Lesson 2 - Threat Actors & Threat Intelligence Flashcards
What is the difference between a vulnerability and a risk?
A vulnerability is a weakness that could be triggered accidentally or exploited intentionally to cause a security breach.
A risk is the likelihood and impact of a threat actor exploiting a vulnerability.
What is Open Source Intelligence (OSINT)?
Using web search tools and social media to obtain information about the target.
A security engineer is investigating a potential system breach. When compiling a report of the incident, how does the engineer classify the actor and the vector?
Threat
An unknowing user with authorized access to systems in a software development firm installs a seemingly harmless, yet unauthorized program on a workstation without the IT department’s sanction. Identify the type of threat that is a result of this user’s action.
Unintentional insider threat
What does the acronym IoC stand for and what does it mean?
Indicator of Compromise. A residual sign that an asset or network has been successfully attacked.
What is a hactivist?
An individual who attempts to obtain and release confidential information to the public domain, perform denial of service (DoS) attacks, or deface websites.
What are the different hats that are used to find vulnerabilities and the authorization for each?
Black Hat - Unauthorized
White Hat - Authorized
Gray Hat - Semi-authorized; find vulnerabilities without seeking approval of the owner and will not try to exploit the vulnerabilities found.
What is the purpose of TAXII?
Trusted Automated eXchange of Indicator Information. The protocol provides a means for transmitting CTI data between servers and clients.
What is the potential for someone or something to exploit a vulnerability and breach security?
Threat
All points at which a malicious threat actor could try to exploit a vulnerability.
Attack Surface