Security Tools
Risk Management
Incident Response
Network Security
Stuff and More Stuff
100

This log analysis tool is often used to monitor security incidents.

What is SIEM

100

The chance that a threat will exploit a vulnerability.

What is risk

100

The first step in an incident response process.

What is preparation

100

A system that detects malicious network activity.

What is an IDS.

100

An attack that floods a system with traffic to make it unavailable.

What is DDoS attack

200

This command-line tool is used to scan open ports on a target system. 

What is NMAP

200

Risk can be mitigated, transferred, accepted, or __?

What is avoided

200

This phase involves identifying whether an incident has occurred.

What is detection and analysis

200

This system blocks and permits traffic based on security rules. 

What is firewall

200

These tools are commonly used for automated vulnerability scanning.

What are Nessus or OpenVAS

300

This tool captures and analyzes network packets in real time

What is Wireshark

300

A document that formally evaluates an organization's security risk.

What is a risk assessment

300

This document outlines the roles and procedures for handling incidents.

What is an incident response plan.

300

A network that mimics real systems to trap attackers.

What is a honeypot

300

Which CVSS metric evaluates whether user interaction is required to exploit a vulnerability?

What is User Interaction
400

This testing method assesses systems for known vulnerabilities.

What is vulnerability scanning.

400

The term for the potential effect of a security incident.

What is impact

400

This act of collecting data to understand how an attack occurred.

What is forensic analysis

400

This separates parts of a network to limit threat movement.

What is segmentation or VLAN

400

What does the Nmap switch -sS perform?

What is a SYN scan (also called a stealth scan), which sends SYN packets to determine port states without completing the TCP handshake.

500

This software isolates suspicious programs for deeper analysis.

What is Sandbox

500

This analysis compares potential costs of risk vs mitigation

What is cost-benefit analysis

500

The final phase where the organization returns to normal and documents lessons

What is recovery and lessons learned

500

The term for encrypting traffic over a public network.

What is VPN or tunneling

500

This defines how the vulnerability is exploited using the CVSS scoring system.

What is the Attack Vector (AV)

M
e
n
u