Topic 2A: Threat Actor types and vectors

Question 1

Vulnerability

Answer 1

A weakness

Question 2

Threat

Answer 2

The possibility, intentionally or not, a vulnerability could be exploited

Question 3

Risk

Answer 3

The likelihood and impact of a threat actor exploiting a vulnerability

Question 4

External threat actor

Answer 4

Has no credentials within the system

Question 5

Intent

Answer 5

What the actor wants resulting from the attack

Question 6

Motivation

Answer 6

Actor’s reasoning for attempting an attack

Question 7

Sophistication

Answer 7

The complexity with which an attack is perpetrated

Question 8

What three types of actor have high levels of funding?

Answer 8

APT, State, Criminal Syndicate

Question 9

Attack surface

Answer 9

The points at which a vulnerability could be exploited

Question 10

Attack vector

Answer 10

A path to gain access to a secure system

Question 11

Types of attack vectors

Answer 11

Direct access, removable media, email, remote & wireless, supply chain, web & social, cloud

Question 12

Direct access

Answer 12

Physically using an endpoint or device

Question 13

Removable media

Answer 13

Using a USB drive to execute a program or extract information

Question 14

Email

Answer 14

i.e. phishing

Question 15

Remote & wireless

Answer 15

Attacker finds a network access point or spoofs an existing one

Question 16

Supply chain

Answer 16

Targeting a weak link or vendor (Target and their HVAC provider)

Question 17

Web & Social

Answer 17

Compromising a website to conceal files or a malicious location

Question 18

Cloud

Answer 18

Finds compromises within an org’s cloud services