Threats in cybersecurity

Question 1

Angler phishing:

Answer 1

A technique where attackers impersonate customer service representatives on social media

Question 2

Advanced persistent threat (APT):

Answer 2

Instances when a threat actor maintains unauthorized access to a system for an extended period of time

Question 2

Adware:

Answer 2

A type of legitimate software that is sometimes used to display digital advertisements in applications

Question 2

Attack tree:

Answer 2

A diagram that maps threats to assets

Question 3

Baiting:

Answer 3

A social engineering tactic that tempts people into compromising their security

Question 4

Botnet:

Answer 4

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder”

Question 5

Cross-site scripting (XSS):

Answer 5

An injection attack that inserts code into a vulnerable website or web application

Question 6

Cryptojacking:

Answer 6

A form of malware that installs software to illegally mine cryptocurrencies

Question 7

DOM-based XSS attack:

Answer 7

An instance when malicious script exists in the webpage a browser loads

Question 8

Dropper:

Answer 8

A type of malware that comes packed with malicious code which is delivered and installed onto a target system

Question 9

Injection attack:

Answer 9

Malicious code inserted into a vulnerable application

Question 9

Fileless malware:

Answer 9

Malware that does not need to be installed by the user because it uses legitimate programs that are already installed to infect a computer

Question 10

Hacker:

Answer 10

Any person or group who uses computers to gain unauthorized access to data

Question 10

Identity and access management (IAM):

Answer 10

A collection of processes and technologies that helps organizations manage digital identities in their environment

Question 11

Input validation:

Answer 11

Programming that validates inputs from users and other programs

Question 12

Intrusion detection system (IDS):

Answer 12

An application that monitors system activity and alerts on possible intrusions

Question 12

Malware:

Answer 12

Software designed to harm devices or networks

Question 13

Loader:

Answer 13

A type of malware that downloads strains of malicious code from an external source and installs them onto a target system

Question 13

Process of Attack Simulation and Threat Analysis (PASTA):

Answer 13

A popular threat modeling framework that’s used across many industries

Question 14

Phishing kit:

Answer 14

A collection of software tools needed to launch a phishing campaign

Question 14

Phishing:

Answer 14

he use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 15

Prepared statement:

Answer 15

A coding technique that executes SQL statements before passing them onto the database

Question 16

Potentially unwanted application (PUA):

Answer 16

A type of unwanted software that is bundled in with legitimate programs which might display ads, cause device slowdown, or install other software

Question 17

Quid pro quo:

Answer 17

A type of baiting used to trick someone into believing that they’ll be rewarded in return for sharing access, information, or money

Question 18

Ransomware:

Answer 18

Type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access

Question 19

Reflected XSS attack:

Answer 19

An instance when malicious script is sent to a server and activated during the server’s response

Question 20

Rootkit:

Answer 20

Malware that provides remote, administrative access to a computer

Question 21

Scareware:

Answer 21

Malware that employs tactics to frighten users into infecting their device

Question 21

Smishing:

Answer 21

The use of text messages to trick users to obtain sensitive information or to impersonate a known source

Question 22

Social engineering

Answer 22

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 23

Spear phishing:

Answer 23

A malicious email attack targeting a specific user or group of users, appearing to originate from a trusted source

Question 24

Spyware:

Answer 24

Malware that’s used to gather and sell information without consent

Question 25

SQL (Structured Query Language):

Answer 25

A programming language used to create, interact with, and request information from a database

Question 26

SQL injection:

Answer 26

An attack that executes unexpected queries on a database

Question 27

Stored XSS attack:

Answer 27

An instance when malicious script is injected directly on the server

Question 28

Threat:

Answer 28

Any circumstance or event that can negatively impact assets

Question 28

Tailgating:

Answer 28

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area

Question 29

Threat actor:

Answer 29

Any person or group who presents a security risk

Question 30

Threat modeling:

Answer 30

The process of identifying assets, their vulnerabilities, and how each is exposed to threats

Question 31

Trojan horse:

Answer 31

Malware that looks like a legitimate file or program

Question 32

Vishing:

Answer 32

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 33

Watering hole attack:

Answer 33

A type of attack when a threat actor compromises a website frequently visited by a specific group of users

Question 34

Whaling:

Answer 34

A category of spear phishing attempts that are aimed at high-ranking executives in an organization

Question 35

Web-based exploits:

Answer 35

Malicious code or behavior that’s used to take advantage of coding flaws in a web application