Vocab Words

Question 1

a senior position within an orgs security team with direct responsibility for protecting sensitive information and preventing unauthorized access to electronic data and the systems that protect it

Answer 1

Cybersecurity Analyst

Question 2

a location where security professionals monitor and protect critical information assets in an organization.

Answer 2

Security Operations Center (SOC)

Question 3

mitigates vulnerabilities and risk to ensure the confidentiality, integrity, availability, nonrepudiation, and authentication of data

Answer 3

Security Control

Question 4

category of security controls that is implemented as a system

Answer 4

Technical Controls

Question 5

category of security controls that are implemented primarily by people

Answer 5

Operational Controls

Question 6

category of security controls that provide oversight of the system

Answer 6

Managerial Controls

Question 7

control that eliminates or reduces likelihood that an attack succeeds

Answer 7

Preventative Controls

Question 8

a control that may not prevent or deter access, but will identify and record any attempted or successful intrusion

Answer 8

Detective Control

Question 9

control that eliminates or reduces the impact of an intrusion event

Answer 9

Corrective Control

Question 10

process where data is generated and is collected, processed, analyzed, and disseminated to provide insights of the security status of the system

Answer 10

Security Intelligence

Question 11

investigation, collection, analysis, and dissemination of information about emerging threats and threat sources to provide data about the threat landscape

Answer 11

Cyber Threat Intelligence

Question 12

method of obtaining information about a person or organization through public records, websites, and social media

Answer 12

Open-Source Intelligence (OSINT)

Question 13

not for profit group set up to share sector-specific threat intelligence and security best practices amongst its members

Answer 13

Information Sharing and Analysis Centers (ISACS)

Question 14

threat that can be identified using basic signature or pattern matching

*malware or documented exploits

Answer 14

Known Threat

Question 15

threats that cannot be identified using basic signature or pattern matching

Answer 15

Unknown Threat

Question 16

any unknown exploit in the wild that exposes a vulnerability and can create problems before anyone realizes something is wrong

Answer 16

Zero-Day Exploit

Question 17

malicious code that the malware author has attempted to hid through various techniques

Answer 17

Obfuscated Malware Code

Question 18

malware detection method that evaluates an object based on its intended actions before it can actually execute that behavior

Answer 18

Behavior Based Detection

Question 19

process of combining and modifying parts of an existing exploit code to create new threats that are not as easily identified by automated scanning

Answer 19

Recycled Threats

Question 20

malware that contains obfuscation techniques to circumvent signature matching and detection

Answer 20

Known Unknowns

Question 21

a classification of malware that contains completely new attack vectors and exploits

Answer 21

Unknown Unknowns

Question 22

those who wish to harm networks or steal secure data

Answer 22

Threat Actor

Question 23

uses other people’s tools to conduct their attacks as they don’t have the skills to make their own tools

Answer 23

Script Kiddie

Question 24

those who have authorized access to an orgs network, policies, and procedures and business practices

*can be intentional or unintentional

Answer 24

Threat Actor

Question 25

politically motivated hacker who targets gov't, orgs, and individuals to advance their political ideologies

Answer 25

Hacktivist

Question 26

group of attackers with exceptional capability, funding, and organizational with an intent to hack a network or system

Answer 26

Nation State

Question 27

an attacker that establishes a long-term presence on a network in order to gather sensitive information

Answer 27

Advanced Persistent Threat (APT)

Question 28

malicious software applications that are widely available for sale or easily obtainable and useable

Answer 28

Commodity Malware

Question 29

vulnerability that is discovered or exploited before the vendor can issue a patch to fix it

Answer 29

Zero-Day vulnerability

Question 30

infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets

Answer 30

Command and Control (C2)

Question 31

blacklists of known threat sources, such as malware signatures, IP address ranges, and DNS domains

Answer 31

Reputation Data

Question 32

a residual sign that an asset or network has been successfully attacked or is under attack

Answer 32

Indicator of Compromise (IoC)

Question 33

the correlation of IoC's into attack patterns

Answer 33

Behavioral Threat Research

Question 34

an APT's C2 application uses any port to communicate and jumps between different ports

Answer 34

Port Hopping

Question 35

rapidly changes the IP address associated with a domain

Answer 35

Fast Flex DNS

Question 36

unauthorized transfer of data from a computer or other device

Answer 36

Data Exfiltration

Question 37

the stages by which a threat actor progresses a network intrusion *7-step process

Answer 37

Lockheed Martin Kill Chain

Question 38

a knowledge base that lists and explains specific adversary tactics, techniques, and common knowledge or procedures

Answer 38

MITRE ATT&CK Framework

Question 39

a framework for analyzing cybersecurity incidents and intrusions by exploring relationships between four core features: 1. adversary 2. capability 3. infrastructure 4. victim

Answer 39

Diamond Model of Intrusion Analysis

Question 40

a standard terminology for IoC's and ways of indicating relationships between them that is included as part of the OASIS Cyber Threat Intelligence (CTI) framework.

Answer 40

STIX

Question 41

a protocol for supplying codified information to automatic incident detection and analysis

Answer 41

TAXII

Question 42

framework by Mandiant that uses XML-formatted files for supplying codified information to automate incident detection and analysis

Answer 42

Open IoC

Question 43

a server platform for cyber threat intelligence sharing a proprietary format, supports Open IoC definitions, and can import/export STIX over TAXII *Open source

Answer 43

MISP

Question 44

identifies and assesses the possible threat actors and attack vectors that pose a risk to the security of an app, network, or other systems

Answer 44

Threat Modeling

Question 45

classification of the resources and expertise available to a particular threat actor

Answer 45

Adversary Capability

Question 46

the part at which a network or application receives external connections or inputs/outputs that are potential vectors to be exploited by a threat actor

Answer 46

Attack Surface

Question 47

a specific path by which a threat actor gains unauthorized access to a system

Answer 47

Attack Vector

Question 48

is a cybersecurity technique designed to detect presence of threats that have not been discovered by normal security monitoring

Answer 48

Threat Hunting

Question 49

open-source intelligence technique that uses google search operators to locate vulnerable web servers and applications

Answer 49

Google Hacking

Question 50

added to the results page to alter the results, such as: $pws=0, $filler=0, &tbs=1

Answer 50

URL Modifier

Question 51

a search engine optimized for identifying vulnerable internet attached devices *thermostat, IoT SCADA devices

Answer 51

Shodan.io

Question 52

an OSINT technique used to gather email addresses from domain

Answer 52

Email Harvesting

Question 53

a public listing of all registered domains and their registered administrators

Answer 53

Whois

Question 54

replicating DNS databases across a set of DNS servers that is often used during the reconnaissance phase of an attack

Answer 54

DNS Zone Transfer

Question 55

uses OSINT to gather information about a domain

Answer 55

DNS Harvesting

Question 56

a technique use to copy the source code of website files to analyze for information and vulnerabilities

Answer 56

Website Harvesting

Question 57

community driven database that keeps track of IP addresses reported for abusive behavior (hacking, phishing, spamming)

Answer 57

Abuse IPDB

Question 58

portion of the internet not indexed by search engines, which includes private databases, subscription-based websites and other content that is not publicly accessible

Answer 58

Deep Web

Question 59

a part of the deep web that's used for illegal activities

Answer 59

Dark Web

Question 60

a way for companies to crowdsource security testing of their software services and applications to identify and address potential security issues

Answer 60

Bug Bounty

Question 61

allows for the copying of ingress and/or egress communications form one or more switch ports to another

Answer 61

Switched Port Analyzer (SPAN)

Question 62

hardware or software that records data from frames and passes it to the network media using a mirrored port or TAP device

Answer 62

Packet Sniffer

Question 63

data network packet analyzer that runs under a CLI and displays TCP/IP that is transmitted or received on a network

Answer 63

tcpdump

Question 64

an open-source GUI based packet analyzer used for network troubleshooting analysis, software, and communications protocol development and education

Answer 64

Wireshark

Question 65

captures the entire packet, including the header and payload for all traffic

Answer 65

Full Packet Capture (FPC)

Question 66

means of recording network traffic's meta data and statistics

Answer 66

Flow Collector

Question 67

Cisco developed means of reporting network flow information to a structured database.

Answer 67

Net flow

Question 68

hybrid tool that passively monitors a network like a sniffer and only logs data of potential intrests

Answer 68

Zeek (Bro)

Question 69

method used by malware to evade block lists by dynamically generating domain names for C2 networks

Answer 69

Domain Generation Algorithm (DGA)

Question 70

allows one trusted DNS server to communicate with other trusted DNS servers to search for an IP address and return it to the client *way to mitigate DGA's

Answer 70

Secure Recursive DNS Resolver

Question 71

creates graphs showing traffic flows through the network interfaces of routers and switches by polling the appliances using SNMP

Answer 71

Multi Router Traffic Grapher (MRTG)

Question 72

method used by malware to hide the presence of C2 networks by continuously changing the host IP addresses in domain records using domain generation algorithms

Answer 72

Secure Recursive DNS Resolver

Question 73

activity that is performed to identify whether a link is already flagged on an existing reputation list and if not, to identify what malicious scripts or activity might be coded within it

Answer 73

URL Analaysis

Question 74

set of requests methods to indicate the desired action to be performed for a given resource

Answer 74

HTTP Methods

Question 75

the header value returned by a server when a client requests a URL

Answer 75

HTTP Response Codes

Question 76

mechanism to encode 8-bit characters that have specific meaning in the context of URLs

Answer 76

Percent Encoding

Question 77

list of permitted and denied network connections based on IP addresses, ports, or applications in use

Answer 77

Access Control List (ACL)

Question 78

linux based firewall that uses syslog file format for its logs

Answer 78

Iptables

Question 79

windows-based firewall that uses W3C extended log file format

Answer 79

Windows Firewall

Question 80

occurs when a firewall is under-resourced and cannot log data fast enough therefore some data is missed

Answer 80

Blinding Attack

Question 81

physical or logical sub network that contains and exposes an organizations external facing services to an untrusted network like the internet

Answer 81

Screened Subnet

Question 82

reconnaissance technique to enumerate firewall configuration and attempt to probe hosts behind it

Answer 82

Firewalking

Question 83

applies ACL rules to outgoing traffic to prevent malware form communicating to C2 servers

Answer 83

Egress Filtering

Question 84

means of mitigating DoS or intrusion attacks by silently dropping traffic

Answer 84

Black Hole

Question 85

unused physical network ports or unused IP address space within a local network often used by attackers

Answer 85

Dark Nets

Question 86

DoS attack mitigation strategy that directs the traffic that is flooding a target IP address to a different network for analysis

Answer 86

Sinkhole

Question 87

a server that mediates the communication between a client and another server. Can filter or modify communications, and provides caching services to improve performance

Answer 87

Forward Proxy

Question 88

a server that redirects requests and responses for clients configured with the proxy address and port

Answer 88

Non-transparent Proxy

Question 89

a server that redirects requests and responses without the client being explicitly configured to use it

Answer 89

Transparent Proxy

Question 90

a type of proxy server that protects severs from direct contact with client requests

Answer 90

Reverse Proxy

Question 91

a firewall that protects software running on web services and their backend databases form code injection and DoS attacks

Answer 91

Web Application Firewall (WAF)

Question 92

a software and/or hardware system that scans, audits, and monitors, the security infrastructure for signs of attacks in progress

Answer 92

Intrusion Detection System (IDS)

Question 93

a software and/or hardware system that scans, audits, and monitors the security infrastructure for signs of attacks in progress and can actively block an attack

Answer 93

Intrusion Prevention System (IPS)

Question 94

blocking of unauthorized application service ports on hosts and firewalls, or the physical/ remote access ports used to allow a host to communicate on the local network

Answer 94

Port Security

Question 95

applying an access control lists to a switch or access print so that only clients with approved MAC addresses can connect to it

Answer 95

MAC Filtering

Question 96

collective protocols, policies, and hardware that authenticates and authorizes access to a network at the device level

Answer 96

Network Access Control (NAC)

Question 97

a standard for encapsulating EAP (Extensible Authorization Protocol) communications over a LAN or wireless LAN and provides port-based authentication

Answer 97

802.1x

Question 98

a type of IDS and IPS that monitors a computer system for unexpected behavior or changes to the system on an endpoint

Answer 98

Host Based IDS/IPS (HIDS/ HIPS)

Question 99

a software agent and monitoring system that performs multiple security tasks such as anti-virus, HIDS/HIPS, firewall, DLP, and file encryption

Answer 99

Endpoint Protection Platform (EPP)

Question 100

software that collects system data and logs for analysis by a monitoring system to provide early detection of threats

Answer 100

Endpoint Detection and Response (EDR)

Question 101

a system that can provide automated identification of suspicious activity by user accounts and computer hosts

Answer 101

User and Entity Behavior Analytics (UEBA)

Question 102

a computing environment isolated from a host system to guarantee that the environment runs in a controlled secure fashion and that communication between the hosts and sandbox are usually prohibited

Answer 102

Sandboxing

Question 103

the process of analyzing the structure of hardware or software to reveal more about how it functions

Answer 103

Reverse Engineering

Question 104

a computer program that translates machine language into assembly language

Answer 104

Disassembler

Question 105

first two bytes of a binary header that indicates its file type

Answer 105

File Signature (Magic Numbers)

Question 106

Method of compression in which an executable is mostly compressed and the port that isn't contains the code to decompress the executable

Answer 106

Program Packer

Question 107

malware designed to install or run other types of malware embedded in a payload on an infected host

Answer 107

Dropper

Question 108

piece of code that connects to the Internet to reference additional tools after the initial infection by a dropper

Answer 108

Downloader

Question 109

any lightweight code designed to run an exploit on the target

Answer 109

Shellcode

Question 110

exploit technique that runs malicious code with the identification number of a legitimate process

Answer 110

Code Injection

Question 111

a suite of tools designed to assist with troubleshooting issues with Windows, many of the tools are suited to investigating security issues

Answer 111

Sysinternal