Exploit

Threat - Internal/External -malicious/acciddntal Threat Vector

Question 2

Hats

Answer 2

Black, white, gray

Question 3

APT

Answer 3

Advanced Persistent Threat refers to the ongoing ability of an adversary to compromise network
security—to obtain and maintain access—using a variety of tools and techniques.

Question 4

False flag

Answer 4

disqusing the source and blaming someone else

Question 5

Attack surface

Answer 5

Points where an attacker can discover/exploit vulnerabilities in a
network or application

Question 6

Vectors

Answer 6

- Direct access
• Removable media
• Email
• Remote and wireless
• Supply chain
• Web and social media
• Cloud

Question 7

ISO 27001

Answer 7

Information Security Management Systems -

Infosec rules and requirements used by many governing bodies to create compliance regulations.

Question 8

ISO 27002

Answer 8

Information Security Best Practices-

Outlines security controls and suggest how to select the right one to fit a organizations needs

Question 9

ISO 27701

Answer 9

Privacy Information Management

privacy

Question 10

ISO 3100

Answer 10

Risk Management Best Practices

Question 11

TTPs

Answer 11

Tactics, techniques and procecedures (TTPs)

• Generalized statement of adversary behavior
• Campaign strategy and approach (tactics)
• Generalized attack vectors (techniques)
• Specific intrusion tools and methods (procedures)

Question 12

CTI

Answer 12

cyber threat intelligence (CTI) - Reputation/threat data feeds

Question 13

OSINT

Answer 13

Open source intelligence (OSINT)—some companies operate threat intelligence
services on an open-source basis, earning income from consultancy rather than
directly from the platform or research effort.

Question 14

IoC

Answer 14

Indicators of Compromise

• Specific evidence of intrusion
• Individual data points
• Correlation of system and threat data
• AI-backed analysis
• Indicator of attack (IoA)

Question 15

Threat Data Feeds

Answer 15

• Structured Threat Information 
exchange (STIX)
• Trusted Automated Exchange 
of Indicator Information (TAXII)
• Automated Indicator Sharing 
(AIS)
• Threat maps
• File/code repositories
• Vulnerability databases and 
feeds

Question 16

STIX

Answer 16

Structured Threat Information
expression (STIX)

describes
standard terminology for IoCs and ways of indicating relationships between them.

Question 17

TAXII

Answer 17

Trusted Automated Exchange
of Indicator Information

provides a means for transmitting CTI data
between servers and clients.

Question 18

AIS

Answer 18

Automated Indicator Sharing

a service offered by the Department of
Homeland Security (DHS) for companies to participate in threat intelligence sharing

Question 19

Threat map

Answer 19

animated graphic showing the source, target, and type of attacks
that have been detected by a CTI platform.

Question 20

File/code repository

Answer 20

holds signatures of known malware code.
The code samples derive from live customer systems and (for public repositories) files
that have been uploaded by subscribers.

Question 21

• Predictive analysis

Answer 21

• Threat forecasting

* Monitor “chatter”