security plus

Question 1

Threat actor

Answer 1

A person or entity responsible for an event that has been identified as a security incident or as a risk.

Question 2

Internal/external

Answer 2

The degree of access that a threat actor possesses before initiating an attack. An external threat actor has no standing privileges, while an internal actor has been granted some access permissions.

Question 3

Level of sophistication/capability

Answer 3

A formal classification of the resources and expertise available to a threat actor.

Question 4

Resources/funding

Answer 4

The ability of threat actors to draw upon funding to acquire personnel, tools, and development of novel attack types.

Question 5

Service disruption

Answer 5

A type of attack that compromises the availability of an asset or business process.

Question 6

Data exfiltration

Answer 6

The process by which an attacker copies data from a private network to an external network.

Question 7

Disinformation

Answer 7

A type of attack that falsifies an information resource that is normally trusted by others.

Question 8

Blackmail

Answer 8

Demanding payment to prevent the release of information.

Question 9

Extortion

Answer 9

Demanding payment to prevent or halt some type of attack.

Question 10

Fraud

Answer 10

Falsifying records, such as an internal fraud that involves tampering with accounts.

Question 11

Hacker

Answer 11

Often used to refer to someone who breaks into computer systems or spreads viruses. Ethical hackers prefer to think of themselves as experts on and explorers of computer security systems.

Question 12

Unauthorized hacker

Answer 12

A hacker operating with malicious intent.

Question 13

Authorized hacker

Answer 13

A hacker engaged in authorized penetration testing or other security consultancy.

Question 14

Unskilled attacker

Answer 14

An inexperienced attacker that typically uses tools or scripts created by others.

Question 15

Hacktivist

Answer 15

A threat actor that is motivated by a social issue or political cause.

Question 16

Advanced persistent threat (APT)

Answer 16

An attacker’s ability to obtain, maintain, and diversify access to network systems using exploits and malware.

Question 17

Nation-state actors

Answer 17

A type of threat actor that is supported by the resources of its host country’s military and security services.

Question 18

Organized crime

Answer 18

A type of threat actor that uses hacking and computer fraud for commercial gain.

Question 19

Internal threat

Answer 19

A type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Question 20

Unintentional or inadvertent insider threat

Answer 20

A threat actor that causes a vulnerability or exposes an attack vector without malicious intent.

Question 21

Shadow IT

Answer 21

Computer hardware, software, or services used on a private network without authorization from the system owner.

Question 22

Vulnerable software

Answer 22

Weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

Question 23

Unsupported systems

Answer 23

Product life cycle phase where mainstream vendor support is no longer available.

Question 24

Unsecure network

Answer 24

Configuration that exposes a large attack surface, such as through unnecessary open service ports, weak or no authentication, use of default credentials, or lack of secure communications/encryption.

Question 25

Lure

Answer 25

An attack type that will entice a victim into using or opening a removable device, document, image, or program that conceals malware.