Threats & Vulnerabilities
What is ransomware?
This type of malware locks data and demands payment.
What is Wireshark?
This tool captures and analyzes network traffic.
What is normal behavior baseline?
This is a baseline used to identify anomalous behavior.
What is preparation?
The first step in the incident response process.
What is HIPAA?
This federal regulation protects health information in the U.S.
What is CVE (Common Vulnerabilities and Exposures)?
A database of known software weaknesses maintained by MITRE.
What is ping?
A command-line tool to test host availability.
What is Intrusion Detection System?
An Intrusion Detection System (IDS) is a cybersecurity tool or technology that monitors network traffic or system activities for malicious actions or policy violations.
What is containment?
This step involves limiting the scope of an incident.
What is the European Union (EU)?
GDPR protects the privacy of individuals in this region.
What is a zero-day exploit?
Exploiting a system before a patch is released is called this.
What is Nmap?
This tool can identify open ports and services on a host.
What is the principle of least privilege?
The security model that gives users the least access necessary.
What is eradication or investigation?
Forensic imaging is typically done during this phase.
What is a retention policy?
A policy that defines how long logs should be kept.
What is social engineering?
An attack that targets the user through deception and manipulation.
What is a SIEM (e.g., Splunk)?
Used to aggregate and analyze log data from various sources.
What is a DDoS (Distributed Denial of Service)?
This attack floods a network or service to deny access.
What is post-incident activity?
Reports and lessons learned happen in this final phase.
What is compliance auditing?
Ensuring systems comply with security requirements is called this.
What is a penetration test?
A tool used to simulate an attack to identify vulnerabilities.
What is Nessus or OpenVAS?
This tool automates vulnerability scans.
What is a firewall?
A security appliance that blocks threats based on predefined rules.
What is an incident response plan (IRP)?
This document defines the roles, responsibilities, and processes during an incident.
What is the NIST Cybersecurity Framework?
A cybersecurity framework developed by NIST.