Vocabulary

Question 1

Threat

Answer 1

A potential danger to an asset
A threat can be latent or realized

Question 2

Vulnerability

Answer 2

A weakness in the system design, implementation, software, code, or the lack of a mechanism

Question 3

Exploit

Answer 3

A process that takes advantage of a vulnerability that leads to access, privilege escalation, loss of integrity, or FoS on a system

Question 4

Threat intelligence

Answer 4

The knowledge about an existing or emerging threat to assets that can be exchanged between different parties

Question 5

Wrapper

Answer 5

A program used to combine two or more executable into a single packaged program

Question 6

Packers

Answer 6

A program that compresses files to obfuscate the activity of malware

Question 7

Droppers

Answer 7

A software designed to install a malware payload on the victim’s system

Question 8

Crypters

Answer 8

Functions to encrypt or obscure the code

Question 9

Ransomware

Answer 9

A piece of malware designed to encrypt personal files on the victim’s system until a ransom is paid to the attacker

Question 10

IaaS

Answer 10

Describes a cloud solution in which you rent infrastructure, pay for what you use

Question 11

PaaS

Answer 11

Provides everything except applications
Tend to be proprietary

Question 12

Saas

Answer 12

Designed to provide a complete packaged solution and rented out to the user

Question 13

NIST Cybersecurity Framework

Answer 13

A blueprint to address and manage cybersecurity risk in a cost-effective way to protect critical infrastructure

Question 14

STIX

Answer 14

Structured Threat Information eXpression

Question 15

TAXII

Answer 15

Trusted Automated eXchange of Indicator Information
Transport mechanism