Operational Threat Vectors Flashcards

1
Q

EOS

A

End of support- no patches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data exploration

A

Unauthorized removal of digital data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Attack surface

A

This is a sum of all threat vectors (malicious mails, phishing, weak/stolen passwords, web apps, out of date apps, old devices)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shadow it

A

Use of premise or cloud based resources that bypass the it department. Impact: voliation of security policies (authentication, encryption, backup). Cause: lot of Saas, laziness of go thru the policies. Response: education, audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Open service ports

A

Threat vector, open service ports are those in listening mode - it means that are connected with the system/application/utility. Impact of this vector is exposure, ddos, unauthorized access.
It is caused by poor configuration management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Weak permission

A

Threat vector, allow unnecessary access (device, OS, cloud). Impact -unauthorized access,violations.
Caused by lack of understanding, poor classification,
Response - policies of permissions of data/apps, management education, standardization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Threat vector

A

Attack vector. Potential pathway or scenario that can be exploited.common threat vectors include malicious emails in phishing attack, weak or stollen passwords, drive by downloaded attacks, web apps, out of date apps or devices, and trusted relationship.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Default credentials

A

Threat vector. Password Initially setup by vendor, easy to broke. Impact for this can be unauthorized access and compromise. Can be starting point to pivot access to other devices. Default passwords can be found in the internet for specific product.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Unsupported system/software

A

Threat vector. There is no option to find updates. It is a part of end of life for system/software. It can be caused by lack of centralized control, local workstations, no refers policy, poor budget. End of life is product obsolete no development support.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly